[pm] prevent installations of apex packages with permission declarations
We should probably also restrict other types of declarations, such as
activities, but to reduce the potential impact, this CL only limits the
permission declarations.
BUG: 301320911
Test: manually by trying to install an apex with or without permission
declarations
Test: expected error is thrown before the session is staged
$ adb install /sdb/main/out/target/product/oriole/system/apex/com.google.android.devicelock.apex
Performing Streamed Install
adb: failed to install /sdb/main/out/target/product/oriole/system/apex/com.google.android.devicelock.apex: Error [-22] [Failed to parse APEX package /data/app-staging/session_2027984736/base.apex : com.android.internal.pm.parsing.PackageParserException: /data/app-staging/session_2027984736/base.apex (at Binary XML file line #17): com.google.android.devicelock is an APEX package and shouldn't declare permissions.]
Test: cts to be added
Change-Id: I6c9860756a46778493a8a12348a162cbd209af3f
diff --git a/core/java/com/android/internal/pm/pkg/parsing/ParsingPackageUtils.java b/core/java/com/android/internal/pm/pkg/parsing/ParsingPackageUtils.java
index e12becd..8c7b360 100644
--- a/core/java/com/android/internal/pm/pkg/parsing/ParsingPackageUtils.java
+++ b/core/java/com/android/internal/pm/pkg/parsing/ParsingPackageUtils.java
@@ -238,6 +238,7 @@
*/
public static final int PARSE_IGNORE_OVERLAY_REQUIRED_SYSTEM_PROPERTY = 1 << 7;
public static final int PARSE_APK_IN_APEX = 1 << 9;
+ public static final int PARSE_APEX = 1 << 10;
public static final int PARSE_CHATTY = 1 << 31;
@@ -339,6 +340,9 @@
if ((flags & PARSE_APK_IN_APEX) != 0) {
liteParseFlags |= PARSE_APK_IN_APEX;
}
+ if ((flags & PARSE_APEX) != 0) {
+ liteParseFlags |= PARSE_APEX;
+ }
final ParseResult<PackageLite> liteResult =
ApkLiteParseUtils.parseClusterPackageLite(input, packageDir, liteParseFlags);
if (liteResult.isError()) {
@@ -530,7 +534,7 @@
afterParseBaseApplication(pkg);
- final ParseResult<ParsingPackage> result = validateBaseApkTags(input, pkg);
+ final ParseResult<ParsingPackage> result = validateBaseApkTags(input, pkg, flags);
if (result.isError()) {
return result;
}
@@ -1012,10 +1016,11 @@
}
}
- return validateBaseApkTags(input, pkg);
+ return validateBaseApkTags(input, pkg, flags);
}
- private ParseResult<ParsingPackage> validateBaseApkTags(ParseInput input, ParsingPackage pkg) {
+ private ParseResult<ParsingPackage> validateBaseApkTags(ParseInput input, ParsingPackage pkg,
+ int flags) {
if (!ParsedAttributionUtils.isCombinationValid(pkg.getAttributions())) {
return input.error(
INSTALL_PARSE_FAILED_BAD_MANIFEST,
@@ -1047,6 +1052,17 @@
adjustPackageToBeUnresizeableAndUnpipable(pkg);
}
+ // An Apex package shouldn't have permission declarations
+ final boolean isApex = (flags & PARSE_APEX) != 0;
+ if (android.permission.flags.Flags.ignoreApexPermissions()
+ && isApex && !pkg.getPermissions().isEmpty()) {
+ return input.error(
+ INSTALL_PARSE_FAILED_MANIFEST_MALFORMED,
+ pkg.getPackageName()
+ + " is an APEX package and shouldn't declare permissions."
+ );
+ }
+
return input.success(pkg);
}
diff --git a/services/core/java/com/android/server/pm/PackageSessionVerifier.java b/services/core/java/com/android/server/pm/PackageSessionVerifier.java
index 1fe49c7..7ef7ce7 100644
--- a/services/core/java/com/android/server/pm/PackageSessionVerifier.java
+++ b/services/core/java/com/android/server/pm/PackageSessionVerifier.java
@@ -16,6 +16,8 @@
package com.android.server.pm;
+import static com.android.internal.pm.pkg.parsing.ParsingPackageUtils.PARSE_APEX;
+
import android.apex.ApexInfo;
import android.apex.ApexInfoList;
import android.apex.ApexSessionInfo;
@@ -399,7 +401,7 @@
final ParsedPackage parsedPackage;
try (PackageParser2 packageParser = mPackageParserSupplier.get()) {
File apexFile = new File(apexInfo.modulePath);
- parsedPackage = packageParser.parsePackage(apexFile, 0, false);
+ parsedPackage = packageParser.parsePackage(apexFile, PARSE_APEX, false);
} catch (PackageParserException e) {
throw new PackageManagerException(
PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE,