/* * Copyright (C) 2006 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.pm; import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER; import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED; import static com.android.internal.util.ArrayUtils.appendInt; import static com.android.internal.util.ArrayUtils.removeInt; import static libcore.io.OsConstants.S_ISLNK; import static libcore.io.OsConstants.S_IRWXU; import static libcore.io.OsConstants.S_IRGRP; import static libcore.io.OsConstants.S_IXGRP; import static libcore.io.OsConstants.S_IROTH; import static libcore.io.OsConstants.S_IXOTH; import com.android.internal.app.IMediaContainerService; import com.android.internal.app.ResolverActivity; import com.android.internal.content.NativeLibraryHelper; import com.android.internal.content.PackageHelper; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.XmlUtils; import com.android.server.DeviceStorageMonitorService; import com.android.server.EventLogTags; import com.android.server.IntentResolver; import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParserException; import org.xmlpull.v1.XmlSerializer; import android.app.ActivityManager; import android.app.ActivityManagerNative; import android.app.IActivityManager; import android.app.admin.IDevicePolicyManager; import android.app.backup.IBackupManager; import android.content.BroadcastReceiver; import android.content.ComponentName; import android.content.Context; import android.content.IIntentReceiver; import android.content.Intent; import android.content.IntentFilter; import android.content.IntentSender; import android.content.ServiceConnection; import android.content.IntentSender.SendIntentException; import android.content.pm.ActivityInfo; import android.content.pm.ApplicationInfo; import android.content.pm.ContainerEncryptionParams; import android.content.pm.FeatureInfo; import android.content.pm.IPackageDataObserver; import android.content.pm.IPackageDeleteObserver; import android.content.pm.IPackageInstallObserver; import android.content.pm.IPackageManager; import android.content.pm.IPackageMoveObserver; import android.content.pm.IPackageStatsObserver; import android.content.pm.InstrumentationInfo; import android.content.pm.PackageCleanItem; import android.content.pm.PackageInfo; import android.content.pm.PackageInfoLite; import android.content.pm.PackageManager; import android.content.pm.PackageParser; import android.content.pm.PackageUserState; import android.content.pm.PackageParser.ActivityIntentInfo; import android.content.pm.PackageStats; import android.content.pm.ParceledListSlice; import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.content.pm.ProviderInfo; import android.content.pm.ResolveInfo; import android.content.pm.ServiceInfo; import android.content.pm.Signature; import android.content.pm.ManifestDigest; import android.content.pm.VerificationParams; import android.content.pm.VerifierDeviceIdentity; import android.content.pm.VerifierInfo; import android.net.Uri; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.Environment; import android.os.FileObserver; import android.os.FileUtils; import android.os.Handler; import android.os.HandlerThread; import android.os.IBinder; import android.os.Looper; import android.os.Message; import android.os.Parcel; import android.os.ParcelFileDescriptor; import android.os.Process; import android.os.RemoteException; import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.SystemProperties; import android.os.UserHandle; import android.os.Environment.UserEnvironment; import android.provider.Settings.Secure; import android.security.SystemKeyStore; import android.util.DisplayMetrics; import android.util.EventLog; import android.util.Log; import android.util.LogPrinter; import android.util.Slog; import android.util.SparseArray; import android.util.Xml; import android.view.Display; import android.view.WindowManager; import java.io.BufferedOutputStream; import java.io.File; import java.io.FileDescriptor; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.FilenameFilter; import java.io.IOException; import java.io.PrintWriter; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.cert.CertificateException; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.Comparator; import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; import libcore.io.ErrnoException; import libcore.io.IoUtils; import libcore.io.Libcore; import libcore.io.OsConstants; import libcore.io.StructStat; /** * Keep track of all those .apks everywhere. * * This is very central to the platform's security; please run the unit * tests whenever making modifications here: * mmm frameworks/base/tests/AndroidTests adb install -r -f out/target/product/passion/data/app/AndroidTests.apk adb shell am instrument -w -e class com.android.unit_tests.PackageManagerTests com.android.unit_tests/android.test.InstrumentationTestRunner * * {@hide} */ public class PackageManagerService extends IPackageManager.Stub { static final String TAG = "PackageManager"; static final boolean DEBUG_SETTINGS = false; private static final boolean DEBUG_PREFERRED = false; static final boolean DEBUG_UPGRADE = false; private static final boolean DEBUG_INSTALL = false; private static final boolean DEBUG_REMOVE = false; private static final boolean DEBUG_BROADCASTS = false; private static final boolean DEBUG_SHOW_INFO = false; private static final boolean DEBUG_PACKAGE_INFO = false; private static final boolean DEBUG_INTENT_MATCHING = false; private static final boolean DEBUG_PACKAGE_SCANNING = false; private static final boolean DEBUG_APP_DIR_OBSERVER = false; private static final boolean DEBUG_VERIFY = false; private static final int RADIO_UID = Process.PHONE_UID; private static final int LOG_UID = Process.LOG_UID; private static final int NFC_UID = Process.NFC_UID; private static final int BLUETOOTH_UID = Process.BLUETOOTH_UID; private static final boolean GET_CERTIFICATES = true; private static final int REMOVE_EVENTS = FileObserver.CLOSE_WRITE | FileObserver.DELETE | FileObserver.MOVED_FROM; private static final int ADD_EVENTS = FileObserver.CLOSE_WRITE /*| FileObserver.CREATE*/ | FileObserver.MOVED_TO; private static final int OBSERVER_EVENTS = REMOVE_EVENTS | ADD_EVENTS; // Suffix used during package installation when copying/moving // package apks to install directory. private static final String INSTALL_PACKAGE_SUFFIX = "-"; static final int SCAN_MONITOR = 1<<0; static final int SCAN_NO_DEX = 1<<1; static final int SCAN_FORCE_DEX = 1<<2; static final int SCAN_UPDATE_SIGNATURE = 1<<3; static final int SCAN_NEW_INSTALL = 1<<4; static final int SCAN_NO_PATHS = 1<<5; static final int SCAN_UPDATE_TIME = 1<<6; static final int SCAN_DEFER_DEX = 1<<7; static final int SCAN_BOOTING = 1<<8; static final int REMOVE_CHATTY = 1<<16; /** * Whether verification is enabled by default. */ private static final boolean DEFAULT_VERIFY_ENABLE = true; /** * The default maximum time to wait for the verification agent to return in * milliseconds. */ private static final long DEFAULT_VERIFICATION_TIMEOUT = 10 * 1000; /** * The default response for package verification timeout. * * This can be either PackageManager.VERIFICATION_ALLOW or * PackageManager.VERIFICATION_REJECT. */ private static final int DEFAULT_VERIFICATION_RESPONSE = PackageManager.VERIFICATION_ALLOW; static final String DEFAULT_CONTAINER_PACKAGE = "com.android.defcontainer"; static final ComponentName DEFAULT_CONTAINER_COMPONENT = new ComponentName( DEFAULT_CONTAINER_PACKAGE, "com.android.defcontainer.DefaultContainerService"); private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; private static final String LIB_DIR_NAME = "lib"; static final String mTempContainerPrefix = "smdl2tmp"; final HandlerThread mHandlerThread = new HandlerThread("PackageManager", Process.THREAD_PRIORITY_BACKGROUND); final PackageHandler mHandler; final int mSdkVersion = Build.VERSION.SDK_INT; final String mSdkCodename = "REL".equals(Build.VERSION.CODENAME) ? null : Build.VERSION.CODENAME; final Context mContext; final boolean mFactoryTest; final boolean mOnlyCore; final boolean mNoDexOpt; final DisplayMetrics mMetrics; final int mDefParseFlags; final String[] mSeparateProcesses; // This is where all application persistent data goes. final File mAppDataDir; // This is where all application persistent data goes for secondary users. final File mUserAppDataDir; /** The location for ASEC container files on internal storage. */ final String mAsecInternalPath; // This is the object monitoring the framework dir. final FileObserver mFrameworkInstallObserver; // This is the object monitoring the system app dir. final FileObserver mSystemInstallObserver; // This is the object monitoring the system app dir. final FileObserver mVendorInstallObserver; // This is the object monitoring mAppInstallDir. final FileObserver mAppInstallObserver; // This is the object monitoring mDrmAppPrivateInstallDir. final FileObserver mDrmAppInstallObserver; // Used for privilege escalation. MUST NOT BE CALLED WITH mPackages // LOCK HELD. Can be called with mInstallLock held. final Installer mInstaller; final File mFrameworkDir; final File mSystemAppDir; final File mVendorAppDir; final File mAppInstallDir; final File mDalvikCacheDir; /** * Directory to which applications installed internally have native * libraries copied. */ private File mAppLibInstallDir; // Directory containing the private parts (e.g. code and non-resource assets) of forward-locked // apps. final File mDrmAppPrivateInstallDir; // ---------------------------------------------------------------- // Lock for state used when installing and doing other long running // operations. Methods that must be called with this lock held have // the prefix "LI". final Object mInstallLock = new Object(); // These are the directories in the 3rd party applications installed dir // that we have currently loaded packages from. Keys are the application's // installed zip file (absolute codePath), and values are Package. final HashMap mAppDirs = new HashMap(); // Information for the parser to write more useful error messages. File mScanningPath; int mLastScanError; // ---------------------------------------------------------------- // Keys are String (package name), values are Package. This also serves // as the lock for the global state. Methods that must be called with // this lock held have the prefix "LP". final HashMap mPackages = new HashMap(); final Settings mSettings; boolean mRestoredSettings; // Group-ids that are given to all packages as read from etc/permissions/*.xml. int[] mGlobalGids; // These are the built-in uid -> permission mappings that were read from the // etc/permissions.xml file. final SparseArray> mSystemPermissions = new SparseArray>(); // These are the built-in shared libraries that were read from the // etc/permissions.xml file. final HashMap mSharedLibraries = new HashMap(); // Temporary for building the final shared libraries for an .apk. String[] mTmpSharedLibraries = null; // These are the features this devices supports that were read from the // etc/permissions.xml file. final HashMap mAvailableFeatures = new HashMap(); // All available activities, for your resolving pleasure. final ActivityIntentResolver mActivities = new ActivityIntentResolver(); // All available receivers, for your resolving pleasure. final ActivityIntentResolver mReceivers = new ActivityIntentResolver(); // All available services, for your resolving pleasure. final ServiceIntentResolver mServices = new ServiceIntentResolver(); // Keys are String (provider class name), values are Provider. final HashMap mProvidersByComponent = new HashMap(); // Mapping from provider base names (first directory in content URI codePath) // to the provider information. final HashMap mProviders = new HashMap(); // Mapping from instrumentation class names to info about them. final HashMap mInstrumentation = new HashMap(); // Mapping from permission names to info about them. final HashMap mPermissionGroups = new HashMap(); // Packages whose data we have transfered into another package, thus // should no longer exist. final HashSet mTransferedPackages = new HashSet(); // Broadcast actions that are only available to the system. final HashSet mProtectedBroadcasts = new HashSet(); /** List of packages waiting for verification. */ final SparseArray mPendingVerification = new SparseArray(); final ArrayList mDeferredDexOpt = new ArrayList(); /** Token for keys in mPendingVerification. */ private int mPendingVerificationToken = 0; boolean mSystemReady; boolean mSafeMode; boolean mHasSystemUidErrors; ApplicationInfo mAndroidApplication; final ActivityInfo mResolveActivity = new ActivityInfo(); final ResolveInfo mResolveInfo = new ResolveInfo(); ComponentName mResolveComponentName; PackageParser.Package mPlatformPackage; // Set of pending broadcasts for aggregating enable/disable of components. final HashMap> mPendingBroadcasts = new HashMap>(); // Service Connection to remote media container service to copy // package uri's from external media onto secure containers // or internal storage. private IMediaContainerService mContainerService = null; static final int SEND_PENDING_BROADCAST = 1; static final int MCS_BOUND = 3; static final int END_COPY = 4; static final int INIT_COPY = 5; static final int MCS_UNBIND = 6; static final int START_CLEANING_PACKAGE = 7; static final int FIND_INSTALL_LOC = 8; static final int POST_INSTALL = 9; static final int MCS_RECONNECT = 10; static final int MCS_GIVE_UP = 11; static final int UPDATED_MEDIA_STATUS = 12; static final int WRITE_SETTINGS = 13; static final int WRITE_PACKAGE_RESTRICTIONS = 14; static final int PACKAGE_VERIFIED = 15; static final int CHECK_PENDING_VERIFICATION = 16; static final int WRITE_SETTINGS_DELAY = 10*1000; // 10 seconds // Delay time in millisecs static final int BROADCAST_DELAY = 10 * 1000; static UserManagerService sUserManager; // Stores a list of users whose package restrictions file needs to be updated private HashSet mDirtyUsers = new HashSet(); final private DefaultContainerConnection mDefContainerConn = new DefaultContainerConnection(); class DefaultContainerConnection implements ServiceConnection { public void onServiceConnected(ComponentName name, IBinder service) { if (DEBUG_SD_INSTALL) Log.i(TAG, "onServiceConnected"); IMediaContainerService imcs = IMediaContainerService.Stub.asInterface(service); mHandler.sendMessage(mHandler.obtainMessage(MCS_BOUND, imcs)); } public void onServiceDisconnected(ComponentName name) { if (DEBUG_SD_INSTALL) Log.i(TAG, "onServiceDisconnected"); } }; // Recordkeeping of restore-after-install operations that are currently in flight // between the Package Manager and the Backup Manager class PostInstallData { public InstallArgs args; public PackageInstalledInfo res; PostInstallData(InstallArgs _a, PackageInstalledInfo _r) { args = _a; res = _r; } }; final SparseArray mRunningInstalls = new SparseArray(); int mNextInstallToken = 1; // nonzero; will be wrapped back to 1 when ++ overflows private final String mRequiredVerifierPackage; class PackageHandler extends Handler { private boolean mBound = false; final ArrayList mPendingInstalls = new ArrayList(); private boolean connectToService() { if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to bind to" + " DefaultContainerService"); Intent service = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT); Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); if (mContext.bindService(service, mDefContainerConn, Context.BIND_AUTO_CREATE, UserHandle.USER_OWNER)) { Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); mBound = true; return true; } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); return false; } private void disconnectService() { mContainerService = null; mBound = false; Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); mContext.unbindService(mDefContainerConn); Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } PackageHandler(Looper looper) { super(looper); } public void handleMessage(Message msg) { try { doHandleMessage(msg); } finally { Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } } void doHandleMessage(Message msg) { switch (msg.what) { case INIT_COPY: { if (DEBUG_INSTALL) Slog.i(TAG, "init_copy"); HandlerParams params = (HandlerParams) msg.obj; int idx = mPendingInstalls.size(); if (DEBUG_INSTALL) Slog.i(TAG, "idx=" + idx); // If a bind was already initiated we dont really // need to do anything. The pending install // will be processed later on. if (!mBound) { // If this is the only one pending we might // have to bind to the service again. if (!connectToService()) { Slog.e(TAG, "Failed to bind to media container service"); params.serviceError(); return; } else { // Once we bind to the service, the first // pending request will be processed. mPendingInstalls.add(idx, params); } } else { mPendingInstalls.add(idx, params); // Already bound to the service. Just make // sure we trigger off processing the first request. if (idx == 0) { mHandler.sendEmptyMessage(MCS_BOUND); } } break; } case MCS_BOUND: { if (DEBUG_INSTALL) Slog.i(TAG, "mcs_bound"); if (msg.obj != null) { mContainerService = (IMediaContainerService) msg.obj; } if (mContainerService == null) { // Something seriously wrong. Bail out Slog.e(TAG, "Cannot bind to media container service"); for (HandlerParams params : mPendingInstalls) { // Indicate service bind error params.serviceError(); } mPendingInstalls.clear(); } else if (mPendingInstalls.size() > 0) { HandlerParams params = mPendingInstalls.get(0); if (params != null) { if (params.startCopy()) { // We are done... look for more work or to // go idle. if (DEBUG_SD_INSTALL) Log.i(TAG, "Checking for more work or unbind..."); // Delete pending install if (mPendingInstalls.size() > 0) { mPendingInstalls.remove(0); } if (mPendingInstalls.size() == 0) { if (mBound) { if (DEBUG_SD_INSTALL) Log.i(TAG, "Posting delayed MCS_UNBIND"); removeMessages(MCS_UNBIND); Message ubmsg = obtainMessage(MCS_UNBIND); // Unbind after a little delay, to avoid // continual thrashing. sendMessageDelayed(ubmsg, 10000); } } else { // There are more pending requests in queue. // Just post MCS_BOUND message to trigger processing // of next pending install. if (DEBUG_SD_INSTALL) Log.i(TAG, "Posting MCS_BOUND for next woek"); mHandler.sendEmptyMessage(MCS_BOUND); } } } } else { // Should never happen ideally. Slog.w(TAG, "Empty queue"); } break; } case MCS_RECONNECT: { if (DEBUG_INSTALL) Slog.i(TAG, "mcs_reconnect"); if (mPendingInstalls.size() > 0) { if (mBound) { disconnectService(); } if (!connectToService()) { Slog.e(TAG, "Failed to bind to media container service"); for (HandlerParams params : mPendingInstalls) { // Indicate service bind error params.serviceError(); } mPendingInstalls.clear(); } } break; } case MCS_UNBIND: { // If there is no actual work left, then time to unbind. if (DEBUG_INSTALL) Slog.i(TAG, "mcs_unbind"); if (mPendingInstalls.size() == 0 && mPendingVerification.size() == 0) { if (mBound) { if (DEBUG_INSTALL) Slog.i(TAG, "calling disconnectService()"); disconnectService(); } } else if (mPendingInstalls.size() > 0) { // There are more pending requests in queue. // Just post MCS_BOUND message to trigger processing // of next pending install. mHandler.sendEmptyMessage(MCS_BOUND); } break; } case MCS_GIVE_UP: { if (DEBUG_INSTALL) Slog.i(TAG, "mcs_giveup too many retries"); mPendingInstalls.remove(0); break; } case SEND_PENDING_BROADCAST: { String packages[]; ArrayList components[]; int size = 0; int uids[]; Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); synchronized (mPackages) { if (mPendingBroadcasts == null) { return; } size = mPendingBroadcasts.size(); if (size <= 0) { // Nothing to be done. Just return return; } packages = new String[size]; components = new ArrayList[size]; uids = new int[size]; Iterator>> it = mPendingBroadcasts.entrySet().iterator(); int i = 0; while (it.hasNext() && i < size) { Map.Entry> ent = it.next(); packages[i] = ent.getKey(); components[i] = ent.getValue(); PackageSetting ps = mSettings.mPackages.get(ent.getKey()); uids[i] = (ps != null) ? ps.appId : -1; i++; } size = i; mPendingBroadcasts.clear(); } // Send broadcasts for (int i = 0; i < size; i++) { sendPackageChangedBroadcast(packages[i], true, components[i], uids[i]); } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); break; } case START_CLEANING_PACKAGE: { Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); final String packageName = (String)msg.obj; final int userId = msg.arg1; final boolean andCode = msg.arg2 != 0; synchronized (mPackages) { if (userId == UserHandle.USER_ALL) { int[] users = sUserManager.getUserIds(); for (int user : users) { mSettings.addPackageToCleanLPw( new PackageCleanItem(user, packageName, andCode)); } } else { mSettings.addPackageToCleanLPw( new PackageCleanItem(userId, packageName, andCode)); } } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); startCleaningPackages(); } break; case POST_INSTALL: { if (DEBUG_INSTALL) Log.v(TAG, "Handling post-install for " + msg.arg1); PostInstallData data = mRunningInstalls.get(msg.arg1); mRunningInstalls.delete(msg.arg1); boolean deleteOld = false; if (data != null) { InstallArgs args = data.args; PackageInstalledInfo res = data.res; if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { res.removedInfo.sendBroadcast(false, true, false); Bundle extras = new Bundle(1); extras.putInt(Intent.EXTRA_UID, res.uid); // Determine the set of users who are adding this // package for the first time vs. those who are seeing // an update. int[] firstUsers; int[] updateUsers = new int[0]; if (res.origUsers == null || res.origUsers.length == 0) { firstUsers = res.newUsers; } else { firstUsers = new int[0]; for (int i=0; i args = (Set) msg.obj; if (DEBUG_SD_INSTALL) Log.i(TAG, "Unloading all containers"); // Unload containers unloadAllContainers(args); } if (reportStatus) { try { if (DEBUG_SD_INSTALL) Log.i(TAG, "Invoking MountService call back"); PackageHelper.getMountService().finishMediaUpdate(); } catch (RemoteException e) { Log.e(TAG, "MountService not running?"); } } } break; case WRITE_SETTINGS: { Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); synchronized (mPackages) { removeMessages(WRITE_SETTINGS); removeMessages(WRITE_PACKAGE_RESTRICTIONS); mSettings.writeLPr(); mDirtyUsers.clear(); } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } break; case WRITE_PACKAGE_RESTRICTIONS: { Process.setThreadPriority(Process.THREAD_PRIORITY_DEFAULT); synchronized (mPackages) { removeMessages(WRITE_PACKAGE_RESTRICTIONS); for (int userId : mDirtyUsers) { mSettings.writePackageRestrictionsLPr(userId); } mDirtyUsers.clear(); } Process.setThreadPriority(Process.THREAD_PRIORITY_BACKGROUND); } break; case CHECK_PENDING_VERIFICATION: { final int verificationId = msg.arg1; final PackageVerificationState state = mPendingVerification.get(verificationId); if ((state != null) && !state.timeoutExtended()) { final InstallArgs args = state.getInstallArgs(); Slog.i(TAG, "Verification timed out for " + args.packageURI.toString()); mPendingVerification.remove(verificationId); int ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; if (getDefaultVerificationResponse() == PackageManager.VERIFICATION_ALLOW) { Slog.i(TAG, "Continuing with installation of " + args.packageURI.toString()); state.setVerifierResponse(Binder.getCallingUid(), PackageManager.VERIFICATION_ALLOW_WITHOUT_SUFFICIENT); broadcastPackageVerified(verificationId, args.packageURI, PackageManager.VERIFICATION_ALLOW, state.getInstallArgs().getUser()); try { ret = args.copyApk(mContainerService, true); } catch (RemoteException e) { Slog.e(TAG, "Could not contact the ContainerService"); } } else { broadcastPackageVerified(verificationId, args.packageURI, PackageManager.VERIFICATION_REJECT, state.getInstallArgs().getUser()); } processPendingInstall(args, ret); mHandler.sendEmptyMessage(MCS_UNBIND); } break; } case PACKAGE_VERIFIED: { final int verificationId = msg.arg1; final PackageVerificationState state = mPendingVerification.get(verificationId); if (state == null) { Slog.w(TAG, "Invalid verification token " + verificationId + " received"); break; } final PackageVerificationResponse response = (PackageVerificationResponse) msg.obj; state.setVerifierResponse(response.callerUid, response.code); if (state.isVerificationComplete()) { mPendingVerification.remove(verificationId); final InstallArgs args = state.getInstallArgs(); int ret; if (state.isInstallAllowed()) { ret = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; broadcastPackageVerified(verificationId, args.packageURI, response.code, state.getInstallArgs().getUser()); try { ret = args.copyApk(mContainerService, true); } catch (RemoteException e) { Slog.e(TAG, "Could not contact the ContainerService"); } } else { ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; } processPendingInstall(args, ret); mHandler.sendEmptyMessage(MCS_UNBIND); } break; } } } } void scheduleWriteSettingsLocked() { if (!mHandler.hasMessages(WRITE_SETTINGS)) { mHandler.sendEmptyMessageDelayed(WRITE_SETTINGS, WRITE_SETTINGS_DELAY); } } void scheduleWritePackageRestrictionsLocked(int userId) { if (!sUserManager.exists(userId)) return; mDirtyUsers.add(userId); if (!mHandler.hasMessages(WRITE_PACKAGE_RESTRICTIONS)) { mHandler.sendEmptyMessageDelayed(WRITE_PACKAGE_RESTRICTIONS, WRITE_SETTINGS_DELAY); } } public static final IPackageManager main(Context context, Installer installer, boolean factoryTest, boolean onlyCore) { PackageManagerService m = new PackageManagerService(context, installer, factoryTest, onlyCore); ServiceManager.addService("package", m); return m; } static String[] splitString(String str, char sep) { int count = 1; int i = 0; while ((i=str.indexOf(sep, i)) >= 0) { count++; i++; } String[] res = new String[count]; i=0; count = 0; int lastI=0; while ((i=str.indexOf(sep, i)) >= 0) { res[count] = str.substring(lastI, i); count++; i++; lastI = i; } res[count] = str.substring(lastI, str.length()); return res; } public PackageManagerService(Context context, Installer installer, boolean factoryTest, boolean onlyCore) { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_START, SystemClock.uptimeMillis()); if (mSdkVersion <= 0) { Slog.w(TAG, "**** ro.build.version.sdk not set!"); } mContext = context; mFactoryTest = factoryTest; mOnlyCore = onlyCore; mNoDexOpt = "eng".equals(SystemProperties.get("ro.build.type")); mMetrics = new DisplayMetrics(); mSettings = new Settings(context); mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID, ApplicationInfo.FLAG_SYSTEM); mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID, ApplicationInfo.FLAG_SYSTEM); mSettings.addSharedUserLPw("android.uid.log", LOG_UID, ApplicationInfo.FLAG_SYSTEM); mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID, ApplicationInfo.FLAG_SYSTEM); mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID, ApplicationInfo.FLAG_SYSTEM); String separateProcesses = SystemProperties.get("debug.separate_processes"); if (separateProcesses != null && separateProcesses.length() > 0) { if ("*".equals(separateProcesses)) { mDefParseFlags = PackageParser.PARSE_IGNORE_PROCESSES; mSeparateProcesses = null; Slog.w(TAG, "Running with debug.separate_processes: * (ALL)"); } else { mDefParseFlags = 0; mSeparateProcesses = separateProcesses.split(","); Slog.w(TAG, "Running with debug.separate_processes: " + separateProcesses); } } else { mDefParseFlags = 0; mSeparateProcesses = null; } mInstaller = installer; WindowManager wm = (WindowManager)context.getSystemService(Context.WINDOW_SERVICE); Display d = wm.getDefaultDisplay(); d.getMetrics(mMetrics); synchronized (mInstallLock) { // writer synchronized (mPackages) { mHandlerThread.start(); mHandler = new PackageHandler(mHandlerThread.getLooper()); File dataDir = Environment.getDataDirectory(); mAppDataDir = new File(dataDir, "data"); mAppInstallDir = new File(dataDir, "app"); mAppLibInstallDir = new File(dataDir, "app-lib"); mAsecInternalPath = new File(dataDir, "app-asec").getPath(); mUserAppDataDir = new File(dataDir, "user"); mDrmAppPrivateInstallDir = new File(dataDir, "app-private"); sUserManager = new UserManagerService(context, this, mInstallLock, mPackages); readPermissions(); mRestoredSettings = mSettings.readLPw(sUserManager.getUsers(false)); long startTime = SystemClock.uptimeMillis(); EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SYSTEM_SCAN_START, startTime); // Set flag to monitor and not change apk file paths when // scanning install directories. int scanMode = SCAN_MONITOR | SCAN_NO_PATHS | SCAN_DEFER_DEX | SCAN_BOOTING; if (mNoDexOpt) { Slog.w(TAG, "Running ENG build: no pre-dexopt!"); scanMode |= SCAN_NO_DEX; } final HashSet libFiles = new HashSet(); mFrameworkDir = new File(Environment.getRootDirectory(), "framework"); mDalvikCacheDir = new File(dataDir, "dalvik-cache"); boolean didDexOpt = false; /** * Out of paranoia, ensure that everything in the boot class * path has been dexed. */ String bootClassPath = System.getProperty("java.boot.class.path"); if (bootClassPath != null) { String[] paths = splitString(bootClassPath, ':'); for (int i=0; i 0) { Iterator libs = mSharedLibraries.values().iterator(); while (libs.hasNext()) { String lib = libs.next(); try { if (dalvik.system.DexFile.isDexOptNeeded(lib)) { libFiles.add(lib); mInstaller.dexopt(lib, Process.SYSTEM_UID, true); didDexOpt = true; } } catch (FileNotFoundException e) { Slog.w(TAG, "Library not found: " + lib); } catch (IOException e) { Slog.w(TAG, "Cannot dexopt " + lib + "; is it an APK or JAR? " + e.getMessage()); } } } // Gross hack for now: we know this file doesn't contain any // code, so don't dexopt it to avoid the resulting log spew. libFiles.add(mFrameworkDir.getPath() + "/framework-res.apk"); /** * And there are a number of commands implemented in Java, which * we currently need to do the dexopt on so that they can be * run from a non-root shell. */ String[] frameworkFiles = mFrameworkDir.list(); if (frameworkFiles != null) { for (int i=0; i possiblyDeletedUpdatedSystemApps = new ArrayList(); if (!mOnlyCore) { Iterator psit = mSettings.mPackages.values().iterator(); while (psit.hasNext()) { PackageSetting ps = psit.next(); /* * If this is not a system app, it can't be a * disable system app. */ if ((ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) == 0) { continue; } /* * If the package is scanned, it's not erased. */ final PackageParser.Package scannedPkg = mPackages.get(ps.name); if (scannedPkg != null) { /* * If the system app is both scanned and in the * disabled packages list, then it must have been * added via OTA. Remove it from the currently * scanned package so the previously user-installed * application can be scanned. */ if (mSettings.isDisabledSystemPackageLPr(ps.name)) { Slog.i(TAG, "Expecting better updatd system app for " + ps.name + "; removing system app"); removePackageLI(ps, true); } continue; } if (!mSettings.isDisabledSystemPackageLPr(ps.name)) { psit.remove(); String msg = "System package " + ps.name + " no longer exists; wiping its data"; reportSettingsProblem(Log.WARN, msg); removeDataDirsLI(ps.name); } else { final PackageSetting disabledPs = mSettings.getDisabledSystemPkgLPr(ps.name); if (disabledPs.codePath == null || !disabledPs.codePath.exists()) { possiblyDeletedUpdatedSystemApps.add(ps.name); } } } } //look for any incomplete package installations ArrayList deletePkgsList = mSettings.getListOfIncompleteInstallPackagesLPr(); //clean up list for(int i = 0; i < deletePkgsList.size(); i++) { //clean up here cleanupInstallFailedPackage(deletePkgsList.get(i)); } //delete tmp files deleteTempPackageFiles(); if (!mOnlyCore) { EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_DATA_SCAN_START, SystemClock.uptimeMillis()); mAppInstallObserver = new AppDirObserver( mAppInstallDir.getPath(), OBSERVER_EVENTS, false); mAppInstallObserver.startWatching(); scanDirLI(mAppInstallDir, 0, scanMode, 0); mDrmAppInstallObserver = new AppDirObserver( mDrmAppPrivateInstallDir.getPath(), OBSERVER_EVENTS, false); mDrmAppInstallObserver.startWatching(); scanDirLI(mDrmAppPrivateInstallDir, PackageParser.PARSE_FORWARD_LOCK, scanMode, 0); /** * Remove disable package settings for any updated system * apps that were removed via an OTA. If they're not a * previously-updated app, remove them completely. * Otherwise, just revoke their system-level permissions. */ for (String deletedAppName : possiblyDeletedUpdatedSystemApps) { PackageParser.Package deletedPkg = mPackages.get(deletedAppName); mSettings.removeDisabledSystemPackageLPw(deletedAppName); String msg; if (deletedPkg == null) { msg = "Updated system package " + deletedAppName + " no longer exists; wiping its data"; removeDataDirsLI(deletedAppName); } else { msg = "Updated system app + " + deletedAppName + " no longer present; removing system privileges for " + deletedAppName; deletedPkg.applicationInfo.flags &= ~ApplicationInfo.FLAG_SYSTEM; PackageSetting deletedPs = mSettings.mPackages.get(deletedAppName); deletedPs.pkgFlags &= ~ApplicationInfo.FLAG_SYSTEM; } reportSettingsProblem(Log.WARN, msg); } } else { mAppInstallObserver = null; mDrmAppInstallObserver = null; } EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SCAN_END, SystemClock.uptimeMillis()); Slog.i(TAG, "Time to scan packages: " + ((SystemClock.uptimeMillis()-startTime)/1000f) + " seconds"); // If the platform SDK has changed since the last time we booted, // we need to re-grant app permission to catch any new ones that // appear. This is really a hack, and means that apps can in some // cases get permissions that the user didn't initially explicitly // allow... it would be nice to have some better way to handle // this situation. final boolean regrantPermissions = mSettings.mInternalSdkPlatform != mSdkVersion; if (regrantPermissions) Slog.i(TAG, "Platform changed from " + mSettings.mInternalSdkPlatform + " to " + mSdkVersion + "; regranting permissions for internal storage"); mSettings.mInternalSdkPlatform = mSdkVersion; updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL | (regrantPermissions ? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL) : 0)); // can downgrade to reader mSettings.writeLPr(); EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY, SystemClock.uptimeMillis()); // Now after opening every single application zip, make sure they // are all flushed. Not really needed, but keeps things nice and // tidy. Runtime.getRuntime().gc(); mRequiredVerifierPackage = getRequiredVerifierLPr(); } // synchronized (mPackages) } // synchronized (mInstallLock) } public boolean isFirstBoot() { return !mRestoredSettings; } private String getRequiredVerifierLPr() { final Intent verification = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); final List receivers = queryIntentReceivers(verification, PACKAGE_MIME_TYPE, PackageManager.GET_DISABLED_COMPONENTS, 0 /* TODO: Which userId? */); String requiredVerifier = null; final int N = receivers.size(); for (int i = 0; i < N; i++) { final ResolveInfo info = receivers.get(i); if (info.activityInfo == null) { continue; } final String packageName = info.activityInfo.packageName; final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps == null) { continue; } if (!ps.grantedPermissions .contains(android.Manifest.permission.PACKAGE_VERIFICATION_AGENT)) { continue; } if (requiredVerifier != null) { throw new RuntimeException("There can be only one required verifier"); } requiredVerifier = packageName; } return requiredVerifier; } @Override public boolean onTransact(int code, Parcel data, Parcel reply, int flags) throws RemoteException { try { return super.onTransact(code, data, reply, flags); } catch (RuntimeException e) { if (!(e instanceof SecurityException) && !(e instanceof IllegalArgumentException)) { Slog.e(TAG, "Package Manager Crash", e); } throw e; } } void cleanupInstallFailedPackage(PackageSetting ps) { Slog.i(TAG, "Cleaning up incompletely installed app: " + ps.name); removeDataDirsLI(ps.name); if (ps.codePath != null) { if (!ps.codePath.delete()) { Slog.w(TAG, "Unable to remove old code file: " + ps.codePath); } } if (ps.resourcePath != null) { if (!ps.resourcePath.delete() && !ps.resourcePath.equals(ps.codePath)) { Slog.w(TAG, "Unable to remove old code file: " + ps.resourcePath); } } mSettings.removePackageLPw(ps.name); } void readPermissions() { // Read permissions from .../etc/permission directory. File libraryDir = new File(Environment.getRootDirectory(), "etc/permissions"); if (!libraryDir.exists() || !libraryDir.isDirectory()) { Slog.w(TAG, "No directory " + libraryDir + ", skipping"); return; } if (!libraryDir.canRead()) { Slog.w(TAG, "Directory " + libraryDir + " cannot be read"); return; } // Iterate over the files in the directory and scan .xml files for (File f : libraryDir.listFiles()) { // We'll read platform.xml last if (f.getPath().endsWith("etc/permissions/platform.xml")) { continue; } if (!f.getPath().endsWith(".xml")) { Slog.i(TAG, "Non-xml file " + f + " in " + libraryDir + " directory, ignoring"); continue; } if (!f.canRead()) { Slog.w(TAG, "Permissions library file " + f + " cannot be read"); continue; } readPermissionsFromXml(f); } // Read permissions from .../etc/permissions/platform.xml last so it will take precedence final File permFile = new File(Environment.getRootDirectory(), "etc/permissions/platform.xml"); readPermissionsFromXml(permFile); } private void readPermissionsFromXml(File permFile) { FileReader permReader = null; try { permReader = new FileReader(permFile); } catch (FileNotFoundException e) { Slog.w(TAG, "Couldn't find or open permissions file " + permFile); return; } try { XmlPullParser parser = Xml.newPullParser(); parser.setInput(permReader); XmlUtils.beginDocument(parser, "permissions"); while (true) { XmlUtils.nextElement(parser); if (parser.getEventType() == XmlPullParser.END_DOCUMENT) { break; } String name = parser.getName(); if ("group".equals(name)) { String gidStr = parser.getAttributeValue(null, "gid"); if (gidStr != null) { int gid = Integer.parseInt(gidStr); mGlobalGids = appendInt(mGlobalGids, gid); } else { Slog.w(TAG, " without gid at " + parser.getPositionDescription()); } XmlUtils.skipCurrentTag(parser); continue; } else if ("permission".equals(name)) { String perm = parser.getAttributeValue(null, "name"); if (perm == null) { Slog.w(TAG, " without name at " + parser.getPositionDescription()); XmlUtils.skipCurrentTag(parser); continue; } perm = perm.intern(); readPermission(parser, perm); } else if ("assign-permission".equals(name)) { String perm = parser.getAttributeValue(null, "name"); if (perm == null) { Slog.w(TAG, " without name at " + parser.getPositionDescription()); XmlUtils.skipCurrentTag(parser); continue; } String uidStr = parser.getAttributeValue(null, "uid"); if (uidStr == null) { Slog.w(TAG, " without uid at " + parser.getPositionDescription()); XmlUtils.skipCurrentTag(parser); continue; } int uid = Process.getUidForName(uidStr); if (uid < 0) { Slog.w(TAG, " with unknown uid \"" + uidStr + "\" at " + parser.getPositionDescription()); XmlUtils.skipCurrentTag(parser); continue; } perm = perm.intern(); HashSet perms = mSystemPermissions.get(uid); if (perms == null) { perms = new HashSet(); mSystemPermissions.put(uid, perms); } perms.add(perm); XmlUtils.skipCurrentTag(parser); } else if ("library".equals(name)) { String lname = parser.getAttributeValue(null, "name"); String lfile = parser.getAttributeValue(null, "file"); if (lname == null) { Slog.w(TAG, " without name at " + parser.getPositionDescription()); } else if (lfile == null) { Slog.w(TAG, " without file at " + parser.getPositionDescription()); } else { //Log.i(TAG, "Got library " + lname + " in " + lfile); mSharedLibraries.put(lname, lfile); } XmlUtils.skipCurrentTag(parser); continue; } else if ("feature".equals(name)) { String fname = parser.getAttributeValue(null, "name"); if (fname == null) { Slog.w(TAG, " without name at " + parser.getPositionDescription()); } else { //Log.i(TAG, "Got feature " + fname); FeatureInfo fi = new FeatureInfo(); fi.name = fname; mAvailableFeatures.put(fname, fi); } XmlUtils.skipCurrentTag(parser); continue; } else { XmlUtils.skipCurrentTag(parser); continue; } } permReader.close(); } catch (XmlPullParserException e) { Slog.w(TAG, "Got execption parsing permissions.", e); } catch (IOException e) { Slog.w(TAG, "Got execption parsing permissions.", e); } } void readPermission(XmlPullParser parser, String name) throws IOException, XmlPullParserException { name = name.intern(); BasePermission bp = mSettings.mPermissions.get(name); if (bp == null) { bp = new BasePermission(name, null, BasePermission.TYPE_BUILTIN); mSettings.mPermissions.put(name, bp); } int outerDepth = parser.getDepth(); int type; while ((type=parser.next()) != XmlPullParser.END_DOCUMENT && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { continue; } String tagName = parser.getName(); if ("group".equals(tagName)) { String gidStr = parser.getAttributeValue(null, "gid"); if (gidStr != null) { int gid = Process.getGidForName(gidStr); bp.gids = appendInt(bp.gids, gid); } else { Slog.w(TAG, " without gid at " + parser.getPositionDescription()); } } XmlUtils.skipCurrentTag(parser); } } static int[] appendInts(int[] cur, int[] add) { if (add == null) return cur; if (cur == null) return add; final int N = add.length; for (int i=0; i=0; i--) { PackageSetting ps = mSettings.mPackages.get(names[i]); out[i] = ps != null && ps.realName != null ? ps.realName : names[i]; } } return out; } public String[] canonicalToCurrentPackageNames(String[] names) { String[] out = new String[names.length]; // reader synchronized (mPackages) { for (int i=names.length-1; i>=0; i--) { String cur = mSettings.mRenamedPackages.get(names[i]); out[i] = cur != null ? cur : names[i]; } } return out; } @Override public int getPackageUid(String packageName, int userId) { if (!sUserManager.exists(userId)) return -1; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "get package uid"); // reader synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); if(p != null) { return UserHandle.getUid(userId, p.applicationInfo.uid); } PackageSetting ps = mSettings.mPackages.get(packageName); if((ps == null) || (ps.pkg == null) || (ps.pkg.applicationInfo == null)) { return -1; } p = ps.pkg; return p != null ? UserHandle.getUid(userId, p.applicationInfo.uid) : -1; } } public int[] getPackageGids(String packageName) { final boolean enforcedDefault = isPermissionEnforcedDefault(READ_EXTERNAL_STORAGE); // reader synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); if (DEBUG_PACKAGE_INFO) Log.v(TAG, "getPackageGids" + packageName + ": " + p); if (p != null) { final PackageSetting ps = (PackageSetting)p.mExtras; final SharedUserSetting suid = ps.sharedUser; int[] gids = suid != null ? suid.gids : ps.gids; // include GIDs for any unenforced permissions if (!isPermissionEnforcedLocked(READ_EXTERNAL_STORAGE, enforcedDefault)) { final BasePermission basePerm = mSettings.mPermissions.get( READ_EXTERNAL_STORAGE); gids = appendInts(gids, basePerm.gids); } return gids; } } // stupid thing to indicate an error. return new int[0]; } static final PermissionInfo generatePermissionInfo( BasePermission bp, int flags) { if (bp.perm != null) { return PackageParser.generatePermissionInfo(bp.perm, flags); } PermissionInfo pi = new PermissionInfo(); pi.name = bp.name; pi.packageName = bp.sourcePackage; pi.nonLocalizedLabel = bp.name; pi.protectionLevel = bp.protectionLevel; return pi; } public PermissionInfo getPermissionInfo(String name, int flags) { // reader synchronized (mPackages) { final BasePermission p = mSettings.mPermissions.get(name); if (p != null) { return generatePermissionInfo(p, flags); } return null; } } public List queryPermissionsByGroup(String group, int flags) { // reader synchronized (mPackages) { ArrayList out = new ArrayList(10); for (BasePermission p : mSettings.mPermissions.values()) { if (group == null) { if (p.perm == null || p.perm.info.group == null) { out.add(generatePermissionInfo(p, flags)); } } else { if (p.perm != null && group.equals(p.perm.info.group)) { out.add(PackageParser.generatePermissionInfo(p.perm, flags)); } } } if (out.size() > 0) { return out; } return mPermissionGroups.containsKey(group) ? out : null; } } public PermissionGroupInfo getPermissionGroupInfo(String name, int flags) { // reader synchronized (mPackages) { return PackageParser.generatePermissionGroupInfo( mPermissionGroups.get(name), flags); } } public List getAllPermissionGroups(int flags) { // reader synchronized (mPackages) { final int N = mPermissionGroups.size(); ArrayList out = new ArrayList(N); for (PackageParser.PermissionGroup pg : mPermissionGroups.values()) { out.add(PackageParser.generatePermissionGroupInfo(pg, flags)); } return out; } } private ApplicationInfo generateApplicationInfoFromSettingsLPw(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { if (ps.pkg == null) { PackageInfo pInfo = generatePackageInfoFromSettingsLPw(packageName, flags, userId); if (pInfo != null) { return pInfo.applicationInfo; } return null; } return PackageParser.generateApplicationInfo(ps.pkg, flags, ps.readUserState(userId), userId); } return null; } private PackageInfo generatePackageInfoFromSettingsLPw(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { PackageParser.Package pkg = ps.pkg; if (pkg == null) { if ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) == 0) { return null; } pkg = new PackageParser.Package(packageName); pkg.applicationInfo.packageName = packageName; pkg.applicationInfo.flags = ps.pkgFlags | ApplicationInfo.FLAG_IS_DATA_ONLY; pkg.applicationInfo.publicSourceDir = ps.resourcePathString; pkg.applicationInfo.sourceDir = ps.codePathString; pkg.applicationInfo.dataDir = getDataPathForPackage(packageName, 0).getPath(); pkg.applicationInfo.nativeLibraryDir = ps.nativeLibraryPathString; } // pkg.mSetEnabled = ps.getEnabled(userId); // pkg.mSetStopped = ps.getStopped(userId); return generatePackageInfo(pkg, flags, userId); } return null; } @Override public ApplicationInfo getApplicationInfo(String packageName, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "get application info"); // writer synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getApplicationInfo " + packageName + ": " + p); if (p != null) { PackageSetting ps = mSettings.mPackages.get(packageName); if (ps == null) return null; // Note: isEnabledLP() does not apply here - always return info return PackageParser.generateApplicationInfo( p, flags, ps.readUserState(userId), userId); } if ("android".equals(packageName)||"system".equals(packageName)) { return mAndroidApplication; } if ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0) { return generateApplicationInfoFromSettingsLPw(packageName, flags, userId); } } return null; } public void freeStorageAndNotify(final long freeStorageSize, final IPackageDataObserver observer) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.CLEAR_APP_CACHE, null); // Queue up an async operation since clearing cache may take a little while. mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); int retCode = -1; synchronized (mInstallLock) { retCode = mInstaller.freeCache(freeStorageSize); if (retCode < 0) { Slog.w(TAG, "Couldn't clear application caches"); } } if (observer != null) { try { observer.onRemoveCompleted(null, (retCode >= 0)); } catch (RemoteException e) { Slog.w(TAG, "RemoveException when invoking call back"); } } } }); } public void freeStorage(final long freeStorageSize, final IntentSender pi) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.CLEAR_APP_CACHE, null); // Queue up an async operation since clearing cache may take a little while. mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); int retCode = -1; synchronized (mInstallLock) { retCode = mInstaller.freeCache(freeStorageSize); if (retCode < 0) { Slog.w(TAG, "Couldn't clear application caches"); } } if(pi != null) { try { // Callback via pending intent int code = (retCode >= 0) ? 1 : 0; pi.sendIntent(null, code, null, null, null); } catch (SendIntentException e1) { Slog.i(TAG, "Failed to send pending intent"); } } } }); } @Override public ActivityInfo getActivityInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "get activity info"); synchronized (mPackages) { PackageParser.Activity a = mActivities.mActivities.get(component); if (DEBUG_PACKAGE_INFO) Log.v(TAG, "getActivityInfo " + component + ": " + a); if (a != null && mSettings.isEnabledLPr(a.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateActivityInfo(a, flags, ps.readUserState(userId), userId); } if (mResolveComponentName.equals(component)) { return mResolveActivity; } } return null; } @Override public ActivityInfo getReceiverInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "get receiver info"); synchronized (mPackages) { PackageParser.Activity a = mReceivers.mActivities.get(component); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getReceiverInfo " + component + ": " + a); if (a != null && mSettings.isEnabledLPr(a.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateActivityInfo(a, flags, ps.readUserState(userId), userId); } } return null; } @Override public ServiceInfo getServiceInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "get service info"); synchronized (mPackages) { PackageParser.Service s = mServices.mServices.get(component); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getServiceInfo " + component + ": " + s); if (s != null && mSettings.isEnabledLPr(s.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateServiceInfo(s, flags, ps.readUserState(userId), userId); } } return null; } @Override public ProviderInfo getProviderInfo(ComponentName component, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "get provider info"); synchronized (mPackages) { PackageParser.Provider p = mProvidersByComponent.get(component); if (DEBUG_PACKAGE_INFO) Log.v( TAG, "getProviderInfo " + component + ": " + p); if (p != null && mSettings.isEnabledLPr(p.info, flags, userId)) { PackageSetting ps = mSettings.mPackages.get(component.getPackageName()); if (ps == null) return null; return PackageParser.generateProviderInfo(p, flags, ps.readUserState(userId), userId); } } return null; } public String[] getSystemSharedLibraryNames() { Set libSet; synchronized (mPackages) { libSet = mSharedLibraries.keySet(); int size = libSet.size(); if (size > 0) { String[] libs = new String[size]; libSet.toArray(libs); return libs; } } return null; } public FeatureInfo[] getSystemAvailableFeatures() { Collection featSet; synchronized (mPackages) { featSet = mAvailableFeatures.values(); int size = featSet.size(); if (size > 0) { FeatureInfo[] features = new FeatureInfo[size+1]; featSet.toArray(features); FeatureInfo fi = new FeatureInfo(); fi.reqGlEsVersion = SystemProperties.getInt("ro.opengles.version", FeatureInfo.GL_ES_VERSION_UNDEFINED); features[size] = fi; return features; } } return null; } public boolean hasSystemFeature(String name) { synchronized (mPackages) { return mAvailableFeatures.containsKey(name); } } private void checkValidCaller(int uid, int userId) { if (UserHandle.getUserId(uid) == userId || uid == Process.SYSTEM_UID || uid == 0) return; throw new SecurityException("Caller uid=" + uid + " is not privileged to communicate with user=" + userId); } public int checkPermission(String permName, String pkgName) { final boolean enforcedDefault = isPermissionEnforcedDefault(permName); synchronized (mPackages) { PackageParser.Package p = mPackages.get(pkgName); if (p != null && p.mExtras != null) { PackageSetting ps = (PackageSetting)p.mExtras; if (ps.sharedUser != null) { if (ps.sharedUser.grantedPermissions.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } } else if (ps.grantedPermissions.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } } if (!isPermissionEnforcedLocked(permName, enforcedDefault)) { return PackageManager.PERMISSION_GRANTED; } } return PackageManager.PERMISSION_DENIED; } public int checkUidPermission(String permName, int uid) { final boolean enforcedDefault = isPermissionEnforcedDefault(permName); synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); if (obj != null) { GrantedPermissions gp = (GrantedPermissions)obj; if (gp.grantedPermissions.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } } else { HashSet perms = mSystemPermissions.get(uid); if (perms != null && perms.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } } if (!isPermissionEnforcedLocked(permName, enforcedDefault)) { return PackageManager.PERMISSION_GRANTED; } } return PackageManager.PERMISSION_DENIED; } /** * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller. * @param message the message to log on security exception * @return */ private void enforceCrossUserPermission(int callingUid, int userId, boolean requireFullPermission, String message) { if (userId < 0) { throw new IllegalArgumentException("Invalid userId " + userId); } if (userId == UserHandle.getUserId(callingUid)) return; if (callingUid != Process.SYSTEM_UID && callingUid != 0) { if (requireFullPermission) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); } else { try { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message); } catch (SecurityException se) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.INTERACT_ACROSS_USERS, message); } } } } private BasePermission findPermissionTreeLP(String permName) { for(BasePermission bp : mSettings.mPermissionTrees.values()) { if (permName.startsWith(bp.name) && permName.length() > bp.name.length() && permName.charAt(bp.name.length()) == '.') { return bp; } } return null; } private BasePermission checkPermissionTreeLP(String permName) { if (permName != null) { BasePermission bp = findPermissionTreeLP(permName); if (bp != null) { if (bp.uid == UserHandle.getAppId(Binder.getCallingUid())) { return bp; } throw new SecurityException("Calling uid " + Binder.getCallingUid() + " is not allowed to add to permission tree " + bp.name + " owned by uid " + bp.uid); } } throw new SecurityException("No permission tree found for " + permName); } static boolean compareStrings(CharSequence s1, CharSequence s2) { if (s1 == null) { return s2 == null; } if (s2 == null) { return false; } if (s1.getClass() != s2.getClass()) { return false; } return s1.equals(s2); } static boolean comparePermissionInfos(PermissionInfo pi1, PermissionInfo pi2) { if (pi1.icon != pi2.icon) return false; if (pi1.logo != pi2.logo) return false; if (pi1.protectionLevel != pi2.protectionLevel) return false; if (!compareStrings(pi1.name, pi2.name)) return false; if (!compareStrings(pi1.nonLocalizedLabel, pi2.nonLocalizedLabel)) return false; // We'll take care of setting this one. if (!compareStrings(pi1.packageName, pi2.packageName)) return false; // These are not currently stored in settings. //if (!compareStrings(pi1.group, pi2.group)) return false; //if (!compareStrings(pi1.nonLocalizedDescription, pi2.nonLocalizedDescription)) return false; //if (pi1.labelRes != pi2.labelRes) return false; //if (pi1.descriptionRes != pi2.descriptionRes) return false; return true; } boolean addPermissionLocked(PermissionInfo info, boolean async) { if (info.labelRes == 0 && info.nonLocalizedLabel == null) { throw new SecurityException("Label must be specified in permission"); } BasePermission tree = checkPermissionTreeLP(info.name); BasePermission bp = mSettings.mPermissions.get(info.name); boolean added = bp == null; boolean changed = true; int fixedLevel = PermissionInfo.fixProtectionLevel(info.protectionLevel); if (added) { bp = new BasePermission(info.name, tree.sourcePackage, BasePermission.TYPE_DYNAMIC); } else if (bp.type != BasePermission.TYPE_DYNAMIC) { throw new SecurityException( "Not allowed to modify non-dynamic permission " + info.name); } else { if (bp.protectionLevel == fixedLevel && bp.perm.owner.equals(tree.perm.owner) && bp.uid == tree.uid && comparePermissionInfos(bp.perm.info, info)) { changed = false; } } bp.protectionLevel = fixedLevel; info = new PermissionInfo(info); info.protectionLevel = fixedLevel; bp.perm = new PackageParser.Permission(tree.perm.owner, info); bp.perm.info.packageName = tree.perm.info.packageName; bp.uid = tree.uid; if (added) { mSettings.mPermissions.put(info.name, bp); } if (changed) { if (!async) { mSettings.writeLPr(); } else { scheduleWriteSettingsLocked(); } } return added; } public boolean addPermission(PermissionInfo info) { synchronized (mPackages) { return addPermissionLocked(info, false); } } public boolean addPermissionAsync(PermissionInfo info) { synchronized (mPackages) { return addPermissionLocked(info, true); } } public void removePermission(String name) { synchronized (mPackages) { checkPermissionTreeLP(name); BasePermission bp = mSettings.mPermissions.get(name); if (bp != null) { if (bp.type != BasePermission.TYPE_DYNAMIC) { throw new SecurityException( "Not allowed to modify non-dynamic permission " + name); } mSettings.mPermissions.remove(name); mSettings.writeLPr(); } } } public void grantPermission(String packageName, String permissionName) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, null); synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } final BasePermission bp = mSettings.mPermissions.get(permissionName); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + packageName); } if (!pkg.requestedPermissions.contains(permissionName)) { throw new SecurityException("Package " + packageName + " has not requested permission " + permissionName); } if ((bp.protectionLevel&PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) == 0) { throw new SecurityException("Permission " + permissionName + " is not a development permission"); } final PackageSetting ps = (PackageSetting) pkg.mExtras; if (ps == null) { return; } final GrantedPermissions gp = ps.sharedUser != null ? ps.sharedUser : ps; if (gp.grantedPermissions.add(permissionName)) { if (ps.haveGids) { gp.gids = appendInts(gp.gids, bp.gids); } mSettings.writeLPr(); } } } public void revokePermission(String packageName, String permissionName) { synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { throw new IllegalArgumentException("Unknown package: " + packageName); } if (pkg.applicationInfo.uid != Binder.getCallingUid()) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.GRANT_REVOKE_PERMISSIONS, null); } final BasePermission bp = mSettings.mPermissions.get(permissionName); if (bp == null) { throw new IllegalArgumentException("Unknown permission: " + packageName); } if (!pkg.requestedPermissions.contains(permissionName)) { throw new SecurityException("Package " + packageName + " has not requested permission " + permissionName); } if ((bp.protectionLevel&PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) == 0) { throw new SecurityException("Permission " + permissionName + " is not a development permission"); } final PackageSetting ps = (PackageSetting) pkg.mExtras; if (ps == null) { return; } final GrantedPermissions gp = ps.sharedUser != null ? ps.sharedUser : ps; if (gp.grantedPermissions.remove(permissionName)) { gp.grantedPermissions.remove(permissionName); if (ps.haveGids) { gp.gids = removeInts(gp.gids, bp.gids); } mSettings.writeLPr(); } } } public boolean isProtectedBroadcast(String actionName) { synchronized (mPackages) { return mProtectedBroadcasts.contains(actionName); } } public int checkSignatures(String pkg1, String pkg2) { synchronized (mPackages) { final PackageParser.Package p1 = mPackages.get(pkg1); final PackageParser.Package p2 = mPackages.get(pkg2); if (p1 == null || p1.mExtras == null || p2 == null || p2.mExtras == null) { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } return compareSignatures(p1.mSignatures, p2.mSignatures); } } public int checkUidSignatures(int uid1, int uid2) { // Map to base uids. uid1 = UserHandle.getAppId(uid1); uid2 = UserHandle.getAppId(uid2); // reader synchronized (mPackages) { Signature[] s1; Signature[] s2; Object obj = mSettings.getUserIdLPr(uid1); if (obj != null) { if (obj instanceof SharedUserSetting) { s1 = ((SharedUserSetting)obj).signatures.mSignatures; } else if (obj instanceof PackageSetting) { s1 = ((PackageSetting)obj).signatures.mSignatures; } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } obj = mSettings.getUserIdLPr(uid2); if (obj != null) { if (obj instanceof SharedUserSetting) { s2 = ((SharedUserSetting)obj).signatures.mSignatures; } else if (obj instanceof PackageSetting) { s2 = ((PackageSetting)obj).signatures.mSignatures; } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } } else { return PackageManager.SIGNATURE_UNKNOWN_PACKAGE; } return compareSignatures(s1, s2); } } static int compareSignatures(Signature[] s1, Signature[] s2) { if (s1 == null) { return s2 == null ? PackageManager.SIGNATURE_NEITHER_SIGNED : PackageManager.SIGNATURE_FIRST_NOT_SIGNED; } if (s2 == null) { return PackageManager.SIGNATURE_SECOND_NOT_SIGNED; } HashSet set1 = new HashSet(); for (Signature sig : s1) { set1.add(sig); } HashSet set2 = new HashSet(); for (Signature sig : s2) { set2.add(sig); } // Make sure s2 contains all signatures in s1. if (set1.equals(set2)) { return PackageManager.SIGNATURE_MATCH; } return PackageManager.SIGNATURE_NO_MATCH; } public String[] getPackagesForUid(int uid) { uid = UserHandle.getAppId(uid); // reader synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(uid); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; final int N = sus.packages.size(); final String[] res = new String[N]; final Iterator it = sus.packages.iterator(); int i = 0; while (it.hasNext()) { res[i++] = it.next().name; } return res; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return new String[] { ps.name }; } } return null; } public String getNameForUid(int uid) { // reader synchronized (mPackages) { Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid)); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; return sus.name + ":" + sus.userId; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.name; } } return null; } public int getUidForSharedUser(String sharedUserName) { if(sharedUserName == null) { return -1; } // reader synchronized (mPackages) { final SharedUserSetting suid = mSettings.getSharedUserLPw(sharedUserName, 0, false); if (suid == null) { return -1; } return suid.userId; } } @Override public ResolveInfo resolveIntent(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return null; enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "resolve intent"); List query = queryIntentActivities(intent, resolvedType, flags, userId); return chooseBestActivity(intent, resolvedType, flags, query, userId); } private ResolveInfo chooseBestActivity(Intent intent, String resolvedType, int flags, List query, int userId) { if (query != null) { final int N = query.size(); if (N == 1) { return query.get(0); } else if (N > 1) { // If there is more than one activity with the same priority, // then let the user decide between them. ResolveInfo r0 = query.get(0); ResolveInfo r1 = query.get(1); if (DEBUG_INTENT_MATCHING) { Log.d(TAG, r0.activityInfo.name + "=" + r0.priority + " vs " + r1.activityInfo.name + "=" + r1.priority); } // If the first activity has a higher priority, or a different // default, then it is always desireable to pick it. if (r0.priority != r1.priority || r0.preferredOrder != r1.preferredOrder || r0.isDefault != r1.isDefault) { return query.get(0); } // If we have saved a preference for a preferred activity for // this Intent, use that. ResolveInfo ri = findPreferredActivity(intent, resolvedType, flags, query, r0.priority, userId); if (ri != null) { return ri; } if (userId != 0) { ri = new ResolveInfo(mResolveInfo); ri.activityInfo = new ActivityInfo(ri.activityInfo); ri.activityInfo.applicationInfo = new ApplicationInfo( ri.activityInfo.applicationInfo); ri.activityInfo.applicationInfo.uid = UserHandle.getUid(userId, UserHandle.getAppId(ri.activityInfo.applicationInfo.uid)); return ri; } return mResolveInfo; } } return null; } ResolveInfo findPreferredActivity(Intent intent, String resolvedType, int flags, List query, int priority, int userId) { if (!sUserManager.exists(userId)) return null; // writer synchronized (mPackages) { if (intent.getSelector() != null) { intent = intent.getSelector(); } if (DEBUG_PREFERRED) intent.addFlags(Intent.FLAG_DEBUG_LOG_RESOLUTION); PreferredIntentResolver pir = mSettings.mPreferredActivities.get(userId); List prefs = pir != null ? pir.queryIntent(intent, resolvedType, (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, userId) : null; if (prefs != null && prefs.size() > 0) { // First figure out how good the original match set is. // We will only allow preferred activities that came // from the same match quality. int match = 0; if (DEBUG_PREFERRED) { Log.v(TAG, "Figuring out best match..."); } final int N = query.size(); for (int j=0; j match) { match = ri.match; } } if (DEBUG_PREFERRED) { Log.v(TAG, "Best match: 0x" + Integer.toHexString(match)); } match &= IntentFilter.MATCH_CATEGORY_MASK; final int M = prefs.size(); for (int i=0; i queryIntentActivities(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "query intent activities"); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { final List list = new ArrayList(1); final ActivityInfo ai = getActivityInfo(comp, flags, userId); if (ai != null) { final ResolveInfo ri = new ResolveInfo(); ri.activityInfo = ai; list.add(ri); } return list; } // reader synchronized (mPackages) { final String pkgName = intent.getPackage(); if (pkgName == null) { return mActivities.queryIntent(intent, resolvedType, flags, userId); } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return mActivities.queryIntentForPackage(intent, resolvedType, flags, pkg.activities, userId); } return new ArrayList(); } } @Override public List queryIntentActivityOptions(ComponentName caller, Intent[] specifics, String[] specificTypes, Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); enforceCrossUserPermission(Binder.getCallingUid(), userId, false, "query intent activity options"); final String resultsAction = intent.getAction(); List results = queryIntentActivities(intent, resolvedType, flags | PackageManager.GET_RESOLVED_FILTER, userId); if (DEBUG_INTENT_MATCHING) { Log.v(TAG, "Query " + intent + ": " + results); } int specificsPos = 0; int N; // todo: note that the algorithm used here is O(N^2). This // isn't a problem in our current environment, but if we start running // into situations where we have more than 5 or 10 matches then this // should probably be changed to something smarter... // First we go through and resolve each of the specific items // that were supplied, taking care of removing any corresponding // duplicate items in the generic resolve list. if (specifics != null) { for (int i=0; i it = rii.filter.actionsIterator(); if (it == null) { continue; } while (it.hasNext()) { final String action = it.next(); if (resultsAction != null && resultsAction.equals(action)) { // If this action was explicitly requested, then don't // remove things that have it. continue; } for (int j=i+1; j queryIntentReceivers(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { List list = new ArrayList(1); ActivityInfo ai = getReceiverInfo(comp, flags, userId); if (ai != null) { ResolveInfo ri = new ResolveInfo(); ri.activityInfo = ai; list.add(ri); } return list; } // reader synchronized (mPackages) { String pkgName = intent.getPackage(); if (pkgName == null) { return mReceivers.queryIntent(intent, resolvedType, flags, userId); } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return mReceivers.queryIntentForPackage(intent, resolvedType, flags, pkg.receivers, userId); } return null; } } @Override public ResolveInfo resolveService(Intent intent, String resolvedType, int flags, int userId) { List query = queryIntentServices(intent, resolvedType, flags, userId); if (!sUserManager.exists(userId)) return null; if (query != null) { if (query.size() >= 1) { // If there is more than one service with the same priority, // just arbitrarily pick the first one. return query.get(0); } } return null; } @Override public List queryIntentServices(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return Collections.emptyList(); ComponentName comp = intent.getComponent(); if (comp == null) { if (intent.getSelector() != null) { intent = intent.getSelector(); comp = intent.getComponent(); } } if (comp != null) { final List list = new ArrayList(1); final ServiceInfo si = getServiceInfo(comp, flags, userId); if (si != null) { final ResolveInfo ri = new ResolveInfo(); ri.serviceInfo = si; list.add(ri); } return list; } // reader synchronized (mPackages) { String pkgName = intent.getPackage(); if (pkgName == null) { return mServices.queryIntent(intent, resolvedType, flags, userId); } final PackageParser.Package pkg = mPackages.get(pkgName); if (pkg != null) { return mServices.queryIntentForPackage(intent, resolvedType, flags, pkg.services, userId); } return null; } } private static final int getContinuationPoint(final String[] keys, final String key) { final int index; if (key == null) { index = 0; } else { final int insertPoint = Arrays.binarySearch(keys, key); if (insertPoint < 0) { index = -insertPoint; } else { index = insertPoint + 1; } } return index; } @Override public ParceledListSlice getInstalledPackages(int flags, String lastRead, int userId) { final ParceledListSlice list = new ParceledListSlice(); final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0; final String[] keys; enforceCrossUserPermission(Binder.getCallingUid(), userId, true, "get installed packages"); // writer synchronized (mPackages) { if (listUninstalled) { keys = mSettings.mPackages.keySet().toArray(new String[mSettings.mPackages.size()]); } else { keys = mPackages.keySet().toArray(new String[mPackages.size()]); } Arrays.sort(keys); int i = getContinuationPoint(keys, lastRead); final int N = keys.length; while (i < N) { final String packageName = keys[i++]; PackageInfo pi = null; if (listUninstalled) { final PackageSetting ps = mSettings.mPackages.get(packageName); if (ps != null) { pi = generatePackageInfoFromSettingsLPw(ps.name, flags, userId); } } else { final PackageParser.Package p = mPackages.get(packageName); if (p != null) { pi = generatePackageInfo(p, flags, userId); } } if (pi != null && list.append(pi)) { break; } } if (i == N) { list.setLastSlice(true); } } return list; } @Override public ParceledListSlice getInstalledApplications(int flags, String lastRead, int userId) { if (!sUserManager.exists(userId)) return null; final ParceledListSlice list = new ParceledListSlice(); final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0; final String[] keys; // writer synchronized (mPackages) { if (listUninstalled) { keys = mSettings.mPackages.keySet().toArray(new String[mSettings.mPackages.size()]); } else { keys = mPackages.keySet().toArray(new String[mPackages.size()]); } Arrays.sort(keys); int i = getContinuationPoint(keys, lastRead); final int N = keys.length; while (i < N) { final String packageName = keys[i++]; ApplicationInfo ai = null; final PackageSetting ps = mSettings.mPackages.get(packageName); if (listUninstalled) { if (ps != null) { ai = generateApplicationInfoFromSettingsLPw(ps.name, flags, userId); } } else { final PackageParser.Package p = mPackages.get(packageName); if (p != null && ps != null) { ai = PackageParser.generateApplicationInfo(p, flags, ps.readUserState(userId), userId); } } if (ai != null && list.append(ai)) { break; } } if (i == N) { list.setLastSlice(true); } } return list; } public List getPersistentApplications(int flags) { final ArrayList finalList = new ArrayList(); // reader synchronized (mPackages) { final Iterator i = mPackages.values().iterator(); final int userId = UserHandle.getCallingUserId(); while (i.hasNext()) { final PackageParser.Package p = i.next(); if (p.applicationInfo != null && (p.applicationInfo.flags&ApplicationInfo.FLAG_PERSISTENT) != 0 && (!mSafeMode || isSystemApp(p))) { PackageSetting ps = mSettings.mPackages.get(p.packageName); if (ps != null) { ApplicationInfo ai = PackageParser.generateApplicationInfo(p, flags, ps.readUserState(userId), userId); if (ai != null) { finalList.add(ai); } } } } } return finalList; } @Override public ProviderInfo resolveContentProvider(String name, int flags, int userId) { if (!sUserManager.exists(userId)) return null; // reader synchronized (mPackages) { final PackageParser.Provider provider = mProviders.get(name); PackageSetting ps = provider != null ? mSettings.mPackages.get(provider.owner.packageName) : null; return ps != null && mSettings.isEnabledLPr(provider.info, flags, userId) && (!mSafeMode || (provider.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) != 0) ? PackageParser.generateProviderInfo(provider, flags, ps.readUserState(userId), userId) : null; } } /** * @deprecated */ @Deprecated public void querySyncProviders(List outNames, List outInfo) { // reader synchronized (mPackages) { final Iterator> i = mProviders.entrySet() .iterator(); final int userId = UserHandle.getCallingUserId(); while (i.hasNext()) { Map.Entry entry = i.next(); PackageParser.Provider p = entry.getValue(); PackageSetting ps = mSettings.mPackages.get(p.owner.packageName); if (ps != null && p.syncable && (!mSafeMode || (p.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) != 0)) { ProviderInfo info = PackageParser.generateProviderInfo(p, 0, ps.readUserState(userId), userId); if (info != null) { outNames.add(entry.getKey()); outInfo.add(info); } } } } } public List queryContentProviders(String processName, int uid, int flags) { ArrayList finalList = null; // reader synchronized (mPackages) { final Iterator i = mProvidersByComponent.values().iterator(); final int userId = processName != null ? UserHandle.getUserId(uid) : UserHandle.getCallingUserId(); while (i.hasNext()) { final PackageParser.Provider p = i.next(); PackageSetting ps = mSettings.mPackages.get(p.owner.packageName); if (ps != null && p.info.authority != null && (processName == null || (p.info.processName.equals(processName) && UserHandle.isSameApp(p.info.applicationInfo.uid, uid))) && mSettings.isEnabledLPr(p.info, flags, userId) && (!mSafeMode || (p.info.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0)) { if (finalList == null) { finalList = new ArrayList(3); } ProviderInfo info = PackageParser.generateProviderInfo(p, flags, ps.readUserState(userId), userId); if (info != null) { finalList.add(info); } } } } if (finalList != null) { Collections.sort(finalList, mProviderInitOrderSorter); } return finalList; } public InstrumentationInfo getInstrumentationInfo(ComponentName name, int flags) { // reader synchronized (mPackages) { final PackageParser.Instrumentation i = mInstrumentation.get(name); return PackageParser.generateInstrumentationInfo(i, flags); } } public List queryInstrumentation(String targetPackage, int flags) { ArrayList finalList = new ArrayList(); // reader synchronized (mPackages) { final Iterator i = mInstrumentation.values().iterator(); while (i.hasNext()) { final PackageParser.Instrumentation p = i.next(); if (targetPackage == null || targetPackage.equals(p.info.targetPackage)) { InstrumentationInfo ii = PackageParser.generateInstrumentationInfo(p, flags); if (ii != null) { finalList.add(ii); } } } } return finalList; } private void scanDirLI(File dir, int flags, int scanMode, long currentTime) { String[] files = dir.list(); if (files == null) { Log.d(TAG, "No files in app dir " + dir); return; } if (DEBUG_PACKAGE_SCANNING) { Log.d(TAG, "Scanning app dir " + dir); } int i; for (i=0; i pkgs = null; synchronized (mPackages) { if (mDeferredDexOpt.size() > 0) { pkgs = new ArrayList(mDeferredDexOpt); mDeferredDexOpt.clear(); } } if (pkgs != null) { for (int i=0; i 0) { pkg.usesLibraryFiles = new String[num]; System.arraycopy(mTmpSharedLibraries, 0, pkg.usesLibraryFiles, 0, num); } } if (pkg.mSharedUserId != null) { suid = mSettings.getSharedUserLPw(pkg.mSharedUserId, pkg.applicationInfo.flags, true); if (suid == null) { Slog.w(TAG, "Creating application package " + pkg.packageName + " for shared user failed"); mLastScanError = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; return null; } if (DEBUG_PACKAGE_SCANNING) { if ((parseFlags & PackageParser.PARSE_CHATTY) != 0) Log.d(TAG, "Shared UserID " + pkg.mSharedUserId + " (uid=" + suid.userId + "): packages=" + suid.packages); } } // Check if we are renaming from an original package name. PackageSetting origPackage = null; String realName = null; if (pkg.mOriginalPackages != null) { // This package may need to be renamed to a previously // installed name. Let's check on that... final String renamed = mSettings.mRenamedPackages.get(pkg.mRealPackage); if (pkg.mOriginalPackages.contains(renamed)) { // This package had originally been installed as the // original name, and we have already taken care of // transitioning to the new one. Just update the new // one to continue using the old name. realName = pkg.mRealPackage; if (!pkg.packageName.equals(renamed)) { // Callers into this function may have already taken // care of renaming the package; only do it here if // it is not already done. pkg.setPackageName(renamed); } } else { for (int i=pkg.mOriginalPackages.size()-1; i>=0; i--) { if ((origPackage = mSettings.peekPackageLPr( pkg.mOriginalPackages.get(i))) != null) { // We do have the package already installed under its // original name... should we use it? if (!verifyPackageUpdateLPr(origPackage, pkg)) { // New package is not compatible with original. origPackage = null; continue; } else if (origPackage.sharedUser != null) { // Make sure uid is compatible between packages. if (!origPackage.sharedUser.name.equals(pkg.mSharedUserId)) { Slog.w(TAG, "Unable to migrate data from " + origPackage.name + " to " + pkg.packageName + ": old uid " + origPackage.sharedUser.name + " differs from " + pkg.mSharedUserId); origPackage = null; continue; } } else { if (DEBUG_UPGRADE) Log.v(TAG, "Renaming new package " + pkg.packageName + " to old name " + origPackage.name); } break; } } } } if (mTransferedPackages.contains(pkg.packageName)) { Slog.w(TAG, "Package " + pkg.packageName + " was transferred to another, but its .apk remains"); } // Just create the setting, don't add it yet. For already existing packages // the PkgSetting exists already and doesn't have to be created. pkgSetting = mSettings.getPackageLPw(pkg, origPackage, realName, suid, destCodeFile, destResourceFile, pkg.applicationInfo.nativeLibraryDir, pkg.applicationInfo.flags, user, false); if (pkgSetting == null) { Slog.w(TAG, "Creating application package " + pkg.packageName + " failed"); mLastScanError = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; return null; } if (pkgSetting.origPackage != null) { // If we are first transitioning from an original package, // fix up the new package's name now. We need to do this after // looking up the package under its new name, so getPackageLP // can take care of fiddling things correctly. pkg.setPackageName(origPackage.name); // File a report about this. String msg = "New package " + pkgSetting.realName + " renamed to replace old package " + pkgSetting.name; reportSettingsProblem(Log.WARN, msg); // Make a note of it. mTransferedPackages.add(origPackage.name); // No longer need to retain this. pkgSetting.origPackage = null; } if (realName != null) { // Make a note of it. mTransferedPackages.add(pkg.packageName); } if (mSettings.isDisabledSystemPackageLPr(pkg.packageName)) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; } pkg.applicationInfo.uid = pkgSetting.appId; pkg.mExtras = pkgSetting; if (!verifySignaturesLP(pkgSetting, pkg)) { if ((parseFlags&PackageParser.PARSE_IS_SYSTEM_DIR) == 0) { return null; } // The signature has changed, but this package is in the system // image... let's recover! pkgSetting.signatures.mSignatures = pkg.mSignatures; // However... if this package is part of a shared user, but it // doesn't match the signature of the shared user, let's fail. // What this means is that you can't change the signatures // associated with an overall shared user, which doesn't seem all // that unreasonable. if (pkgSetting.sharedUser != null) { if (compareSignatures(pkgSetting.sharedUser.signatures.mSignatures, pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) { Log.w(TAG, "Signature mismatch for shared user : " + pkgSetting.sharedUser); mLastScanError = PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES; return null; } } // File a report about this. String msg = "System package " + pkg.packageName + " signature changed; retaining data."; reportSettingsProblem(Log.WARN, msg); } // Verify that this new package doesn't have any content providers // that conflict with existing packages. Only do this if the // package isn't already installed, since we don't want to break // things that are installed. if ((scanMode&SCAN_NEW_INSTALL) != 0) { final int N = pkg.providers.size(); int i; for (i=0; i= 0; i--) { final String origName = pkg.mAdoptPermissions.get(i); final PackageSetting orig = mSettings.peekPackageLPr(origName); if (orig != null) { if (verifyPackageUpdateLPr(orig, pkg)) { Slog.i(TAG, "Adopting permissions from " + origName + " to " + pkg.packageName); mSettings.transferPermissionsLPw(origName, pkg.packageName); } } } } } final String pkgName = pkg.packageName; final long scanFileTime = scanFile.lastModified(); final boolean forceDex = (scanMode&SCAN_FORCE_DEX) != 0; pkg.applicationInfo.processName = fixProcessName( pkg.applicationInfo.packageName, pkg.applicationInfo.processName, pkg.applicationInfo.uid); File dataPath; if (mPlatformPackage == pkg) { // The system package is special. dataPath = new File (Environment.getDataDirectory(), "system"); pkg.applicationInfo.dataDir = dataPath.getPath(); } else { // This is a normal package, need to make its data directory. dataPath = getDataPathForPackage(pkg.packageName, 0); boolean uidError = false; if (dataPath.exists()) { int currentUid = 0; try { StructStat stat = Libcore.os.stat(dataPath.getPath()); currentUid = stat.st_uid; } catch (ErrnoException e) { Slog.e(TAG, "Couldn't stat path " + dataPath.getPath(), e); } // If we have mismatched owners for the data path, we have a problem. if (currentUid != pkg.applicationInfo.uid) { boolean recovered = false; if (currentUid == 0) { // The directory somehow became owned by root. Wow. // This is probably because the system was stopped while // installd was in the middle of messing with its libs // directory. Ask installd to fix that. int ret = mInstaller.fixUid(pkgName, pkg.applicationInfo.uid, pkg.applicationInfo.uid); if (ret >= 0) { recovered = true; String msg = "Package " + pkg.packageName + " unexpectedly changed to uid 0; recovered to " + + pkg.applicationInfo.uid; reportSettingsProblem(Log.WARN, msg); } } if (!recovered && ((parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0 || (scanMode&SCAN_BOOTING) != 0)) { // If this is a system app, we can at least delete its // current data so the application will still work. int ret = removeDataDirsLI(pkgName); if (ret >= 0) { // TODO: Kill the processes first // Old data gone! String prefix = (parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0 ? "System package " : "Third party package "; String msg = prefix + pkg.packageName + " has changed from uid: " + currentUid + " to " + pkg.applicationInfo.uid + "; old data erased"; reportSettingsProblem(Log.WARN, msg); recovered = true; // And now re-install the app. ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid); if (ret == -1) { // Ack should not happen! msg = prefix + pkg.packageName + " could not have data directory re-created after delete."; reportSettingsProblem(Log.WARN, msg); mLastScanError = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; return null; } } if (!recovered) { mHasSystemUidErrors = true; } } else if (!recovered) { // If we allow this install to proceed, we will be broken. // Abort, abort! mLastScanError = PackageManager.INSTALL_FAILED_UID_CHANGED; return null; } if (!recovered) { pkg.applicationInfo.dataDir = "/mismatched_uid/settings_" + pkg.applicationInfo.uid + "/fs_" + currentUid; pkg.applicationInfo.nativeLibraryDir = pkg.applicationInfo.dataDir; String msg = "Package " + pkg.packageName + " has mismatched uid: " + currentUid + " on disk, " + pkg.applicationInfo.uid + " in settings"; // writer synchronized (mPackages) { mSettings.mReadMessages.append(msg); mSettings.mReadMessages.append('\n'); uidError = true; if (!pkgSetting.uidError) { reportSettingsProblem(Log.ERROR, msg); } } } } pkg.applicationInfo.dataDir = dataPath.getPath(); } else { if (DEBUG_PACKAGE_SCANNING) { if ((parseFlags & PackageParser.PARSE_CHATTY) != 0) Log.v(TAG, "Want this data dir: " + dataPath); } //invoke installer to do the actual installation int ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid); if (ret < 0) { // Error from installer mLastScanError = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; return null; } if (dataPath.exists()) { pkg.applicationInfo.dataDir = dataPath.getPath(); } else { Slog.w(TAG, "Unable to create data directory: " + dataPath); pkg.applicationInfo.dataDir = null; } } /* * Set the data dir to the default "/data/data//lib" * if we got here without anyone telling us different (e.g., apps * stored on SD card have their native libraries stored in the ASEC * container with the APK). * * This happens during an upgrade from a package settings file that * doesn't have a native library path attribute at all. */ if (pkg.applicationInfo.nativeLibraryDir == null && pkg.applicationInfo.dataDir != null) { if (pkgSetting.nativeLibraryPathString == null) { setInternalAppNativeLibraryPath(pkg, pkgSetting); } else { pkg.applicationInfo.nativeLibraryDir = pkgSetting.nativeLibraryPathString; } } pkgSetting.uidError = uidError; } String path = scanFile.getPath(); /* Note: We don't want to unpack the native binaries for * system applications, unless they have been updated * (the binaries are already under /system/lib). * Also, don't unpack libs for apps on the external card * since they should have their libraries in the ASEC * container already. * * In other words, we're going to unpack the binaries * only for non-system apps and system app upgrades. */ if (pkg.applicationInfo.nativeLibraryDir != null) { try { File nativeLibraryDir = new File(pkg.applicationInfo.nativeLibraryDir); final String dataPathString = dataPath.getCanonicalPath(); if (isSystemApp(pkg) && !isUpdatedSystemApp(pkg)) { /* * Upgrading from a previous version of the OS sometimes * leaves native libraries in the /data/data//lib * directory for system apps even when they shouldn't be. * Recent changes in the JNI library search path * necessitates we remove those to match previous behavior. */ if (NativeLibraryHelper.removeNativeBinariesFromDirLI(nativeLibraryDir)) { Log.i(TAG, "removed obsolete native libraries for system package " + path); } } else { if (!isForwardLocked(pkg) && !isExternal(pkg)) { /* * Update native library dir if it starts with * /data/data */ if (nativeLibraryDir.getPath().startsWith(dataPathString)) { setInternalAppNativeLibraryPath(pkg, pkgSetting); nativeLibraryDir = new File(pkg.applicationInfo.nativeLibraryDir); } try { if (copyNativeLibrariesForInternalApp(scanFile, nativeLibraryDir) != PackageManager.INSTALL_SUCCEEDED) { Slog.e(TAG, "Unable to copy native libraries"); mLastScanError = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; return null; } } catch (IOException e) { Slog.e(TAG, "Unable to copy native libraries", e); mLastScanError = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; return null; } } Slog.i(TAG, "Linking native library dir for " + path); final int[] userIds = sUserManager.getUserIds(); synchronized (mInstallLock) { for (int userId : userIds) { if (mInstaller.linkNativeLibraryDirectory(pkg.packageName, pkg.applicationInfo.nativeLibraryDir, userId) < 0) { Slog.w(TAG, "Failed linking native library dir (user=" + userId + ")"); mLastScanError = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; return null; } } } } } catch (IOException ioe) { Slog.e(TAG, "Unable to get canonical