Merge "Prevent downgrade of targetSandboxVersion"
diff --git a/api/system-current.txt b/api/system-current.txt
index 60d7f2f..9328420 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -11393,6 +11393,7 @@
field public static final int INSTALL_FAILED_PACKAGE_CHANGED = -23; // 0xffffffe9
field public static final int INSTALL_FAILED_PERMISSION_MODEL_DOWNGRADE = -26; // 0xffffffe6
field public static final int INSTALL_FAILED_REPLACE_COULDNT_DELETE = -10; // 0xfffffff6
+ field public static final int INSTALL_FAILED_SANDBOX_VERSION_DOWNGRADE = -27; // 0xffffffe5
field public static final int INSTALL_FAILED_SHARED_USER_INCOMPATIBLE = -8; // 0xfffffff8
field public static final int INSTALL_FAILED_TEST_ONLY = -15; // 0xfffffff1
field public static final int INSTALL_FAILED_UPDATE_INCOMPATIBLE = -7; // 0xfffffff9
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index bb35928..71db5d3 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -1069,6 +1069,16 @@
public static final int INSTALL_FAILED_PERMISSION_MODEL_DOWNGRADE = -26;
/**
+ * Installation return code: this is passed to the
+ * {@link IPackageInstallObserver} if the new package attempts to downgrade the
+ * target sandbox version of the app.
+ *
+ * @hide
+ */
+ @SystemApi
+ public static final int INSTALL_FAILED_SANDBOX_VERSION_DOWNGRADE = -27;
+
+ /**
* Installation parse return code: this is passed to the
* {@link IPackageInstallObserver} if the parser was given a path that is
* not a file, or does not end with the expected '.apk' extension.
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 96e2626..25f9c30 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -16692,6 +16692,16 @@
+ " target SDK " + oldTargetSdk + " does.");
return;
}
+ // Prevent apps from downgrading their targetSandbox.
+ final int oldTargetSandbox = oldPackage.applicationInfo.targetSandboxVersion;
+ final int newTargetSandbox = pkg.applicationInfo.targetSandboxVersion;
+ if (oldTargetSandbox == 2 && newTargetSandbox != 2) {
+ res.setError(PackageManager.INSTALL_FAILED_SANDBOX_VERSION_DOWNGRADE,
+ "Package " + pkg.packageName + " new target sandbox "
+ + newTargetSandbox + " is incompatible with the previous value of"
+ + oldTargetSandbox + ".");
+ return;
+ }
// Prevent installing of child packages
if (oldPackage.parentPackage != null) {