Merge "Prevent non-admin users from deleting system apps." into rvc-dev am: 71fad59e5e am: 476be4be3c
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/19570390
Change-Id: I1ec159aa8dcb340b462a4ad718c0fc8bb67f4377
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index f9c40a3..76c9c00 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -21532,6 +21532,17 @@
return PackageManager.DELETE_FAILED_INTERNAL_ERROR;
}
+ if (isSystemApp(uninstalledPs)
+ && (deleteFlags & PackageManager.DELETE_SYSTEM_APP) == 0) {
+ UserInfo userInfo = mUserManager.getUserInfo(userId);
+ if (userInfo == null || !userInfo.isAdmin()) {
+ Slog.w(TAG, "Not removing package " + packageName
+ + " as only admin user may downgrade system apps");
+ EventLog.writeEvent(0x534e4554, "170646036", -1, packageName);
+ return PackageManager.DELETE_FAILED_USER_RESTRICTED;
+ }
+ }
+
disabledSystemPs = mSettings.getDisabledSystemPkgLPr(packageName);
// Static shared libs can be declared by any package, so let us not
// allow removing a package if it provides a lib others depend on.