file " + ioe.toString()); } } pkg.mScanPath = path; if ((scanMode&SCAN_NO_DEX) == 0) { if (performDexOptLI(pkg, forceDex, (scanMode&SCAN_DEFER_DEX) != 0) == DEX_OPT_FAILED) { mLastScanError = PackageManager.INSTALL_FAILED_DEXOPT; return null; } } if (mFactoryTest && pkg.requestedPermissions.contains( android.Manifest.permission.FACTORY_TEST)) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_FACTORY_TEST; } // Request the ActivityManager to kill the process(only for existing packages) // so that we do not end up in a confused state while the user is still using the older // version of the application while the new one gets installed. if ((parseFlags & PackageManager.INSTALL_REPLACE_EXISTING) != 0) { killApplication(pkg.applicationInfo.packageName, pkg.applicationInfo.uid); } // writer synchronized (mPackages) { // We don't expect installation to fail beyond this point, if ((scanMode&SCAN_MONITOR) != 0) { mAppDirs.put(pkg.mPath, pkg); } // Add the new setting to mSettings mSettings.insertPackageSettingLPw(pkgSetting, pkg); // Add the new setting to mPackages mPackages.put(pkg.applicationInfo.packageName, pkg); // Make sure we don't accidentally delete its data. final Iterator iter = mSettings.mPackagesToBeCleaned.iterator(); while (iter.hasNext()) { PackageCleanItem item = iter.next(); if (pkgName.equals(item.packageName)) { iter.remove(); } } // Take care of first install / last update times. if (currentTime != 0) { if (pkgSetting.firstInstallTime == 0) { pkgSetting.firstInstallTime = pkgSetting.lastUpdateTime = currentTime; } else if ((scanMode&SCAN_UPDATE_TIME) != 0) { pkgSetting.lastUpdateTime = currentTime; } } else if (pkgSetting.firstInstallTime == 0) { // We need *something*. Take time time stamp of the file. pkgSetting.firstInstallTime = pkgSetting.lastUpdateTime = scanFileTime; } else if ((parseFlags&PackageParser.PARSE_IS_SYSTEM_DIR) != 0) { if (scanFileTime != pkgSetting.timeStamp) { // A package on the system image has changed; consider this // to be an update. pkgSetting.lastUpdateTime = scanFileTime; } } int N = pkg.providers.size(); StringBuilder r = null; int i; for (i=0; i permissionMap = p.tree ? mSettings.mPermissionTrees : mSettings.mPermissions; p.group = mPermissionGroups.get(p.info.group); if (p.info.group == null || p.group != null) { BasePermission bp = permissionMap.get(p.info.name); if (bp == null) { bp = new BasePermission(p.info.name, p.info.packageName, BasePermission.TYPE_NORMAL); permissionMap.put(p.info.name, bp); } if (bp.perm == null) { if (bp.sourcePackage == null || bp.sourcePackage.equals(p.info.packageName)) { BasePermission tree = findPermissionTreeLP(p.info.name); if (tree == null || tree.sourcePackage.equals(p.info.packageName)) { bp.packageSetting = pkgSetting; bp.perm = p; bp.uid = pkg.applicationInfo.uid; if ((parseFlags&PackageParser.PARSE_CHATTY) != 0) { if (r == null) { r = new StringBuilder(256); } else { r.append(' '); } r.append(p.info.name); } } else { Slog.w(TAG, "Permission " + p.info.name + " from package " + p.info.packageName + " ignored: base tree " + tree.name + " is from package " + tree.sourcePackage); } } else { Slog.w(TAG, "Permission " + p.info.name + " from package " + p.info.packageName + " ignored: original from " + bp.sourcePackage); } } else if ((parseFlags&PackageParser.PARSE_CHATTY) != 0) { if (r == null) { r = new StringBuilder(256); } else { r.append(' '); } r.append("DUP:"); r.append(p.info.name); } if (bp.perm == p) { bp.protectionLevel = p.info.protectionLevel; } } else { Slog.w(TAG, "Permission " + p.info.name + " from package " + p.info.packageName + " ignored: no group " + p.group); } } if (r != null) { if (DEBUG_PACKAGE_SCANNING) Log.d(TAG, " Permissions: " + r); } N = pkg.instrumentation.size(); r = null; for (i=0; i=0; i--) { if (pkgInfo.permissions.get(i).info.name.equals(perm)) { return true; } } return false; } static final int UPDATE_PERMISSIONS_ALL = 1<<0; static final int UPDATE_PERMISSIONS_REPLACE_PKG = 1<<1; static final int UPDATE_PERMISSIONS_REPLACE_ALL = 1<<2; private void updatePermissionsLPw(String changingPkg, PackageParser.Package pkgInfo, int flags) { // Make sure there are no dangling permission trees. Iterator it = mSettings.mPermissionTrees.values().iterator(); while (it.hasNext()) { final BasePermission bp = it.next(); if (bp.packageSetting == null) { // We may not yet have parsed the package, so just see if // we still know about its settings. bp.packageSetting = mSettings.mPackages.get(bp.sourcePackage); } if (bp.packageSetting == null) { Slog.w(TAG, "Removing dangling permission tree: " + bp.name + " from package " + bp.sourcePackage); it.remove(); } else if (changingPkg != null && changingPkg.equals(bp.sourcePackage)) { if (pkgInfo == null || !hasPermission(pkgInfo, bp.name)) { Slog.i(TAG, "Removing old permission tree: " + bp.name + " from package " + bp.sourcePackage); flags |= UPDATE_PERMISSIONS_ALL; it.remove(); } } } // Make sure all dynamic permissions have been assigned to a package, // and make sure there are no dangling permissions. it = mSettings.mPermissions.values().iterator(); while (it.hasNext()) { final BasePermission bp = it.next(); if (bp.type == BasePermission.TYPE_DYNAMIC) { if (DEBUG_SETTINGS) Log.v(TAG, "Dynamic permission: name=" + bp.name + " pkg=" + bp.sourcePackage + " info=" + bp.pendingInfo); if (bp.packageSetting == null && bp.pendingInfo != null) { final BasePermission tree = findPermissionTreeLP(bp.name); if (tree != null && tree.perm != null) { bp.packageSetting = tree.packageSetting; bp.perm = new PackageParser.Permission(tree.perm.owner, new PermissionInfo(bp.pendingInfo)); bp.perm.info.packageName = tree.perm.info.packageName; bp.perm.info.name = bp.name; bp.uid = tree.uid; } } } if (bp.packageSetting == null) { // We may not yet have parsed the package, so just see if // we still know about its settings. bp.packageSetting = mSettings.mPackages.get(bp.sourcePackage); } if (bp.packageSetting == null) { Slog.w(TAG, "Removing dangling permission: " + bp.name + " from package " + bp.sourcePackage); it.remove(); } else if (changingPkg != null && changingPkg.equals(bp.sourcePackage)) { if (pkgInfo == null || !hasPermission(pkgInfo, bp.name)) { Slog.i(TAG, "Removing old permission: " + bp.name + " from package " + bp.sourcePackage); flags |= UPDATE_PERMISSIONS_ALL; it.remove(); } } } // Now update the permissions for all packages, in particular // replace the granted permissions of the system packages. if ((flags&UPDATE_PERMISSIONS_ALL) != 0) { for (PackageParser.Package pkg : mPackages.values()) { if (pkg != pkgInfo) { grantPermissionsLPw(pkg, (flags&UPDATE_PERMISSIONS_REPLACE_ALL) != 0); } } } if (pkgInfo != null) { grantPermissionsLPw(pkgInfo, (flags&UPDATE_PERMISSIONS_REPLACE_PKG) != 0); } } private void grantPermissionsLPw(PackageParser.Package pkg, boolean replace) { final PackageSetting ps = (PackageSetting) pkg.mExtras; if (ps == null) { return; } final GrantedPermissions gp = ps.sharedUser != null ? ps.sharedUser : ps; HashSet origPermissions = gp.grantedPermissions; boolean changedPermission = false; if (replace) { ps.permissionsFixed = false; if (gp == ps) { origPermissions = new HashSet(gp.grantedPermissions); gp.grantedPermissions.clear(); gp.gids = mGlobalGids; } } if (gp.gids == null) { gp.gids = mGlobalGids; } final int N = pkg.requestedPermissions.size(); for (int i=0; i { public List queryIntent(Intent intent, String resolvedType, boolean defaultOnly, int userId) { if (!sUserManager.exists(userId)) return null; mFlags = defaultOnly ? PackageManager.MATCH_DEFAULT_ONLY : 0; return super.queryIntent(intent, resolvedType, defaultOnly, userId); } public List queryIntent(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return null; mFlags = flags; return super.queryIntent(intent, resolvedType, (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, userId); } public List queryIntentForPackage(Intent intent, String resolvedType, int flags, ArrayList packageActivities, int userId) { if (!sUserManager.exists(userId)) return null; if (packageActivities == null) { return null; } mFlags = flags; final boolean defaultOnly = (flags&PackageManager.MATCH_DEFAULT_ONLY) != 0; final int N = packageActivities.size(); ArrayList listCut = new ArrayList(N); ArrayList intentFilters; for (int i = 0; i < N; ++i) { intentFilters = packageActivities.get(i).intents; if (intentFilters != null && intentFilters.size() > 0) { PackageParser.ActivityIntentInfo[] array = new PackageParser.ActivityIntentInfo[intentFilters.size()]; intentFilters.toArray(array); listCut.add(array); } } return super.queryIntentFromList(intent, resolvedType, defaultOnly, listCut, userId); } public final void addActivity(PackageParser.Activity a, String type) { final boolean systemApp = isSystemApp(a.info.applicationInfo); mActivities.put(a.getComponentName(), a); if (DEBUG_SHOW_INFO) Log.v( TAG, " " + type + " " + (a.info.nonLocalizedLabel != null ? a.info.nonLocalizedLabel : a.info.name) + ":"); if (DEBUG_SHOW_INFO) Log.v(TAG, " Class=" + a.info.name); final int NI = a.intents.size(); for (int j=0; j 0 && "activity".equals(type)) { intent.setPriority(0); Log.w(TAG, "Package " + a.info.applicationInfo.packageName + " has activity " + a.className + " with priority > 0, forcing to 0"); } if (DEBUG_SHOW_INFO) { Log.v(TAG, " IntentFilter:"); intent.dump(new LogPrinter(Log.VERBOSE, TAG), " "); } if (!intent.debugCheck()) { Log.w(TAG, "==> For Activity " + a.info.name); } addFilter(intent); } } public final void removeActivity(PackageParser.Activity a, String type) { mActivities.remove(a.getComponentName()); if (DEBUG_SHOW_INFO) { Log.v(TAG, " " + type + " " + (a.info.nonLocalizedLabel != null ? a.info.nonLocalizedLabel : a.info.name) + ":"); Log.v(TAG, " Class=" + a.info.name); } final int NI = a.intents.size(); for (int j=0; j dest) { ActivityInfo filterAi = filter.activity.info; for (int i=dest.size()-1; i>=0; i--) { ActivityInfo destAi = dest.get(i).activityInfo; if (destAi.name == filterAi.name && destAi.packageName == filterAi.packageName) { return false; } } return true; } @Override protected ActivityIntentInfo[] newArray(int size) { return new ActivityIntentInfo[size]; } @Override protected boolean isFilterStopped(PackageParser.ActivityIntentInfo filter, int userId) { if (!sUserManager.exists(userId)) return true; PackageParser.Package p = filter.activity.owner; if (p != null) { PackageSetting ps = (PackageSetting)p.mExtras; if (ps != null) { // System apps are never considered stopped for purposes of // filtering, because there may be no way for the user to // actually re-launch them. return (ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0 && ps.getStopped(userId); } } return false; } @Override protected String packageForFilter(PackageParser.ActivityIntentInfo info) { return info.activity.owner.packageName; } @Override protected ResolveInfo newResult(PackageParser.ActivityIntentInfo info, int match, int userId) { if (!sUserManager.exists(userId)) return null; if (!mSettings.isEnabledLPr(info.activity.info, mFlags, userId)) { return null; } final PackageParser.Activity activity = info.activity; if (mSafeMode && (activity.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) == 0) { return null; } PackageSetting ps = (PackageSetting) activity.owner.mExtras; if (ps == null) { return null; } ActivityInfo ai = PackageParser.generateActivityInfo(activity, mFlags, ps.readUserState(userId), userId); if (ai == null) { return null; } final ResolveInfo res = new ResolveInfo(); res.activityInfo = ai; if ((mFlags&PackageManager.GET_RESOLVED_FILTER) != 0) { res.filter = info; } res.priority = info.getPriority(); res.preferredOrder = activity.owner.mPreferredOrder; //System.out.println("Result: " + res.activityInfo.className + // " = " + res.priority); res.match = match; res.isDefault = info.hasDefault; res.labelRes = info.labelRes; res.nonLocalizedLabel = info.nonLocalizedLabel; res.icon = info.icon; res.system = isSystemApp(res.activityInfo.applicationInfo); return res; } @Override protected void sortResults(List results) { Collections.sort(results, mResolvePrioritySorter); } @Override protected void dumpFilter(PrintWriter out, String prefix, PackageParser.ActivityIntentInfo filter) { out.print(prefix); out.print( Integer.toHexString(System.identityHashCode(filter.activity))); out.print(' '); out.print(filter.activity.getComponentShortName()); out.print(" filter "); out.println(Integer.toHexString(System.identityHashCode(filter))); } // List filterEnabled(List resolveInfoList) { // final Iterator i = resolveInfoList.iterator(); // final List retList = Lists.newArrayList(); // while (i.hasNext()) { // final ResolveInfo resolveInfo = i.next(); // if (isEnabledLP(resolveInfo.activityInfo)) { // retList.add(resolveInfo); // } // } // return retList; // } // Keys are String (activity class name), values are Activity. private final HashMap mActivities = new HashMap(); private int mFlags; } private final class ServiceIntentResolver extends IntentResolver { public List queryIntent(Intent intent, String resolvedType, boolean defaultOnly, int userId) { mFlags = defaultOnly ? PackageManager.MATCH_DEFAULT_ONLY : 0; return super.queryIntent(intent, resolvedType, defaultOnly, userId); } public List queryIntent(Intent intent, String resolvedType, int flags, int userId) { if (!sUserManager.exists(userId)) return null; mFlags = flags; return super.queryIntent(intent, resolvedType, (flags & PackageManager.MATCH_DEFAULT_ONLY) != 0, userId); } public List queryIntentForPackage(Intent intent, String resolvedType, int flags, ArrayList packageServices, int userId) { if (!sUserManager.exists(userId)) return null; if (packageServices == null) { return null; } mFlags = flags; final boolean defaultOnly = (flags&PackageManager.MATCH_DEFAULT_ONLY) != 0; final int N = packageServices.size(); ArrayList listCut = new ArrayList(N); ArrayList intentFilters; for (int i = 0; i < N; ++i) { intentFilters = packageServices.get(i).intents; if (intentFilters != null && intentFilters.size() > 0) { PackageParser.ServiceIntentInfo[] array = new PackageParser.ServiceIntentInfo[intentFilters.size()]; intentFilters.toArray(array); listCut.add(array); } } return super.queryIntentFromList(intent, resolvedType, defaultOnly, listCut, userId); } public final void addService(PackageParser.Service s) { mServices.put(s.getComponentName(), s); if (DEBUG_SHOW_INFO) { Log.v(TAG, " " + (s.info.nonLocalizedLabel != null ? s.info.nonLocalizedLabel : s.info.name) + ":"); Log.v(TAG, " Class=" + s.info.name); } final int NI = s.intents.size(); int j; for (j=0; j For Service " + s.info.name); } addFilter(intent); } } public final void removeService(PackageParser.Service s) { mServices.remove(s.getComponentName()); if (DEBUG_SHOW_INFO) { Log.v(TAG, " " + (s.info.nonLocalizedLabel != null ? s.info.nonLocalizedLabel : s.info.name) + ":"); Log.v(TAG, " Class=" + s.info.name); } final int NI = s.intents.size(); int j; for (j=0; j dest) { ServiceInfo filterSi = filter.service.info; for (int i=dest.size()-1; i>=0; i--) { ServiceInfo destAi = dest.get(i).serviceInfo; if (destAi.name == filterSi.name && destAi.packageName == filterSi.packageName) { return false; } } return true; } @Override protected PackageParser.ServiceIntentInfo[] newArray(int size) { return new PackageParser.ServiceIntentInfo[size]; } @Override protected boolean isFilterStopped(PackageParser.ServiceIntentInfo filter, int userId) { if (!sUserManager.exists(userId)) return true; PackageParser.Package p = filter.service.owner; if (p != null) { PackageSetting ps = (PackageSetting)p.mExtras; if (ps != null) { // System apps are never considered stopped for purposes of // filtering, because there may be no way for the user to // actually re-launch them. return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) == 0 && ps.getStopped(userId); } } return false; } @Override protected String packageForFilter(PackageParser.ServiceIntentInfo info) { return info.service.owner.packageName; } @Override protected ResolveInfo newResult(PackageParser.ServiceIntentInfo filter, int match, int userId) { if (!sUserManager.exists(userId)) return null; final PackageParser.ServiceIntentInfo info = (PackageParser.ServiceIntentInfo)filter; if (!mSettings.isEnabledLPr(info.service.info, mFlags, userId)) { return null; } final PackageParser.Service service = info.service; if (mSafeMode && (service.info.applicationInfo.flags &ApplicationInfo.FLAG_SYSTEM) == 0) { return null; } PackageSetting ps = (PackageSetting) service.owner.mExtras; if (ps == null) { return null; } ServiceInfo si = PackageParser.generateServiceInfo(service, mFlags, ps.readUserState(userId), userId); if (si == null) { return null; } final ResolveInfo res = new ResolveInfo(); res.serviceInfo = si; if ((mFlags&PackageManager.GET_RESOLVED_FILTER) != 0) { res.filter = filter; } res.priority = info.getPriority(); res.preferredOrder = service.owner.mPreferredOrder; //System.out.println("Result: " + res.activityInfo.className + // " = " + res.priority); res.match = match; res.isDefault = info.hasDefault; res.labelRes = info.labelRes; res.nonLocalizedLabel = info.nonLocalizedLabel; res.icon = info.icon; res.system = isSystemApp(res.serviceInfo.applicationInfo); return res; } @Override protected void sortResults(List results) { Collections.sort(results, mResolvePrioritySorter); } @Override protected void dumpFilter(PrintWriter out, String prefix, PackageParser.ServiceIntentInfo filter) { out.print(prefix); out.print( Integer.toHexString(System.identityHashCode(filter.service))); out.print(' '); out.print(filter.service.getComponentShortName()); out.print(" filter "); out.println(Integer.toHexString(System.identityHashCode(filter))); } // List filterEnabled(List resolveInfoList) { // final Iterator i = resolveInfoList.iterator(); // final List retList = Lists.newArrayList(); // while (i.hasNext()) { // final ResolveInfo resolveInfo = (ResolveInfo) i; // if (isEnabledLP(resolveInfo.serviceInfo)) { // retList.add(resolveInfo); // } // } // return retList; // } // Keys are String (activity class name), values are Activity. private final HashMap mServices = new HashMap(); private int mFlags; }; private static final Comparator mResolvePrioritySorter = new Comparator() { public int compare(ResolveInfo r1, ResolveInfo r2) { int v1 = r1.priority; int v2 = r2.priority; //System.out.println("Comparing: q1=" + q1 + " q2=" + q2); if (v1 != v2) { return (v1 > v2) ? -1 : 1; } v1 = r1.preferredOrder; v2 = r2.preferredOrder; if (v1 != v2) { return (v1 > v2) ? -1 : 1; } if (r1.isDefault != r2.isDefault) { return r1.isDefault ? -1 : 1; } v1 = r1.match; v2 = r2.match; //System.out.println("Comparing: m1=" + m1 + " m2=" + m2); if (v1 != v2) { return (v1 > v2) ? -1 : 1; } if (r1.system != r2.system) { return r1.system ? -1 : 1; } return 0; } }; private static final Comparator mProviderInitOrderSorter = new Comparator() { public int compare(ProviderInfo p1, ProviderInfo p2) { final int v1 = p1.initOrder; final int v2 = p2.initOrder; return (v1 > v2) ? -1 : ((v1 < v2) ? 1 : 0); } }; static final void sendPackageBroadcast(String action, String pkg, Bundle extras, String targetPkg, IIntentReceiver finishedReceiver, int[] userIds) { IActivityManager am = ActivityManagerNative.getDefault(); if (am != null) { try { if (userIds == null) { userIds = am.getRunningUserIds(); } for (int id : userIds) { final Intent intent = new Intent(action, pkg != null ? Uri.fromParts("package", pkg, null) : null); if (extras != null) { intent.putExtras(extras); } if (targetPkg != null) { intent.setPackage(targetPkg); } // Modify the UID when posting to other users int uid = intent.getIntExtra(Intent.EXTRA_UID, -1); if (uid > 0 && UserHandle.getUserId(uid) != id) { uid = UserHandle.getUid(id, UserHandle.getAppId(uid)); intent.putExtra(Intent.EXTRA_UID, uid); } intent.putExtra(Intent.EXTRA_USER_HANDLE, id); intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY_BEFORE_BOOT); if (DEBUG_BROADCASTS) { RuntimeException here = new RuntimeException("here"); here.fillInStackTrace(); Slog.d(TAG, "Sending to user " + id + ": " + intent.toShortString(false, true, false, false) + " " + intent.getExtras(), here); } am.broadcastIntent(null, intent, null, finishedReceiver, 0, null, null, null, finishedReceiver != null, false, id); } } catch (RemoteException ex) { } } } /** * Check if the external storage media is available. This is true if there * is a mounted external storage medium or if the external storage is * emulated. */ private boolean isExternalMediaAvailable() { return mMediaMounted || Environment.isExternalStorageEmulated(); } public PackageCleanItem nextPackageToClean(PackageCleanItem lastPackage) { // writer synchronized (mPackages) { if (!isExternalMediaAvailable()) { // If the external storage is no longer mounted at this point, // the caller may not have been able to delete all of this // packages files and can not delete any more. Bail. return null; } final ArrayList pkgs = mSettings.mPackagesToBeCleaned; if (lastPackage != null) { pkgs.remove(lastPackage); } if (pkgs.size() > 0) { return pkgs.get(0); } } return null; } void schedulePackageCleaning(String packageName, int userId, boolean andCode) { if (false) { RuntimeException here = new RuntimeException("here"); here.fillInStackTrace(); Slog.d(TAG, "Schedule cleaning " + packageName + " user=" + userId + " andCode=" + andCode, here); } mHandler.sendMessage(mHandler.obtainMessage(START_CLEANING_PACKAGE, userId, andCode ? 