Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 5acd51ea39d760148301f9a638f5fcbedcdebc63
commit5acd51ea39d760148301f9a638f5fcbedcdebc63[log] [tgz]
authorSongchun Fan <schfan@google.com>Fri Apr 05 15:25:24 2024 -0700
committerSong Chun Fan <schfan@google.com>Tue Apr 09 18:20:56 2024 +0000
tree833f977d8b4f18b86ab3790eb537d8438c80036f
parent37ee1886cd3cad64b4fca9ec4045c84db024f78e [diff]
[pm] prevent installations of apex packages with permission declarations

We should probably also restrict other types of declarations, such as
activities, but to reduce the potential impact, this CL only limits the
permission declarations.

BUG: 301320911
Test: manually by trying to install an apex with or without permission
declarations
Test: expected error is thrown before the session is staged

$ adb install /sdb/main/out/target/product/oriole/system/apex/com.google.android.devicelock.apex
Performing Streamed Install
adb: failed to install /sdb/main/out/target/product/oriole/system/apex/com.google.android.devicelock.apex: Error [-22] [Failed to parse APEX package /data/app-staging/session_2027984736/base.apex : com.android.internal.pm.parsing.PackageParserException: /data/app-staging/session_2027984736/base.apex (at Binary XML file line #17): com.google.android.devicelock is an APEX package and shouldn't declare permissions.]

Test: cts to be added

Change-Id: I6c9860756a46778493a8a12348a162cbd209af3f
2 files changed
tree: 833f977d8b4f18b86ab3790eb537d8438c80036f
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. ravenwood/
  30. rs/
  31. samples/
  32. sax/
  33. services/
  34. startop/
  35. telecomm/
  36. telephony/
  37. test-base/
  38. test-junit/
  39. test-legacy/
  40. test-mock/
  41. test-runner/
  42. tests/
  43. tools/
  44. wifi/
  45. .clang-format
  46. .gitignore
  47. .mailmap
  48. AconfigFlags.bp
  49. ADPF_OWNERS
  50. Android.bp
  51. BAL_OWNERS
  52. BATTERY_STATS_OWNERS
  53. BROADCASTS_OWNERS
  54. CleanSpec.mk
  55. framework-jarjar-rules.txt
  56. GAME_MANAGER_OWNERS
  57. INPUT_OWNERS
  58. INTENT_OWNERS
  59. ktfmt_includes.txt
  60. lint-baseline.xml
  61. LSE_APP_COMPAT_OWNERS
  62. MEMORY_OWNERS
  63. METADATA
  64. MODULE_LICENSE_APACHE2
  65. MULTIUSER_OWNERS
  66. NOTICE
  67. OWNERS
  68. OWNERS.md
  69. PACKAGE_MANAGER_OWNERS
  70. pathmap.mk
  71. PERFORMANCE_OWNERS
  72. PREUPLOAD.cfg
  73. ProtoLibraries.bp
  74. Ravenwood.bp
  75. SECURITY_STATE_OWNERS
  76. SQLITE_OWNERS
  77. TEST_MAPPING
  78. TestProtoLibraries.bp
  79. THERMAL_OWNERS
  80. TRACE_OWNERS
  81. WEAR_OWNERS
  82. ZYGOTE_OWNERS