[pm] reject data apps using privileged sharedUserId
Previously data apps could cross privileged boundaries by sharing the same signature as a privileged app and its sharedUserId. This would cause device crash loop because the newly requested privilegd requests are not allowlisted, but the app is regarded as a privilegd app. We should prevent such apps from being installed in the first place. This CL rejects a data app installation if the app shares signature and sharedUserId with a privileged app and also requests to use some privileged permissions. BUG: 154074394 Test: manual with test apps Test: with this CL the test app would fail during installation: $ adb install ~/StudioProjects/DataApplication/app/release/DataApplication.apk Performing Streamed Install adb: failed to install /usr/local/google/home/schfan/StudioProjects/DataApplication/app/release/DataApplication.apk: Failure [INSTALL_FAILED_INVALID_APK: Reconciliation failed...: Reconcile failed: Reconcile failed: Non-system package: com.example.dataapplication shares signature and sharedUserId with a privileged package but requests privileged permissions that are not allowed: [android.permission.SET_TIME]] Test: atest TestablesTests Change-Id: I0f5bc59cff80acb58cc32943915fe9301518a930
Loading
Please register or sign in to comment