1 : 0, packageName)); } void startCleaningPackages() { // reader synchronized (mPackages) { if (!isExternalMediaAvailable()) { return; } if (mSettings.mPackagesToBeCleaned.isEmpty()) { return; } } Intent intent = new Intent(PackageManager.ACTION_CLEAN_EXTERNAL_STORAGE); intent.setComponent(DEFAULT_CONTAINER_COMPONENT); IActivityManager am = ActivityManagerNative.getDefault(); if (am != null) { try { am.startService(null, intent, null, UserHandle.USER_OWNER); } catch (RemoteException e) { } } } private final class AppDirObserver extends FileObserver { public AppDirObserver(String path, int mask, boolean isrom) { super(path, mask); mRootDir = path; mIsRom = isrom; } public void onEvent(int event, String path) { String removedPackage = null; int removedAppId = -1; int[] removedUsers = null; String addedPackage = null; int addedAppId = -1; int[] addedUsers = null; // TODO post a message to the handler to obtain serial ordering synchronized (mInstallLock) { String fullPathStr = null; File fullPath = null; if (path != null) { fullPath = new File(mRootDir, path); fullPathStr = fullPath.getPath(); } if (DEBUG_APP_DIR_OBSERVER) Log.v(TAG, "File " + fullPathStr + " changed: " + Integer.toHexString(event)); if (!isPackageFilename(path)) { if (DEBUG_APP_DIR_OBSERVER) Log.v(TAG, "Ignoring change of non-package file: " + fullPathStr); return; } // Ignore packages that are being installed or // have just been installed. if (ignoreCodePath(fullPathStr)) { return; } PackageParser.Package p = null; PackageSetting ps = null; // reader synchronized (mPackages) { p = mAppDirs.get(fullPathStr); if (p != null) { ps = mSettings.mPackages.get(p.applicationInfo.packageName); if (ps != null) { removedUsers = ps.queryInstalledUsers(sUserManager.getUserIds(), true); } else { removedUsers = sUserManager.getUserIds(); } } addedUsers = sUserManager.getUserIds(); } if ((event&REMOVE_EVENTS) != 0) { if (ps != null) { removePackageLI(ps, true); removedPackage = ps.name; removedAppId = ps.appId; } } if ((event&ADD_EVENTS) != 0) { if (p == null) { p = scanPackageLI(fullPath, (mIsRom ? PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR: 0) | PackageParser.PARSE_CHATTY | PackageParser.PARSE_MUST_BE_APK, SCAN_MONITOR | SCAN_NO_PATHS | SCAN_UPDATE_TIME, System.currentTimeMillis(), UserHandle.ALL); if (p != null) { /* * TODO this seems dangerous as the package may have * changed since we last acquired the mPackages * lock. */ // writer synchronized (mPackages) { updatePermissionsLPw(p.packageName, p, p.permissions.size() > 0 ? UPDATE_PERMISSIONS_ALL : 0); } addedPackage = p.applicationInfo.packageName; addedAppId = UserHandle.getAppId(p.applicationInfo.uid); } } } // reader synchronized (mPackages) { mSettings.writeLPr(); } } if (removedPackage != null) { Bundle extras = new Bundle(1); extras.putInt(Intent.EXTRA_UID, removedAppId); extras.putBoolean(Intent.EXTRA_DATA_REMOVED, false); sendPackageBroadcast(Intent.ACTION_PACKAGE_REMOVED, removedPackage, extras, null, null, removedUsers); } if (addedPackage != null) { Bundle extras = new Bundle(1); extras.putInt(Intent.EXTRA_UID, addedAppId); sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, addedPackage, extras, null, null, addedUsers); } } private final String mRootDir; private final boolean mIsRom; } /* Called when a downloaded package installation has been confirmed by the user */ public void installPackage( final Uri packageURI, final IPackageInstallObserver observer, final int flags) { installPackage(packageURI, observer, flags, null); } /* Called when a downloaded package installation has been confirmed by the user */ public void installPackage( final Uri packageURI, final IPackageInstallObserver observer, final int flags, final String installerPackageName) { installPackageWithVerification(packageURI, observer, flags, installerPackageName, null, null, null); } @Override public void installPackageWithVerification(Uri packageURI, IPackageInstallObserver observer, int flags, String installerPackageName, Uri verificationURI, ManifestDigest manifestDigest, ContainerEncryptionParams encryptionParams) { VerificationParams verificationParams = new VerificationParams(verificationURI, null, null, VerificationParams.NO_UID, manifestDigest); installPackageWithVerificationAndEncryption(packageURI, observer, flags, installerPackageName, verificationParams, encryptionParams); } public void installPackageWithVerificationAndEncryption(Uri packageURI, IPackageInstallObserver observer, int flags, String installerPackageName, VerificationParams verificationParams, ContainerEncryptionParams encryptionParams) { mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null); final int uid = Binder.getCallingUid(); UserHandle user; if ((flags&PackageManager.INSTALL_ALL_USERS) != 0) { user = UserHandle.ALL; } else { user = new UserHandle(UserHandle.getUserId(uid)); } final int filteredFlags; if (uid == Process.SHELL_UID || uid == 0) { if (DEBUG_INSTALL) { Slog.v(TAG, "Install from ADB"); } filteredFlags = flags | PackageManager.INSTALL_FROM_ADB; } else { filteredFlags = flags & ~PackageManager.INSTALL_FROM_ADB; } verificationParams.setInstallerUid(uid); final Message msg = mHandler.obtainMessage(INIT_COPY); msg.obj = new InstallParams(packageURI, observer, filteredFlags, installerPackageName, verificationParams, encryptionParams, user); mHandler.sendMessage(msg); } /** * @hide */ @Override public int installExistingPackage(String packageName) { mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null); PackageSetting pkgSetting; final int uid = Binder.getCallingUid(); final int userId = UserHandle.getUserId(uid); long callingId = Binder.clearCallingIdentity(); try { boolean sendAdded = false; Bundle extras = new Bundle(1); // writer synchronized (mPackages) { pkgSetting = mSettings.mPackages.get(packageName); if (pkgSetting == null) { return PackageManager.INSTALL_FAILED_INVALID_URI; } if (!pkgSetting.getInstalled(userId)) { pkgSetting.setInstalled(true, userId); mSettings.writePackageRestrictionsLPr(userId); extras.putInt(Intent.EXTRA_UID, UserHandle.getUid(userId, pkgSetting.appId)); sendAdded = true; } } if (sendAdded) { sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName, extras, null, null, new int[] {userId}); } } finally { Binder.restoreCallingIdentity(callingId); } return PackageManager.INSTALL_SUCCEEDED; } @Override public void verifyPendingInstall(int id, int verificationCode) throws RemoteException { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, "Only package verification agents can verify applications"); final Message msg = mHandler.obtainMessage(PACKAGE_VERIFIED); final PackageVerificationResponse response = new PackageVerificationResponse( verificationCode, Binder.getCallingUid()); msg.arg1 = id; msg.obj = response; mHandler.sendMessage(msg); } @Override public void extendVerificationTimeout(int id, int verificationCodeAtTimeout, long millisecondsToDelay) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, "Only package verification agents can extend verification timeouts"); final PackageVerificationState state = mPendingVerification.get(id); final PackageVerificationResponse response = new PackageVerificationResponse( verificationCodeAtTimeout, Binder.getCallingUid()); if (millisecondsToDelay > PackageManager.MAXIMUM_VERIFICATION_TIMEOUT) { millisecondsToDelay = PackageManager.MAXIMUM_VERIFICATION_TIMEOUT; } if (millisecondsToDelay < 0) { millisecondsToDelay = 0; } if ((verificationCodeAtTimeout != PackageManager.VERIFICATION_ALLOW) && (verificationCodeAtTimeout != PackageManager.VERIFICATION_REJECT)) { verificationCodeAtTimeout = PackageManager.VERIFICATION_REJECT; } if ((state != null) && !state.timeoutExtended()) { state.extendTimeout(); final Message msg = mHandler.obtainMessage(PACKAGE_VERIFIED); msg.arg1 = id; msg.obj = response; mHandler.sendMessageDelayed(msg, millisecondsToDelay); } } private void broadcastPackageVerified(int verificationId, Uri packageUri, int verificationCode, UserHandle user) { final Intent intent = new Intent(Intent.ACTION_PACKAGE_VERIFIED); intent.setDataAndType(packageUri, PACKAGE_MIME_TYPE); intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); intent.putExtra(PackageManager.EXTRA_VERIFICATION_ID, verificationId); intent.putExtra(PackageManager.EXTRA_VERIFICATION_RESULT, verificationCode); mContext.sendBroadcastAsUser(intent, user, android.Manifest.permission.PACKAGE_VERIFICATION_AGENT); } private ComponentName matchComponentForVerifier(String packageName, List receivers) { ActivityInfo targetReceiver = null; final int NR = receivers.size(); for (int i = 0; i < NR; i++) { final ResolveInfo info = receivers.get(i); if (info.activityInfo == null) { continue; } if (packageName.equals(info.activityInfo.packageName)) { targetReceiver = info.activityInfo; break; } } if (targetReceiver == null) { return null; } return new ComponentName(targetReceiver.packageName, targetReceiver.name); } private List matchVerifiers(PackageInfoLite pkgInfo, List receivers, final PackageVerificationState verificationState) { if (pkgInfo.verifiers.length == 0) { return null; } final int N = pkgInfo.verifiers.length; final List sufficientVerifiers = new ArrayList(N + 1); for (int i = 0; i < N; i++) { final VerifierInfo verifierInfo = pkgInfo.verifiers[i]; final ComponentName comp = matchComponentForVerifier(verifierInfo.packageName, receivers); if (comp == null) { continue; } final int verifierUid = getUidForVerifier(verifierInfo); if (verifierUid == -1) { continue; } if (DEBUG_VERIFY) { Slog.d(TAG, "Added sufficient verifier " + verifierInfo.packageName + " with the correct signature"); } sufficientVerifiers.add(comp); verificationState.addSufficientVerifier(verifierUid); } return sufficientVerifiers; } private int getUidForVerifier(VerifierInfo verifierInfo) { synchronized (mPackages) { final PackageParser.Package pkg = mPackages.get(verifierInfo.packageName); if (pkg == null) { return -1; } else if (pkg.mSignatures.length != 1) { Slog.i(TAG, "Verifier package " + verifierInfo.packageName + " has more than one signature; ignoring"); return -1; } /* * If the public key of the package's signature does not match * our expected public key, then this is a different package and * we should skip. */ final byte[] expectedPublicKey; try { final Signature verifierSig = pkg.mSignatures[0]; final PublicKey publicKey = verifierSig.getPublicKey(); expectedPublicKey = publicKey.getEncoded(); } catch (CertificateException e) { return -1; } final byte[] actualPublicKey = verifierInfo.publicKey.getEncoded(); if (!Arrays.equals(actualPublicKey, expectedPublicKey)) { Slog.i(TAG, "Verifier package " + verifierInfo.packageName + " does not have the expected public key; ignoring"); return -1; } return pkg.applicationInfo.uid; } } public void finishPackageInstall(int token) { enforceSystemOrRoot("Only the system is allowed to finish installs"); if (DEBUG_INSTALL) { Slog.v(TAG, "BM finishing package install for " + token); } final Message msg = mHandler.obtainMessage(POST_INSTALL, token, 0); mHandler.sendMessage(msg); } /** * Get the verification agent timeout. * * @return verification timeout in milliseconds */ private long getVerificationTimeout() { return android.provider.Settings.Global.getLong(mContext.getContentResolver(), android.provider.Settings.Global.PACKAGE_VERIFIER_TIMEOUT, DEFAULT_VERIFICATION_TIMEOUT); } /** * Get the default verification agent response code. * * @return default verification response code */ private int getDefaultVerificationResponse() { return android.provider.Settings.Global.getInt(mContext.getContentResolver(), android.provider.Settings.Global.PACKAGE_VERIFIER_DEFAULT_RESPONSE, DEFAULT_VERIFICATION_RESPONSE); } /** * Check whether or not package verification has been enabled. * * @return true if verification should be performed */ private boolean isVerificationEnabled(int flags) { if (!DEFAULT_VERIFY_ENABLE) { return false; } // Check if installing from ADB if ((flags & PackageManager.INSTALL_FROM_ADB) != 0) { // Do not run verification in a test harness environment if (ActivityManager.isRunningInTestHarness()) { return false; } // Check if the developer does not want package verification for ADB installs if (android.provider.Settings.Global.getInt(mContext.getContentResolver(), android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, 1) == 0) { return false; } } return android.provider.Settings.Global.getInt(mContext.getContentResolver(), android.provider.Settings.Global.PACKAGE_VERIFIER_ENABLE, 1) == 1; } /** * Get the "allow unknown sources" setting. * * @return the current "allow unknown sources" setting */ private int getUnknownSourcesSettings() { return android.provider.Settings.Global.getInt(mContext.getContentResolver(), android.provider.Settings.Global.INSTALL_NON_MARKET_APPS, -1); } public void setInstallerPackageName(String targetPackage, String installerPackageName) { final int uid = Binder.getCallingUid(); // writer synchronized (mPackages) { PackageSetting targetPackageSetting = mSettings.mPackages.get(targetPackage); if (targetPackageSetting == null) { throw new IllegalArgumentException("Unknown target package: " + targetPackage); } PackageSetting installerPackageSetting; if (installerPackageName != null) { installerPackageSetting = mSettings.mPackages.get(installerPackageName); if (installerPackageSetting == null) { throw new IllegalArgumentException("Unknown installer package: " + installerPackageName); } } else { installerPackageSetting = null; } Signature[] callerSignature; Object obj = mSettings.getUserIdLPr(uid); if (obj != null) { if (obj instanceof SharedUserSetting) { callerSignature = ((SharedUserSetting)obj).signatures.mSignatures; } else if (obj instanceof PackageSetting) { callerSignature = ((PackageSetting)obj).signatures.mSignatures; } else { throw new SecurityException("Bad object " + obj + " for uid " + uid); } } else { throw new SecurityException("Unknown calling uid " + uid); } // Verify: can't set installerPackageName to a package that is // not signed with the same cert as the caller. if (installerPackageSetting != null) { if (compareSignatures(callerSignature, installerPackageSetting.signatures.mSignatures) != PackageManager.SIGNATURE_MATCH) { throw new SecurityException( "Caller does not have same cert as new installer package " + installerPackageName); } } // Verify: if target already has an installer package, it must // be signed with the same cert as the caller. if (targetPackageSetting.installerPackageName != null) { PackageSetting setting = mSettings.mPackages.get( targetPackageSetting.installerPackageName); // If the currently set package isn't valid, then it's always // okay to change it. if (setting != null) { if (compareSignatures(callerSignature, setting.signatures.mSignatures) != PackageManager.SIGNATURE_MATCH) { throw new SecurityException( "Caller does not have same cert as old installer package " + targetPackageSetting.installerPackageName); } } } // Okay! targetPackageSetting.installerPackageName = installerPackageName; scheduleWriteSettingsLocked(); } } private void processPendingInstall(final InstallArgs args, final int currentStatus) { // Queue up an async operation since the package installation may take a little while. mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); // Result object to be returned PackageInstalledInfo res = new PackageInstalledInfo(); res.returnCode = currentStatus; res.uid = -1; res.pkg = null; res.removedInfo = new PackageRemovedInfo(); if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) { args.doPreInstall(res.returnCode); synchronized (mInstallLock) { installPackageLI(args, true, res); } args.doPostInstall(res.returnCode, res.uid); } // A restore should be performed at this point if (a) the install // succeeded, (b) the operation is not an update, and (c) the new // package has a backupAgent defined. final boolean update = res.removedInfo.removedPackage != null; boolean doRestore = (!update && res.pkg != null && res.pkg.applicationInfo.backupAgentName != null); // Set up the post-install work request bookkeeping. This will be used // and cleaned up by the post-install event handling regardless of whether // there's a restore pass performed. Token values are >= 1. int token; if (mNextInstallToken < 0) mNextInstallToken = 1; token = mNextInstallToken++; PostInstallData data = new PostInstallData(args, res); mRunningInstalls.put(token, data); if (DEBUG_INSTALL) Log.v(TAG, "+ starting restore round-trip " + token); if (res.returnCode == PackageManager.INSTALL_SUCCEEDED && doRestore) { // Pass responsibility to the Backup Manager. It will perform a // restore if appropriate, then pass responsibility back to the // Package Manager to run the post-install observer callbacks // and broadcasts. IBackupManager bm = IBackupManager.Stub.asInterface( ServiceManager.getService(Context.BACKUP_SERVICE)); if (bm != null) { if (DEBUG_INSTALL) Log.v(TAG, "token " + token + " to BM for possible restore"); try { bm.restoreAtInstall(res.pkg.applicationInfo.packageName, token); } catch (RemoteException e) { // can't happen; the backup manager is local } catch (Exception e) { Slog.e(TAG, "Exception trying to enqueue restore", e); doRestore = false; } } else { Slog.e(TAG, "Backup Manager not found!"); doRestore = false; } } if (!doRestore) { // No restore possible, or the Backup Manager was mysteriously not // available -- just fire the post-install work request directly. if (DEBUG_INSTALL) Log.v(TAG, "No restore - queue post-install for " + token); Message msg = mHandler.obtainMessage(POST_INSTALL, token, 0); mHandler.sendMessage(msg); } } }); } private abstract class HandlerParams { private static final int MAX_RETRIES = 4; /** * Number of times startCopy() has been attempted and had a non-fatal * error. */ private int mRetries = 0; /** User handle for the user requesting the information or installation. */ private final UserHandle mUser; HandlerParams(UserHandle user) { mUser = user; } UserHandle getUser() { return mUser; } final boolean startCopy() { boolean res; try { if (DEBUG_INSTALL) Slog.i(TAG, "startCopy"); if (++mRetries > MAX_RETRIES) { Slog.w(TAG, "Failed to invoke remote methods on default container service. Giving up"); mHandler.sendEmptyMessage(MCS_GIVE_UP); handleServiceError(); return false; } else { handleStartCopy(); res = true; } } catch (RemoteException e) { if (DEBUG_INSTALL) Slog.i(TAG, "Posting install MCS_RECONNECT"); mHandler.sendEmptyMessage(MCS_RECONNECT); res = false; } handleReturnCode(); return res; } final void serviceError() { if (DEBUG_INSTALL) Slog.i(TAG, "serviceError"); handleServiceError(); handleReturnCode(); } abstract void handleStartCopy() throws RemoteException; abstract void handleServiceError(); abstract void handleReturnCode(); } class MeasureParams extends HandlerParams { private final PackageStats mStats; private boolean mSuccess; private final IPackageStatsObserver mObserver; public MeasureParams(PackageStats stats, IPackageStatsObserver observer) { super(new UserHandle(stats.userHandle)); mObserver = observer; mStats = stats; } @Override void handleStartCopy() throws RemoteException { synchronized (mInstallLock) { mSuccess = getPackageSizeInfoLI(mStats.packageName, mStats.userHandle, mStats); } final boolean mounted; if (Environment.isExternalStorageEmulated()) { mounted = true; } else { final String status = Environment.getExternalStorageState(); mounted = (Environment.MEDIA_MOUNTED.equals(status) || Environment.MEDIA_MOUNTED_READ_ONLY.equals(status)); } if (mounted) { final UserEnvironment userEnv = new UserEnvironment(mStats.userHandle); final File externalCacheDir = userEnv .getExternalStorageAppCacheDirectory(mStats.packageName); final long externalCacheSize = mContainerService .calculateDirectorySize(externalCacheDir.getPath()); mStats.externalCacheSize = externalCacheSize; final File externalDataDir = userEnv .getExternalStorageAppDataDirectory(mStats.packageName); long externalDataSize = mContainerService.calculateDirectorySize(externalDataDir .getPath()); if (externalCacheDir.getParentFile().equals(externalDataDir)) { externalDataSize -= externalCacheSize; } mStats.externalDataSize = externalDataSize; final File externalMediaDir = userEnv .getExternalStorageAppMediaDirectory(mStats.packageName); mStats.externalMediaSize = mContainerService .calculateDirectorySize(externalMediaDir.getPath()); final File externalObbDir = userEnv .getExternalStorageAppObbDirectory(mStats.packageName); mStats.externalObbSize = mContainerService.calculateDirectorySize(externalObbDir .getPath()); } } @Override void handleReturnCode() { if (mObserver != null) { try { mObserver.onGetStatsCompleted(mStats, mSuccess); } catch (RemoteException e) { Slog.i(TAG, "Observer no longer exists."); } } } @Override void handleServiceError() { Slog.e(TAG, "Could not measure application " + mStats.packageName + " external storage"); } } class InstallParams extends HandlerParams { final IPackageInstallObserver observer; int flags; private final Uri mPackageURI; final String installerPackageName; final VerificationParams verificationParams; private InstallArgs mArgs; private int mRet; private File mTempPackage; final ContainerEncryptionParams encryptionParams; InstallParams(Uri packageURI, IPackageInstallObserver observer, int flags, String installerPackageName, VerificationParams verificationParams, ContainerEncryptionParams encryptionParams, UserHandle user) { super(user); this.mPackageURI = packageURI; this.flags = flags; this.observer = observer; this.installerPackageName = installerPackageName; this.verificationParams = verificationParams; this.encryptionParams = encryptionParams; } public ManifestDigest getManifestDigest() { if (verificationParams == null) { return null; } return verificationParams.getManifestDigest(); } private int installLocationPolicy(PackageInfoLite pkgLite, int flags) { String packageName = pkgLite.packageName; int installLocation = pkgLite.installLocation; boolean onSd = (flags & PackageManager.INSTALL_EXTERNAL) != 0; // reader synchronized (mPackages) { PackageParser.Package pkg = mPackages.get(packageName); if (pkg != null) { if ((flags & PackageManager.INSTALL_REPLACE_EXISTING) != 0) { // Check for downgrading. if ((flags & PackageManager.INSTALL_ALLOW_DOWNGRADE) == 0) { if (pkgLite.versionCode < pkg.mVersionCode) { Slog.w(TAG, "Can't install update of " + packageName + " update version " + pkgLite.versionCode + " is older than installed version " + pkg.mVersionCode); return PackageHelper.RECOMMEND_FAILED_VERSION_DOWNGRADE; } } // Check for updated system