Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / d76737a7325bdcd5010f26fd1626628f07070bb9^1..d76737a7325bdcd5010f26fd1626628f07070bb9 / .
commitd76737a7325bdcd5010f26fd1626628f07070bb9[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Wed Nov 26 18:59:13 2014 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>Wed Nov 26 18:59:13 2014 +0000
treeb5996f7429f9940c69d2fdabbdaa8f136ea7a814
parent59565277d9fc1d0f21d55a528b2a6e395f051e5d [diff]
parentb802cd6767c43a85645279a67bb41320058fdb60 [diff]
am b802cd67: Merge "APK still has privileged flag after being moved from "/system/priv-app""

* commit 'b802cd6767c43a85645279a67bb41320058fdb60':
  APK still has privileged flag after being moved from "/system/priv-app"

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 242baa9..2564962 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java

@@ -4225,6 +4225,14 @@
         boolean updatedPkgBetter = false;
         // First check if this is a system package that may involve an update
         if (updatedPkg != null && (parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) {
+            // If new package is not located in "/system/priv-app" (e.g. due to an OTA),
+            // it needs to drop FLAG_PRIVILEGED.
+            if (locationIsPrivileged(scanFile)) {
+                updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
+            } else {
+                updatedPkg.pkgFlags &= ~ApplicationInfo.FLAG_PRIVILEGED;
+            }
+
             if (ps != null && !ps.codePath.equals(scanFile)) {
                 // The path has changed from what was last scanned...  check the
                 // version of the new path against what we have stored to determine
@@ -4244,12 +4252,6 @@
                         updatedPkg.codePathString = scanFile.toString();
                         updatedPkg.resourcePath = scanFile;
                         updatedPkg.resourcePathString = scanFile.toString();
-                        // This is the point at which we know that the system-disk APK
-                        // for this package has moved during a reboot (e.g. due to an OTA),
-                        // so we need to reevaluate it for privilege policy.
-                        if (locationIsPrivileged(scanFile)) {
-                            updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
-                        }
                     }
                     updatedPkg.pkg = pkg;
                     throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, null);
@@ -7105,7 +7107,9 @@
                         // If the original was granted this permission, we take
                         // that grant decision as read and propagate it to the
                         // update.
-                        allowed = true;
+                        if (sysPs.isPrivileged()) {
+                            allowed = true;
+                        }
                     } else {
                         // The system apk may have been updated with an older
                         // version of the one on the data partition, but which