Merge "Edge case: overriden system package moved & became privileged in OTA" into klp-dev
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 95dc373..e075862 100755
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -3585,7 +3585,13 @@
+ ps.name + " changing from " + updatedPkg.codePathString
+ " to " + scanFile);
updatedPkg.codePath = scanFile;
- updatedPkg.codePathString = scanFile.toString();
+ updatedPkg.codePathString = scanFile.toString();
+ // This is the point at which we know that the system-disk APK
+ // for this package has moved during a reboot (e.g. due to an OTA),
+ // so we need to reevaluate it for privilege policy.
+ if (locationIsPrivileged(scanFile)) {
+ updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
+ }
}
updatedPkg.pkg = pkg;
mLastScanError = PackageManager.INSTALL_FAILED_DUPLICATE_PACKAGE;
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index 3b4393a..b0cfd7e 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -426,12 +426,12 @@
+ "; replacing with new");
p = null;
} else {
- if ((pkgFlags&ApplicationInfo.FLAG_SYSTEM) != 0) {
- // If what we are scanning is a system package, then
- // make it so, regardless of whether it was previously
- // installed only in the data partition.
- p.pkgFlags |= ApplicationInfo.FLAG_SYSTEM;
- }
+ // If what we are scanning is a system (and possibly privileged) package,
+ // then make it so, regardless of whether it was previously installed only
+ // in the data partition.
+ final int sysPrivFlags = pkgFlags
+ & (ApplicationInfo.FLAG_SYSTEM | ApplicationInfo.FLAG_PRIVILEGED);
+ p.pkgFlags |= sysPrivFlags;
}
}
if (p == null) {