Change permissions of apps' home dir to 0700 for SDK > 23

This patchset changes the installd such that apps' home
directory has permissions set to 0700 if build for a
target SDK version. In consequence the commands

create_app_data and move_complete_app

get one more parameter, the target SDK version.
Apps built for a lower SDK version will still have
home directories with permissions set to 0751.

Bug: 7208882
Change-Id: I651da956dd57d882772b23a433421e9130ea4c0b

diff --git a/services/core/java/com/android/server/pm/Installer.java b/services/core/java/com/android/server/pm/Installer.java
index 508bf91..a730de4 100644 (file)
--- a/services/core/java/com/android/server/pm/Installer.java
+++ b/services/core/java/com/android/server/pm/Installer.java
@@ -86,8 +86,9 @@ public final class Installer extends SystemService {
     }
 
     public void createAppData(String uuid, String pkgname, int userid, int flags, int appid,
-            String seinfo) throws InstallerException {
-        mInstaller.execute("create_app_data", uuid, pkgname, userid, flags, appid, seinfo);
+            String seinfo, int targetSdkVersion) throws InstallerException {
+        mInstaller.execute("create_app_data", uuid, pkgname, userid, flags, appid, seinfo,
+            targetSdkVersion);
     }
 
     public void restoreconAppData(String uuid, String pkgname, int userid, int flags, int appid,
@@ -107,9 +108,10 @@ public final class Installer extends SystemService {
     }
 
     public void moveCompleteApp(String from_uuid, String to_uuid, String package_name,
-            String data_app_name, int appid, String seinfo) throws InstallerException {
+            String data_app_name, int appid, String seinfo, int targetSdkVersion)
+            throws InstallerException {
         mInstaller.execute("move_complete_app", from_uuid, to_uuid, package_name,
-                data_app_name, appid, seinfo);
+                data_app_name, appid, seinfo, targetSdkVersion);
     }
 
     public void getAppSize(String uuid, String pkgname, int userid, int flags, String apkPath,

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 6277310..8a243a8 100644 (file)
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -10902,9 +10902,10 @@ public class PackageManagerService extends IPackageManager.Stub {
         final String dataAppName;
         final int appId;
         final String seinfo;
+        final int targetSdkVersion;
 
         public MoveInfo(int moveId, String fromUuid, String toUuid, String packageName,
-                String dataAppName, int appId, String seinfo) {
+                String dataAppName, int appId, String seinfo, int targetSdkVersion) {
             this.moveId = moveId;
             this.fromUuid = fromUuid;
             this.toUuid = toUuid;
@@ -10912,6 +10913,7 @@ public class PackageManagerService extends IPackageManager.Stub {
             this.dataAppName = dataAppName;
             this.appId = appId;
             this.seinfo = seinfo;
+            this.targetSdkVersion = targetSdkVersion;
         }
     }
 
@@ -12034,7 +12036,7 @@ public class PackageManagerService extends IPackageManager.Stub {
             synchronized (mInstaller) {
                 try {
                     mInstaller.moveCompleteApp(move.fromUuid, move.toUuid, move.packageName,
-                            move.dataAppName, move.appId, move.seinfo);
+                            move.dataAppName, move.appId, move.seinfo, move.targetSdkVersion);
                 } catch (InstallerException e) {
                     Slog.w(TAG, "Failed to move app", e);
                     return PackageManager.INSTALL_FAILED_INTERNAL_ERROR;
@@ -16991,7 +16993,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
         synchronized (mInstallLock) {
             try {
                 mInstaller.createAppData(volumeUuid, packageName, userId, flags,
-                        appId, app.seinfo);
+                        appId, app.seinfo, app.targetSdkVersion);
             } catch (InstallerException e) {
                 if (app.isSystemApp()) {
                     logCriticalInfo(Log.ERROR, "Failed to create app data for " + packageName
@@ -16999,7 +17001,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
                     destroyAppDataLI(volumeUuid, packageName, userId, flags);
                     try {
                         mInstaller.createAppData(volumeUuid, packageName, userId, flags,
-                                appId, app.seinfo);
+                                appId, app.seinfo, app.targetSdkVersion);
                         logCriticalInfo(Log.DEBUG, "Recovery succeeded!");
                     } catch (InstallerException e2) {
                         logCriticalInfo(Log.DEBUG, "Recovery failed!");
@@ -17073,6 +17075,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
         final int appId;
         final String seinfo;
         final String label;
+        final int targetSdkVersion;
 
         // reader
         synchronized (mPackages) {
@@ -17122,6 +17125,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
             appId = UserHandle.getAppId(pkg.applicationInfo.uid);
             seinfo = pkg.applicationInfo.seinfo;
             label = String.valueOf(pm.getApplicationLabel(pkg.applicationInfo));
+            targetSdkVersion = pkg.applicationInfo.targetSdkVersion;
         }
 
         // Now that we're guarded by frozen state, kill app during move
@@ -17254,7 +17258,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
 
             final String dataAppName = codeFile.getName();
             move = new MoveInfo(moveId, currentVolumeUuid, volumeUuid, packageName,
-                    dataAppName, appId, seinfo);
+                    dataAppName, appId, seinfo, targetSdkVersion);
         } else {
             move = null;
         }

diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 3dee70d..91c8683 100644 (file)
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -3754,6 +3754,7 @@ final class Settings {
         String[] names;
         int[] appIds;
         String[] seinfos;
+        int[] targetSdkVersions;
         int packagesCount;
         synchronized (mPackages) {
             Collection<PackageSetting> packages = mPackages.values();
@@ -3762,6 +3763,7 @@ final class Settings {
             names = new String[packagesCount];
             appIds = new int[packagesCount];
             seinfos = new String[packagesCount];
+            targetSdkVersions = new int[packagesCount];
             Iterator<PackageSetting> packagesIterator = packages.iterator();
             for (int i = 0; i < packagesCount; i++) {
                 PackageSetting ps = packagesIterator.next();
@@ -3776,6 +3778,7 @@ final class Settings {
                 names[i] = ps.name;
                 appIds[i] = ps.appId;
                 seinfos[i] = ps.pkg.applicationInfo.seinfo;
+                targetSdkVersions[i] = ps.pkg.applicationInfo.targetSdkVersion;
             }
         }
         for (int i = 0; i < packagesCount; i++) {
@@ -3786,7 +3789,7 @@ final class Settings {
             final int flags = Installer.FLAG_CE_STORAGE | Installer.FLAG_DE_STORAGE;
             try {
                 installer.createAppData(volumeUuids[i], names[i], userHandle, flags, appIds[i],
-                        seinfos[i]);
+                        seinfos[i], targetSdkVersions[i]);
             } catch (InstallerException e) {
                 Slog.w(TAG, "Failed to prepare app data", e);
             }