Change permissions of apps' home dir to 0700 for SDK > 23
This patchset changes the installd such that apps' home
directory has permissions set to 0700 if build for a
target SDK version. In consequence the commands
create_app_data and move_complete_app
get one more parameter, the target SDK version.
Apps built for a lower SDK version will still have
home directories with permissions set to 0751.
Bug: 7208882
Change-Id: I651da956dd57d882772b23a433421e9130ea4c0b
diff --git a/services/core/java/com/android/server/pm/Installer.java b/services/core/java/com/android/server/pm/Installer.java
index 508bf91..a730de4 100644
--- a/services/core/java/com/android/server/pm/Installer.java
+++ b/services/core/java/com/android/server/pm/Installer.java
@@ -86,8 +86,9 @@
}
public void createAppData(String uuid, String pkgname, int userid, int flags, int appid,
- String seinfo) throws InstallerException {
- mInstaller.execute("create_app_data", uuid, pkgname, userid, flags, appid, seinfo);
+ String seinfo, int targetSdkVersion) throws InstallerException {
+ mInstaller.execute("create_app_data", uuid, pkgname, userid, flags, appid, seinfo,
+ targetSdkVersion);
}
public void restoreconAppData(String uuid, String pkgname, int userid, int flags, int appid,
@@ -107,9 +108,10 @@
}
public void moveCompleteApp(String from_uuid, String to_uuid, String package_name,
- String data_app_name, int appid, String seinfo) throws InstallerException {
+ String data_app_name, int appid, String seinfo, int targetSdkVersion)
+ throws InstallerException {
mInstaller.execute("move_complete_app", from_uuid, to_uuid, package_name,
- data_app_name, appid, seinfo);
+ data_app_name, appid, seinfo, targetSdkVersion);
}
public void getAppSize(String uuid, String pkgname, int userid, int flags, String apkPath,
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 6277310..8a243a8 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -10902,9 +10902,10 @@
final String dataAppName;
final int appId;
final String seinfo;
+ final int targetSdkVersion;
public MoveInfo(int moveId, String fromUuid, String toUuid, String packageName,
- String dataAppName, int appId, String seinfo) {
+ String dataAppName, int appId, String seinfo, int targetSdkVersion) {
this.moveId = moveId;
this.fromUuid = fromUuid;
this.toUuid = toUuid;
@@ -10912,6 +10913,7 @@
this.dataAppName = dataAppName;
this.appId = appId;
this.seinfo = seinfo;
+ this.targetSdkVersion = targetSdkVersion;
}
}
@@ -12034,7 +12036,7 @@
synchronized (mInstaller) {
try {
mInstaller.moveCompleteApp(move.fromUuid, move.toUuid, move.packageName,
- move.dataAppName, move.appId, move.seinfo);
+ move.dataAppName, move.appId, move.seinfo, move.targetSdkVersion);
} catch (InstallerException e) {
Slog.w(TAG, "Failed to move app", e);
return PackageManager.INSTALL_FAILED_INTERNAL_ERROR;
@@ -16991,7 +16993,7 @@
synchronized (mInstallLock) {
try {
mInstaller.createAppData(volumeUuid, packageName, userId, flags,
- appId, app.seinfo);
+ appId, app.seinfo, app.targetSdkVersion);
} catch (InstallerException e) {
if (app.isSystemApp()) {
logCriticalInfo(Log.ERROR, "Failed to create app data for " + packageName
@@ -16999,7 +17001,7 @@
destroyAppDataLI(volumeUuid, packageName, userId, flags);
try {
mInstaller.createAppData(volumeUuid, packageName, userId, flags,
- appId, app.seinfo);
+ appId, app.seinfo, app.targetSdkVersion);
logCriticalInfo(Log.DEBUG, "Recovery succeeded!");
} catch (InstallerException e2) {
logCriticalInfo(Log.DEBUG, "Recovery failed!");
@@ -17073,6 +17075,7 @@
final int appId;
final String seinfo;
final String label;
+ final int targetSdkVersion;
// reader
synchronized (mPackages) {
@@ -17122,6 +17125,7 @@
appId = UserHandle.getAppId(pkg.applicationInfo.uid);
seinfo = pkg.applicationInfo.seinfo;
label = String.valueOf(pm.getApplicationLabel(pkg.applicationInfo));
+ targetSdkVersion = pkg.applicationInfo.targetSdkVersion;
}
// Now that we're guarded by frozen state, kill app during move
@@ -17254,7 +17258,7 @@
final String dataAppName = codeFile.getName();
move = new MoveInfo(moveId, currentVolumeUuid, volumeUuid, packageName,
- dataAppName, appId, seinfo);
+ dataAppName, appId, seinfo, targetSdkVersion);
} else {
move = null;
}
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 3dee70d..91c8683 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -3754,6 +3754,7 @@
String[] names;
int[] appIds;
String[] seinfos;
+ int[] targetSdkVersions;
int packagesCount;
synchronized (mPackages) {
Collection<PackageSetting> packages = mPackages.values();
@@ -3762,6 +3763,7 @@
names = new String[packagesCount];
appIds = new int[packagesCount];
seinfos = new String[packagesCount];
+ targetSdkVersions = new int[packagesCount];
Iterator<PackageSetting> packagesIterator = packages.iterator();
for (int i = 0; i < packagesCount; i++) {
PackageSetting ps = packagesIterator.next();
@@ -3776,6 +3778,7 @@
names[i] = ps.name;
appIds[i] = ps.appId;
seinfos[i] = ps.pkg.applicationInfo.seinfo;
+ targetSdkVersions[i] = ps.pkg.applicationInfo.targetSdkVersion;
}
}
for (int i = 0; i < packagesCount; i++) {
@@ -3786,7 +3789,7 @@
final int flags = Installer.FLAG_CE_STORAGE | Installer.FLAG_DE_STORAGE;
try {
installer.createAppData(volumeUuids[i], names[i], userHandle, flags, appIds[i],
- seinfos[i]);
+ seinfos[i], targetSdkVersions[i]);
} catch (InstallerException e) {
Slog.w(TAG, "Failed to prepare app data", e);
}