application. if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { if (onSd) { Slog.w(TAG, "Cannot install update to system app on sdcard"); return PackageHelper.RECOMMEND_FAILED_INVALID_LOCATION; } return PackageHelper.RECOMMEND_INSTALL_INTERNAL; } else { if (onSd) { // Install flag overrides everything. return PackageHelper.RECOMMEND_INSTALL_EXTERNAL; } // If current upgrade specifies particular preference if (installLocation == PackageInfo.INSTALL_LOCATION_INTERNAL_ONLY) { // Application explicitly specified internal. return PackageHelper.RECOMMEND_INSTALL_INTERNAL; } else if (installLocation == PackageInfo.INSTALL_LOCATION_PREFER_EXTERNAL) { // App explictly prefers external. Let policy decide } else { // Prefer previous location if (isExternal(pkg)) { return PackageHelper.RECOMMEND_INSTALL_EXTERNAL; } return PackageHelper.RECOMMEND_INSTALL_INTERNAL; } } } else { // Invalid install. Return error code return PackageHelper.RECOMMEND_FAILED_ALREADY_EXISTS; } } } // All the special cases have been taken care of. // Return result based on recommended install location. if (onSd) { return PackageHelper.RECOMMEND_INSTALL_EXTERNAL; } return pkgLite.recommendedInstallLocation; } /* * Invoke remote method to get package information and install * location values. Override install location based on default * policy if needed and then create install arguments based * on the install location. */ public void handleStartCopy() throws RemoteException { int ret = PackageManager.INSTALL_SUCCEEDED; final boolean onSd = (flags & PackageManager.INSTALL_EXTERNAL) != 0; final boolean onInt = (flags & PackageManager.INSTALL_INTERNAL) != 0; PackageInfoLite pkgLite = null; if (onInt && onSd) { // Check if both bits are set. Slog.w(TAG, "Conflicting flags specified for installing on both internal and external"); ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } else { final long lowThreshold; final DeviceStorageMonitorService dsm = (DeviceStorageMonitorService) ServiceManager .getService(DeviceStorageMonitorService.SERVICE); if (dsm == null) { Log.w(TAG, "Couldn't get low memory threshold; no free limit imposed"); lowThreshold = 0L; } else { lowThreshold = dsm.getMemoryLowThreshold(); } try { mContext.grantUriPermission(DEFAULT_CONTAINER_PACKAGE, mPackageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); final File packageFile; if (encryptionParams != null || !"file".equals(mPackageURI.getScheme())) { ParcelFileDescriptor out = null; mTempPackage = createTempPackageFile(mDrmAppPrivateInstallDir); if (mTempPackage != null) { try { out = ParcelFileDescriptor.open(mTempPackage, ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { Slog.e(TAG, "Failed to create temporary file for : " + mPackageURI); } // Make a temporary file for decryption. ret = mContainerService .copyResource(mPackageURI, encryptionParams, out); packageFile = mTempPackage; FileUtils.setPermissions(packageFile.getAbsolutePath(), FileUtils.S_IRUSR | FileUtils.S_IWUSR | FileUtils.S_IRGRP | FileUtils.S_IROTH, -1, -1); } else { packageFile = null; } } else { packageFile = new File(mPackageURI.getPath()); } if (packageFile != null) { // Remote call to find out default install location final String packageFilePath = packageFile.getAbsolutePath(); pkgLite = mContainerService.getMinimalPackageInfo(packageFilePath, flags, lowThreshold); /* * If we have too little free space, try to free cache * before giving up. */ if (pkgLite.recommendedInstallLocation == PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE) { final long size = mContainerService.calculateInstalledSize( packageFilePath, isForwardLocked()); if (mInstaller.freeCache(size + lowThreshold) >= 0) { pkgLite = mContainerService.getMinimalPackageInfo(packageFilePath, flags, lowThreshold); } } } } finally { mContext.revokeUriPermission(mPackageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); } } if (ret == PackageManager.INSTALL_SUCCEEDED) { int loc = pkgLite.recommendedInstallLocation; if (loc == PackageHelper.RECOMMEND_FAILED_INVALID_LOCATION) { ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } else if (loc == PackageHelper.RECOMMEND_FAILED_ALREADY_EXISTS) { ret = PackageManager.INSTALL_FAILED_ALREADY_EXISTS; } else if (loc == PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE) { ret = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; } else if (loc == PackageHelper.RECOMMEND_FAILED_INVALID_APK) { ret = PackageManager.INSTALL_FAILED_INVALID_APK; } else if (loc == PackageHelper.RECOMMEND_FAILED_INVALID_URI) { ret = PackageManager.INSTALL_FAILED_INVALID_URI; } else if (loc == PackageHelper.RECOMMEND_MEDIA_UNAVAILABLE) { ret = PackageManager.INSTALL_FAILED_MEDIA_UNAVAILABLE; } else { // Override with defaults if needed. loc = installLocationPolicy(pkgLite, flags); if (loc == PackageHelper.RECOMMEND_FAILED_VERSION_DOWNGRADE) { ret = PackageManager.INSTALL_FAILED_VERSION_DOWNGRADE; } else if (!onSd && !onInt) { // Override install location with flags if (loc == PackageHelper.RECOMMEND_INSTALL_EXTERNAL) { // Set the flag to install on external media. flags |= PackageManager.INSTALL_EXTERNAL; flags &= ~PackageManager.INSTALL_INTERNAL; } else { // Make sure the flag for installing on external // media is unset flags |= PackageManager.INSTALL_INTERNAL; flags &= ~PackageManager.INSTALL_EXTERNAL; } } } } final InstallArgs args = createInstallArgs(this); mArgs = args; if (ret == PackageManager.INSTALL_SUCCEEDED) { /* * ADB installs appear as UserHandle.USER_ALL, and can only be performed by * UserHandle.USER_OWNER, so use the package verifier for UserHandle.USER_OWNER. */ int userIdentifier = getUser().getIdentifier(); if (userIdentifier == UserHandle.USER_ALL && ((flags & PackageManager.INSTALL_FROM_ADB) != 0)) { userIdentifier = UserHandle.USER_OWNER; } /* * Determine if we have any installed package verifiers. If we * do, then we'll defer to them to verify the packages. */ final int requiredUid = mRequiredVerifierPackage == null ? -1 : getPackageUid(mRequiredVerifierPackage, userIdentifier); if (requiredUid != -1 && isVerificationEnabled(flags)) { final Intent verification = new Intent( Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); verification.setDataAndType(getPackageUri(), PACKAGE_MIME_TYPE); verification.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); final List receivers = queryIntentReceivers(verification, PACKAGE_MIME_TYPE, PackageManager.GET_DISABLED_COMPONENTS, 0 /* TODO: Which userId? */); if (DEBUG_VERIFY) { Slog.d(TAG, "Found " + receivers.size() + " verifiers for intent " + verification.toString() + " with " + pkgLite.verifiers.length + " optional verifiers"); } final int verificationId = mPendingVerificationToken++; verification.putExtra(PackageManager.EXTRA_VERIFICATION_ID, verificationId); verification.putExtra(PackageManager.EXTRA_VERIFICATION_INSTALLER_PACKAGE, installerPackageName); verification.putExtra(PackageManager.EXTRA_VERIFICATION_INSTALL_FLAGS, flags); verification.putExtra(PackageManager.EXTRA_VERIFICATION_PACKAGE_NAME, pkgLite.packageName); verification.putExtra(PackageManager.EXTRA_VERIFICATION_VERSION_CODE, pkgLite.versionCode); if (verificationParams != null) { if (verificationParams.getVerificationURI() != null) { verification.putExtra(PackageManager.EXTRA_VERIFICATION_URI, verificationParams.getVerificationURI()); } if (verificationParams.getOriginatingURI() != null) { verification.putExtra(Intent.EXTRA_ORIGINATING_URI, verificationParams.getOriginatingURI()); } if (verificationParams.getReferrer() != null) { verification.putExtra(Intent.EXTRA_REFERRER, verificationParams.getReferrer()); } if (verificationParams.getOriginatingUid() >= 0) { verification.putExtra(Intent.EXTRA_ORIGINATING_UID, verificationParams.getOriginatingUid()); } if (verificationParams.getInstallerUid() >= 0) { verification.putExtra(PackageManager.EXTRA_VERIFICATION_INSTALLER_UID, verificationParams.getInstallerUid()); } } final PackageVerificationState verificationState = new PackageVerificationState( requiredUid, args); mPendingVerification.append(verificationId, verificationState); final List sufficientVerifiers = matchVerifiers(pkgLite, receivers, verificationState); /* * If any sufficient verifiers were listed in the package * manifest, attempt to ask them. */ if (sufficientVerifiers != null) { final int N = sufficientVerifiers.size(); if (N == 0) { Slog.i(TAG, "Additional verifiers required, but none installed."); ret = PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE; } else { for (int i = 0; i < N; i++) { final ComponentName verifierComponent = sufficientVerifiers.get(i); final Intent sufficientIntent = new Intent(verification); sufficientIntent.setComponent(verifierComponent); mContext.sendBroadcastAsUser(sufficientIntent, getUser()); } } } final ComponentName requiredVerifierComponent = matchComponentForVerifier( mRequiredVerifierPackage, receivers); if (ret == PackageManager.INSTALL_SUCCEEDED && mRequiredVerifierPackage != null) { /* * Send the intent to the required verification agent, * but only start the verification timeout after the * target BroadcastReceivers have run. */ verification.setComponent(requiredVerifierComponent); mContext.sendOrderedBroadcastAsUser(verification, getUser(), android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { final Message msg = mHandler .obtainMessage(CHECK_PENDING_VERIFICATION); msg.arg1 = verificationId; mHandler.sendMessageDelayed(msg, getVerificationTimeout()); } }, null, 0, null, null); /* * We don't want the copy to proceed until verification * succeeds, so null out this field. */ mArgs = null; } } else { /* * No package verification is enabled, so immediately start * the remote call to initiate copy using temporary file. */ ret = args.copyApk(mContainerService, true); } } mRet = ret; } @Override void handleReturnCode() { // If mArgs is null, then MCS couldn't be reached. When it // reconnects, it will try again to install. At that point, this // will succeed. if (mArgs != null) { processPendingInstall(mArgs, mRet); if (mTempPackage != null) { if (!mTempPackage.delete()) { Slog.w(TAG, "Couldn't delete temporary file: " + mTempPackage.getAbsolutePath()); } } } } @Override void handleServiceError() { mArgs = createInstallArgs(this); mRet = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; } public boolean isForwardLocked() { return (flags & PackageManager.INSTALL_FORWARD_LOCK) != 0; } public Uri getPackageUri() { if (mTempPackage != null) { return Uri.fromFile(mTempPackage); } else { return mPackageURI; } } } /* * Utility class used in movePackage api. * srcArgs and targetArgs are not set for invalid flags and make * sure to do null checks when invoking methods on them. * We probably want to return ErrorPrams for both failed installs * and moves. */ class MoveParams extends HandlerParams { final IPackageMoveObserver observer; final int flags; final String packageName; final InstallArgs srcArgs; final InstallArgs targetArgs; int uid; int mRet; MoveParams(InstallArgs srcArgs, IPackageMoveObserver observer, int flags, String packageName, String dataDir, int uid, UserHandle user) { super(user); this.srcArgs = srcArgs; this.observer = observer; this.flags = flags; this.packageName = packageName; this.uid = uid; if (srcArgs != null) { Uri packageUri = Uri.fromFile(new File(srcArgs.getCodePath())); targetArgs = createInstallArgs(packageUri, flags, packageName, dataDir); } else { targetArgs = null; } } public void handleStartCopy() throws RemoteException { mRet = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; // Check for storage space on target medium if (!targetArgs.checkFreeStorage(mContainerService)) { Log.w(TAG, "Insufficient storage to install"); return; } mRet = srcArgs.doPreCopy(); if (mRet != PackageManager.INSTALL_SUCCEEDED) { return; } mRet = targetArgs.copyApk(mContainerService, false); if (mRet != PackageManager.INSTALL_SUCCEEDED) { srcArgs.doPostCopy(uid); return; } mRet = srcArgs.doPostCopy(uid); if (mRet != PackageManager.INSTALL_SUCCEEDED) { return; } mRet = targetArgs.doPreInstall(mRet); if (mRet != PackageManager.INSTALL_SUCCEEDED) { return; } if (DEBUG_SD_INSTALL) { StringBuilder builder = new StringBuilder(); if (srcArgs != null) { builder.append("src: "); builder.append(srcArgs.getCodePath()); } if (targetArgs != null) { builder.append(" target : "); builder.append(targetArgs.getCodePath()); } Log.i(TAG, builder.toString()); } } @Override void handleReturnCode() { targetArgs.doPostInstall(mRet, uid); int currentStatus = PackageManager.MOVE_FAILED_INTERNAL_ERROR; if (mRet == PackageManager.INSTALL_SUCCEEDED) { currentStatus = PackageManager.MOVE_SUCCEEDED; } else if (mRet == PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE){ currentStatus = PackageManager.MOVE_FAILED_INSUFFICIENT_STORAGE; } processPendingMove(this, currentStatus); } @Override void handleServiceError() { mRet = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; } } /** * Used during creation of InstallArgs * * @param flags package installation flags * @return true if should be installed on external storage */ private static boolean installOnSd(int flags) { if ((flags & PackageManager.INSTALL_INTERNAL) != 0) { return false; } if ((flags & PackageManager.INSTALL_EXTERNAL) != 0) { return true; } return false; } /** * Used during creation of InstallArgs * * @param flags package installation flags * @return true if should be installed as forward locked */ private static boolean installForwardLocked(int flags) { return (flags & PackageManager.INSTALL_FORWARD_LOCK) != 0; } private InstallArgs createInstallArgs(InstallParams params) { if (installOnSd(params.flags) || params.isForwardLocked()) { return new AsecInstallArgs(params); } else { return new FileInstallArgs(params); } } private InstallArgs createInstallArgs(int flags, String fullCodePath, String fullResourcePath, String nativeLibraryPath) { final boolean isInAsec; if (installOnSd(flags)) { /* Apps on SD card are always in ASEC containers. */ isInAsec = true; } else if (installForwardLocked(flags) && !fullCodePath.startsWith(mDrmAppPrivateInstallDir.getAbsolutePath())) { /* * Forward-locked apps are only in ASEC containers if they're the * new style */ isInAsec = true; } else { isInAsec = false; } if (isInAsec) { return new AsecInstallArgs(fullCodePath, fullResourcePath, nativeLibraryPath, installOnSd(flags), installForwardLocked(flags)); } else { return new FileInstallArgs(fullCodePath, fullResourcePath, nativeLibraryPath); } } // Used by package mover private InstallArgs createInstallArgs(Uri packageURI, int flags, String pkgName, String dataDir) { if (installOnSd(flags) || installForwardLocked(flags)) { String cid = getNextCodePath(packageURI.getPath(), pkgName, "/" + AsecInstallArgs.RES_FILE_NAME); return new AsecInstallArgs(packageURI, cid, installOnSd(flags), installForwardLocked(flags)); } else { return new FileInstallArgs(packageURI, pkgName, dataDir); } } static abstract class InstallArgs { final IPackageInstallObserver observer; // Always refers to PackageManager flags only final int flags; final Uri packageURI; final String installerPackageName; final ManifestDigest manifestDigest; final UserHandle user; InstallArgs(Uri packageURI, IPackageInstallObserver observer, int flags, String installerPackageName, ManifestDigest manifestDigest, UserHandle user) { this.packageURI = packageURI; this.flags = flags; this.observer = observer; this.installerPackageName = installerPackageName; this.manifestDigest = manifestDigest; this.user = user; } abstract void createCopyFile(); abstract int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException; abstract int doPreInstall(int status); abstract boolean doRename(int status, String pkgName, String oldCodePath); abstract int doPostInstall(int status, int uid); abstract String getCodePath(); abstract String getResourcePath(); abstract String getNativeLibraryPath(); // Need installer lock especially for dex file removal. abstract void cleanUpResourcesLI(); abstract boolean doPostDeleteLI(boolean delete); abstract boolean checkFreeStorage(IMediaContainerService imcs) throws RemoteException; /** * Called before the source arguments are copied. This is used mostly * for MoveParams when it needs to read the source file to put it in the * destination. */ int doPreCopy() { return PackageManager.INSTALL_SUCCEEDED; } /** * Called after the source arguments are copied. This is used mostly for * MoveParams when it needs to read the source file to put it in the * destination. * * @return */ int doPostCopy(int uid) { return PackageManager.INSTALL_SUCCEEDED; } protected boolean isFwdLocked() { return (flags & PackageManager.INSTALL_FORWARD_LOCK) != 0; } UserHandle getUser() { return user; } } class FileInstallArgs extends InstallArgs { File installDir; String codeFileName; String resourceFileName; String libraryPath; boolean created = false; FileInstallArgs(InstallParams params) { super(params.getPackageUri(), params.observer, params.flags, params.installerPackageName, params.getManifestDigest(), params.getUser()); } FileInstallArgs(String fullCodePath, String fullResourcePath, String nativeLibraryPath) { super(null, null, 0, null, null, null); File codeFile = new File(fullCodePath); installDir = codeFile.getParentFile(); codeFileName = fullCodePath; resourceFileName = fullResourcePath; libraryPath = nativeLibraryPath; } FileInstallArgs(Uri packageURI, String pkgName, String dataDir) { super(packageURI, null, 0, null, null, null); installDir = isFwdLocked() ? mDrmAppPrivateInstallDir : mAppInstallDir; String apkName = getNextCodePath(null, pkgName, ".apk"); codeFileName = new File(installDir, apkName + ".apk").getPath(); resourceFileName = getResourcePathFromCodePath(); libraryPath = new File(mAppLibInstallDir, pkgName).getPath(); } boolean checkFreeStorage(IMediaContainerService imcs) throws RemoteException { final long lowThreshold; final DeviceStorageMonitorService dsm = (DeviceStorageMonitorService) ServiceManager .getService(DeviceStorageMonitorService.SERVICE); if (dsm == null) { Log.w(TAG, "Couldn't get low memory threshold; no free limit imposed"); lowThreshold = 0L; } else { if (dsm.isMemoryLow()) { Log.w(TAG, "Memory is reported as being too low; aborting package install"); return false; } lowThreshold = dsm.getMemoryLowThreshold(); } try { mContext.grantUriPermission(DEFAULT_CONTAINER_PACKAGE, packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); return imcs.checkInternalFreeStorage(packageURI, isFwdLocked(), lowThreshold); } finally { mContext.revokeUriPermission(packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); } } String getCodePath() { return codeFileName; } void createCopyFile() { installDir = isFwdLocked() ? mDrmAppPrivateInstallDir : mAppInstallDir; codeFileName = createTempPackageFile(installDir).getPath(); resourceFileName = getResourcePathFromCodePath(); libraryPath = getLibraryPathFromCodePath(); created = true; } int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException { if (temp) { // Generate temp file name createCopyFile(); } // Get a ParcelFileDescriptor to write to the output file File codeFile = new File(codeFileName); if (!created) { try { codeFile.createNewFile(); // Set permissions if (!setPermissions()) { // Failed setting permissions. return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; } } catch (IOException e) { Slog.w(TAG, "Failed to create file " + codeFile); return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; } } ParcelFileDescriptor out = null; try { out = ParcelFileDescriptor.open(codeFile, ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { Slog.e(TAG, "Failed to create file descriptor for : " + codeFileName); return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; } // Copy the resource now int ret = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; try { mContext.grantUriPermission(DEFAULT_CONTAINER_PACKAGE, packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); ret = imcs.copyResource(packageURI, null, out); } finally { IoUtils.closeQuietly(out); mContext.revokeUriPermission(packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); } if (isFwdLocked()) { final File destResourceFile = new File(getResourcePath()); // Copy the public files try { PackageHelper.extractPublicFiles(codeFileName, destResourceFile); } catch (IOException e) { Slog.e(TAG, "Couldn't create a new zip file for the public parts of a" + " forward-locked app."); destResourceFile.delete(); return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; } } final File nativeLibraryFile = new File(getNativeLibraryPath()); Slog.i(TAG, "Copying native libraries to " + nativeLibraryFile.getPath()); if (nativeLibraryFile.exists()) { NativeLibraryHelper.removeNativeBinariesFromDirLI(nativeLibraryFile); nativeLibraryFile.delete(); } try { int copyRet = copyNativeLibrariesForInternalApp(codeFile, nativeLibraryFile); if (copyRet != PackageManager.INSTALL_SUCCEEDED) { return copyRet; } } catch (IOException e) { Slog.e(TAG, "Copying native libraries failed", e); ret = PackageManager.INSTALL_FAILED_INTERNAL_ERROR; } return ret; } int doPreInstall(int status) { if (status != PackageManager.INSTALL_SUCCEEDED) { cleanUp(); } return status; } boolean doRename(int status, final String pkgName, String oldCodePath) { if (status != PackageManager.INSTALL_SUCCEEDED) { cleanUp(); return false; } else { final File oldCodeFile = new File(getCodePath()); final File oldResourceFile = new File(getResourcePath()); final File oldLibraryFile = new File(getNativeLibraryPath()); // Rename APK file based on packageName final String apkName = getNextCodePath(oldCodePath, pkgName, ".apk"); final File newCodeFile = new File(installDir, apkName + ".apk"); if (!oldCodeFile.renameTo(newCodeFile)) { return false; } codeFileName = newCodeFile.getPath(); // Rename public resource file if it's forward-locked. final File newResFile = new File(getResourcePathFromCodePath()); if (isFwdLocked() && !oldResourceFile.renameTo(newResFile)) { return false; } resourceFileName = newResFile.getPath(); // Rename library path final File newLibraryFile = new File(getLibraryPathFromCodePath()); if (newLibraryFile.exists()) { NativeLibraryHelper.removeNativeBinariesFromDirLI(newLibraryFile); newLibraryFile.delete(); } if (!oldLibraryFile.renameTo(newLibraryFile)) { Slog.e(TAG, "Cannot rename native library directory " + oldLibraryFile.getPath() + " to " + newLibraryFile.getPath()); return false; } libraryPath = newLibraryFile.getPath(); // Attempt to set permissions if (!setPermissions()) { return false; } if (!SELinux.restorecon(newCodeFile)) { return false; } return true; } } int doPostInstall(int status, int uid) { if (status != PackageManager.INSTALL_SUCCEEDED) { cleanUp(); } return status; } String getResourcePath() { return resourceFileName; } private String getResourcePathFromCodePath() { final String codePath = getCodePath(); if (isFwdLocked()) { final StringBuilder sb = new StringBuilder(); sb.append(mAppInstallDir.getPath()); sb.append('/'); sb.append(getApkName(codePath)); sb.append(".zip"); /* * If our APK is a temporary file, mark the resource as a * temporary file as well so it can be cleaned up after * catastrophic failure. */ if (codePath.endsWith(".tmp")) { sb.append(".tmp"); } return sb.toString(); } else { return codePath; } } private String getLibraryPathFromCodePath() { return new File(mAppLibInstallDir, getApkName(getCodePath())).getPath(); } @Override String getNativeLibraryPath() { if (libraryPath == null) { libraryPath = getLibraryPathFromCodePath(); } return libraryPath; } private boolean cleanUp() { boolean ret = true; String sourceDir = getCodePath(); String publicSourceDir = getResourcePath(); if (sourceDir != null) { File sourceFile = new File(sourceDir); if (!sourceFile.exists()) { Slog.w(TAG, "Package source " + sourceDir + " does not exist."); ret = false; } // Delete application's code and resources sourceFile.delete(); } if (publicSourceDir != null && !publicSourceDir.equals(sourceDir)) { final File publicSourceFile = new File(publicSourceDir); if (!publicSourceFile.exists()) { Slog.w(TAG, "Package public source " + publicSourceFile + " does not exist."); } if (publicSourceFile.exists()) { publicSourceFile.delete(); } } if (libraryPath != null) { File nativeLibraryFile = new File(libraryPath); NativeLibraryHelper.removeNativeBinariesFromDirLI(nativeLibraryFile); if (!nativeLibraryFile.delete()) { Slog.w(TAG, "Couldn't delete native library directory " + libraryPath); } } return ret; } void cleanUpResourcesLI() { String sourceDir = getCodePath(); if (cleanUp()) { int retCode = mInstaller.rmdex(sourceDir); if (retCode < 0) { Slog.w(TAG, "Couldn't remove dex file for package: " + " at location " + sourceDir + ", retcode=" + retCode); // we don't consider this to be a failure of the core package deletion } } } private boolean setPermissions() { // TODO Do this in a more elegant way later on. for now just a hack if (!isFwdLocked()) { final int filePermissions = FileUtils.S_IRUSR|FileUtils.S_IWUSR|FileUtils.S_IRGRP |FileUtils.S_IROTH; int retCode = FileUtils.setPermissions(getCodePath(), filePermissions, -1, -1); if (retCode != 0) { Slog.e(TAG, "Couldn't set new package file permissions for " + getCodePath() + ". The return code was: " + retCode); // TODO Define new internal error return false; } return true; } return true; } boolean doPostDeleteLI(boolean delete) { // XXX err, shouldn't we respect the delete flag? cleanUpResourcesLI(); return true; } } private boolean isAsecExternal(String cid) { final String asecPath = PackageHelper.getSdFilesystem(cid); return !asecPath.startsWith(mAsecInternalPath); } /** * Extract the MountService "container ID" from the full code path of an * .apk. */ static String cidFromCodePath(String fullCodePath) { int eidx = fullCodePath.lastIndexOf("/"); String subStr1 = fullCodePath.substring(0, eidx); int sidx = subStr1.lastIndexOf("/"); return subStr1.substring(sidx+1, eidx); } class AsecInstallArgs extends InstallArgs { static final String RES_FILE_NAME = "pkg.apk"; static final String PUBLIC_RES_FILE_NAME = "res.zip"; String cid; String packagePath; String resourcePath; String libraryPath; AsecInstallArgs(InstallParams params) { super(params.getPackageUri(), params.observer, params.flags, params.installerPackageName, params.getManifestDigest(), params.getUser()); } AsecInstallArgs(String fullCodePath, String fullResourcePath, String nativeLibraryPath, boolean isExternal, boolean isForwardLocked) { super(null, null, (isExternal ? PackageManager.INSTALL_EXTERNAL : 0) | (isForwardLocked ? PackageManager.INSTALL_FORWARD_LOCK : 0), null, null, null); // Extract cid from fullCodePath int eidx = fullCodePath.lastIndexOf("/"); String subStr1 = fullCodePath.substring(0, eidx); int sidx = subStr1.lastIndexOf("/"); cid = subStr1.substring(sidx+1, eidx); setCachePath(subStr1); } AsecInstallArgs(String cid, boolean isForwardLocked) { super(null, null, (isAsecExternal(cid) ? PackageManager.INSTALL_EXTERNAL : 0) | (isForwardLocked ? PackageManager.INSTALL_FORWARD_LOCK : 0), null, null, null); this.cid = cid; setCachePath(PackageHelper.getSdDir(cid)); } AsecInstallArgs(Uri packageURI, String cid, boolean isExternal, boolean isForwardLocked) { super(packageURI, null, (isExternal ? PackageManager.INSTALL_EXTERNAL : 0) | (isForwardLocked ? PackageManager.INSTALL_FORWARD_LOCK : 0), null, null, null); this.cid = cid; } void createCopyFile() { cid = getTempContainerId(); } boolean checkFreeStorage(IMediaContainerService imcs) throws RemoteException { try { mContext.grantUriPermission(DEFAULT_CONTAINER_PACKAGE, packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); return imcs.checkExternalFreeStorage(packageURI, isFwdLocked()); } finally { mContext.revokeUriPermission(packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); } } private final boolean isExternal() { return (flags & PackageManager.INSTALL_EXTERNAL) != 0; } int copyApk(IMediaContainerService imcs, boolean temp) throws RemoteException { if (temp) { createCopyFile(); } else { /* * Pre-emptively destroy the container since it's destroyed if * copying fails due to it existing anyway. */ PackageHelper.destroySdDir(cid); } final String newCachePath; try { mContext.grantUriPermission(DEFAULT_CONTAINER_PACKAGE, packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); newCachePath = imcs.copyResourceToContainer(packageURI, cid, getEncryptKey(), RES_FILE_NAME, PUBLIC_RES_FILE_NAME, isExternal(), isFwdLocked()); } finally { mContext.revokeUriPermission(packageURI, Intent.FLAG_GRANT_READ_URI_PERMISSION); } if (newCachePath != null) { setCachePath(newCachePath); return PackageManager.INSTALL_SUCCEEDED; } else { return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; } } @Override String getCodePath() { return packagePath; } @Override String getResourcePath() { return resourcePath; } @Override String getNativeLibraryPath() { return libraryPath; } int doPreInstall(int status) { if (status != PackageManager.INSTALL_SUCCEEDED) { // Destroy container PackageHelper.destroySdDir(cid); } else { boolean mounted = PackageHelper.isContainerMounted(cid); if (!mounted) { String newCachePath = PackageHelper.mountSdDir(cid, getEncryptKey(), Process.SYSTEM_UID); if (newCachePath != null) { setCachePath(newCachePath); } else { return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; } } } return status; } boolean doRename(int status, final String pkgName, String oldCodePath) { String newCacheId = getNextCodePath(oldCodePath, pkgName, "/" + RES_FILE_NAME); String newCachePath = null; if (PackageHelper.isContainerMounted(cid)) { // Unmount the container if (!PackageHelper.unMountSdDir(cid)) { Slog.i(TAG, "Failed to unmount " + cid + " before renaming"); return false; } } if (!PackageHelper.renameSdDir(cid, newCacheId)) { Slog.e(TAG, "Failed to rename " + cid + " to " + newCacheId + " which might be stale. Will try to clean up."); // Clean up the stale container and proceed to recreate. if (!PackageHelper.destroySdDir(newCacheId)) { Slog.e(TAG, "Very strange. Cannot clean up stale container " + newCacheId); return false; } // Successfully cleaned up stale container. Try to rename again. if (!PackageHelper.renameSdDir(cid, newCacheId)) { Slog.e(TAG, "Failed to rename " + cid + " to " + newCacheId + " inspite of cleaning it up."); return false; } } if (!PackageHelper.isContainerMounted(newCacheId)) { Slog.w(TAG, "Mounting container " + newCacheId); newCachePath = PackageHelper.mountSdDir(newCacheId, getEncryptKey(), Process.SYSTEM_UID); } else { newCachePath = PackageHelper.getSdDir(newCacheId); } if (newCachePath == null) { Slog.w(TAG, "Failed to get cache path for " + newCacheId); return false; } Log.i(TAG, "Succesfully renamed " + cid + " to " + newCacheId + " at new path: " + newCachePath); cid = newCacheId; setCachePath(newCachePath); return true; } private void setCachePath(String newCachePath) { File cachePath = new File(newCachePath); libraryPath = new File(cachePath, LIB_DIR_NAME).getPath(); packagePath = new File(cachePath, RES_FILE_NAME).getPath(); if (isFwdLocked()) { resourcePath = new File(cachePath, PUBLIC_RES_FILE_NAME).getPath(); } else { resourcePath = packagePath; } } int doPostInstall(int status, int uid) { if (status != PackageManager.INSTALL_SUCCEEDED) { cleanUp(); } else { final int groupOwner; final String protectedFile; if (isFwdLocked()) { groupOwner = UserHandle.getSharedAppGid(uid); protectedFile = RES_FILE_NAME; } else { groupOwner = -1; protectedFile = null; } if (uid < Process.FIRST_APPLICATION_UID || !PackageHelper.fixSdPermissions(cid, groupOwner, protectedFile)) { Slog.e(TAG, "Failed to finalize " + cid); PackageHelper.destroySdDir(cid); return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; } boolean mounted = PackageHelper.isContainerMounted(cid); if (!mounted) { PackageHelper.mountSdDir(cid, getEncryptKey(), Process.myUid()); } } return status; } private void cleanUp() { if (DEBUG_SD_INSTALL) Slog.i(TAG, "cleanUp"); // Destroy secure container PackageHelper.destroySdDir(cid); } void cleanUpResourcesLI() { String sourceFile = getCodePath(); // Remove dex file int retCode = mInstaller.rmdex(sourceFile); if (retCode < 0) { Slog.w(TAG, "Couldn't remove dex file for package: " + " at location " + sourceFile.toString() + ", retcode=" + retCode); // we don't consider this to be a failure of the core package deletion } cleanUp(); } boolean matchContainer(String app) { if (cid.startsWith(app)) { return true; } return false; } String getPackageName() { return getAsecPackageName(cid); } boolean doPostDeleteLI(boolean delete) { boolean ret = false; boolean mounted = PackageHelper.isContainerMounted(cid); if (mounted) { // Unmount first ret = PackageHelper.unMountSdDir(cid); } if (ret && delete) { cleanUpResourcesLI(); } return ret; } @Override int doPreCopy() { if (isFwdLocked()) { if (!PackageHelper.fixSdPermissions(cid, getPackageUid(DEFAULT_CONTAINER_PACKAGE, 0), RES_FILE_NAME)) { return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; } } return PackageManager.INSTALL_SUCCEEDED; } @Override int doPostCopy(int uid) { if (isFwdLocked()) { if (uid < Process.FIRST_APPLICATION_UID || !PackageHelper.fixSdPermissions(cid, UserHandle.getSharedAppGid(uid), RES_FILE_NAME)) { Slog.e(TAG, "Failed to finalize " + cid); PackageHelper.destroySdDir(cid); return PackageManager.INSTALL_FAILED_CONTAINER_ERROR; } } return PackageManager.INSTALL_SUCCEEDED; } }; static String getAsecPackageName(String packageCid) { int idx = packageCid.lastIndexOf("-"); if (idx == -1) { return packageCid; } return packageCid.substring(0, idx); } // Utility method used to create code paths based on package name and available index. private static String getNextCodePath(String oldCodePath, String prefix, String suffix) { String idxStr = ""; int idx = 1; // Fall back to default value of idx=1 if prefix is not // part of oldCodePath if (oldCodePath != null) { String subStr = oldCodePath; // Drop the suffix right away if (subStr.endsWith(suffix)) { subStr = subStr.substring(0, subStr.length() - suffix.length()); } // If oldCodePath already contains prefix find out the // ending index to either increment or decrement. int sidx = subStr.lastIndexOf(prefix); if (sidx != -1) { subStr = subStr.substring(sidx + prefix.length()); if (subStr != null) { if (subStr.startsWith(INSTALL_PACKAGE_SUFFIX)) { subStr = subStr.substring(INSTALL_PACKAGE_SUFFIX.length()); } try { idx = Integer.parseInt(subStr); if (idx <= 1) { idx++; } else { idx--; } } catch(NumberFormatException e) { } } } } idxStr = INSTALL_PACKAGE_SUFFIX + Integer.toString(idx); return prefix + idxStr; } // Utility method used to ignore ADD/REMOVE events // by directory observer. private static boolean ignoreCodePath(String fullPathStr) { String apkName = getApkName(fullPathStr); int idx = apkName.lastIndexOf(INSTALL_PACKAGE_SUFFIX); if (idx != -1 && ((idx+1) < apkName.length())) { // Make sure the package ends with a numeral String version = apkName.substring(idx+1); try { Integer.parseInt(version); return true; } catch (NumberFormatException e) {} } return false; } // Utility method that returns the relative package path with respect // to the installation directory. Like say for /data/data/com.test-1.apk // string com.test-1 is returned. static String getApkName(String codePath) { if (codePath == null) { return null; } int sidx = codePath.lastIndexOf("/"); int eidx = codePath.lastIndexOf("."); if (eidx == -1) { eidx = codePath.length(); } else if (eidx == 0) { Slog.w(TAG, " Invalid code path, "+ codePath + " Not a valid apk name"); return null; } return codePath.substring(sidx+1, eidx); } class PackageInstalledInfo { String name; int uid; // The set of users that originally had this package installed. int[] origUsers; // The set of users that now have this package installed. int[] newUsers; PackageParser.Package pkg; int returnCode; PackageRemovedInfo removedInfo; } /* * Install a non-existing package. */ private void installNewPackageLI(PackageParser.Package pkg, int parseFlags, int scanMode, UserHandle user, String installerPackageName, PackageInstalledInfo res) { // Remember this for later, in case we need to rollback this install String pkgName = pkg.packageName; boolean dataDirExists = getDataPathForPackage(pkg.packageName, 0).exists(); synchronized(mPackages) { if (mSettings.mRenamedPackages.containsKey(pkgName)) { // A package with the same name is already installed, though // it has been renamed to an older name. The package we // are trying to install should be installed as an update to // the existing one, but that has not been requested, so bail. Slog.w(TAG, "Attempt to re-install " + pkgName + " without first uninstalling package running as " + mSettings.mRenamedPackages.get(pkgName)); res.returnCode = PackageManager.INSTALL_FAILED_ALREADY_EXISTS; return; } if (mPackages.containsKey(pkgName) || mAppDirs.containsKey(pkg.mPath)) { // Don't allow installation over an existing package with the same name. Slog.w(TAG, "Attempt to re-install " + pkgName + " without first uninstalling."); res.returnCode = PackageManager.INSTALL_FAILED_ALREADY_EXISTS; return; } } mLastScanError = PackageManager.INSTALL_SUCCEEDED; PackageParser.Package newPackage = scanPackageLI(pkg, parseFlags, scanMode, System.currentTimeMillis(), user); if (newPackage == null) { Slog.w(TAG, "Package couldn't be installed in " + pkg.mPath); if ((res.returnCode=mLastScanError) == PackageManager.INSTALL_SUCCEEDED) { res.returnCode = PackageManager.INSTALL_FAILED_INVALID_APK; } } else { updateSettingsLI(newPackage, installerPackageName, res); // delete the partially installed application. the data directory will have to be // restored if it was already existing if (res.returnCode != PackageManager.INSTALL_SUCCEEDED) { // remove package from internal structures. Note that we want deletePackageX to // delete the package data and cache directories that it created in // scanPackageLocked, unless those directories existed before we even tried to // install. deletePackageLI(pkgName, UserHandle.ALL, false, dataDirExists ? PackageManager.DELETE_KEEP_DATA : 0, res.removedInfo, true); } } } private void replacePackageLI(PackageParser.Package pkg, int parseFlags, int scanMode, UserHandle user, String installerPackageName, PackageInstalledInfo res) { PackageParser.Package oldPackage; String pkgName = pkg.packageName; // First find the old package info and check signatures synchronized(mPackages) { oldPackage = mPackages.get(pkgName); if (compareSignatures(oldPackage.mSignatures, pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) { Slog.w(TAG, "New package has a different signature: " + pkgName); res.returnCode = PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES; return; } } boolean sysPkg = (isSystemApp(oldPackage)); if (sysPkg) { replaceSystemPackageLI(oldPackage, pkg, parseFlags, scanMode, user, installerPackageName, res); } else { replaceNonSystemPackageLI(oldPackage, pkg, parseFlags, scanMode, user, installerPackageName, res); } } private void replaceNonSystemPackageLI(PackageParser.Package deletedPackage, PackageParser.Package pkg, int parseFlags, int scanMode, UserHandle user, String installerPackageName, PackageInstalledInfo res) { PackageParser.Package newPackage = null; String pkgName = deletedPackage.packageName; boolean deletedPkg = true; boolean updatedSettings = false; long origUpdateTime; if (pkg.mExtras != null) { origUpdateTime = ((PackageSetting)pkg.mExtras).lastUpdateTime; } else { origUpdateTime = 0; } // First delete the existing package while retaining the data directory if (!deletePackageLI(pkgName, null, true, PackageManager.DELETE_KEEP_DATA, res.removedInfo, true)) { // If the existing package wasn't successfully deleted res.returnCode = PackageManager.INSTALL_FAILED_REPLACE_COULDNT_DELETE; deletedPkg = false; } else { // Successfully deleted the old package. Now proceed with re-installation mLastScanError = PackageManager.INSTALL_SUCCEEDED; newPackage = scanPackageLI(pkg, parseFlags, scanMode | SCAN_UPDATE_TIME, System.currentTimeMillis(), user); if (newPackage == null) { Slog.w(TAG, "Package couldn't be installed in " + pkg.mPath); if ((res.returnCode=mLastScanError) == PackageManager.INSTALL_SUCCEEDED) { res.returnCode = PackageManager.INSTALL_FAILED_INVALID_APK; } } else { updateSettingsLI(newPackage, installerPackageName, res); updatedSettings = true; } } if (res.returnCode != PackageManager.INSTALL_SUCCEEDED) { // remove package from internal structures. Note that we want deletePackageX to // delete the package data and cache directories that it created in // scanPackageLocked, unless those directories existed before we even tried to // install. if(updatedSettings) { deletePackageLI( pkgName, null, true, PackageManager.DELETE_KEEP_DATA, res.removedInfo, true); } // Since we failed to install the new package we need to restore the old // package that we deleted. if(deletedPkg) { File restoreFile = new File(deletedPackage.mPath); // Parse old package boolean oldOnSd = isExternal(deletedPackage); int oldParseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY | (isForwardLocked(deletedPackage) ? PackageParser.PARSE_FORWARD_LOCK : 0) | (oldOnSd ? PackageParser.PARSE_ON_SDCARD : 0); int oldScanMode = (oldOnSd ? 0 : SCAN_MONITOR) | SCAN_UPDATE_SIGNATURE | SCAN_UPDATE_TIME; if (scanPackageLI(restoreFile, oldParseFlags, oldScanMode, origUpdateTime, null) == null) { Slog.e(TAG, "Failed to restore package : " + pkgName + " after failed upgrade"); return; } // Restore of old package succeeded. Update permissions. // writer synchronized (mPackages) { updatePermissionsLPw(deletedPackage.packageName, deletedPackage, UPDATE_PERMISSIONS_ALL); // can downgrade to reader mSettings.writeLPr(); } Slog.i(TAG, "Successfully restored package : " + pkgName + " after failed upgrade"); } } } private void replaceSystemPackageLI(PackageParser.Package deletedPackage, PackageParser.Package pkg, int parseFlags, int scanMode, UserHandle user, String installerPackageName, PackageInstalledInfo res) { PackageParser.Package newPackage = null; boolean updatedSettings = false; parseFlags |= PackageManager.INSTALL_REPLACE_EXISTING | PackageParser.PARSE_IS_SYSTEM; String packageName = deletedPackage.packageName; res.returnCode = PackageManager.INSTALL_FAILED_REPLACE_COULDNT_DELETE; if (packageName == null) { Slog.w(TAG, "Attempt to delete null packageName."); return; } PackageParser.Package oldPkg; PackageSetting oldPkgSetting; // reader synchronized (mPackages) { oldPkg = mPackages.get(packageName); oldPkgSetting = mSettings.mPackages.get(packageName); if((oldPkg == null) || (oldPkg.applicationInfo == null) || (oldPkgSetting == null)) { Slog.w(TAG, "Couldn't find package:"+packageName+" information"); return; } } killApplication(packageName, oldPkg.applicationInfo.uid); res.removedInfo.uid = oldPkg.applicationInfo.uid; res.removedInfo.removedPackage = packageName; // Remove existing system package removePackageLI(oldPkgSetting, true); // writer synchronized (mPackages) { if (!mSettings.disableSystemPackageLPw(packageName) && deletedPackage != null) { // We didn't need to disable the .apk as a current system package, // which means we are replacing another update that is already // installed. We need to make sure to delete the older one's .apk. res.removedInfo.args = createInstallArgs(0, deletedPackage.applicationInfo.sourceDir, deletedPackage.applicationInfo.publicSourceDir, deletedPackage.applicationInfo.nativeLibraryDir); } else { res.removedInfo.args = null; } } // Successfully disabled the old package. Now proceed with re-installation mLastScanError = PackageManager.INSTALL_SUCCEEDED; pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; newPackage = scanPackageLI(pkg, parseFlags, scanMode, 0, user); if (newPackage == null) { Slog.w(TAG, "Package couldn't be installed in " + pkg.mPath); if ((res.returnCode=mLastScanError) == PackageManager.INSTALL_SUCCEEDED) { res.returnCode = PackageManager.INSTALL_FAILED_INVALID_APK; } } else { if (newPackage.mExtras != null) { final PackageSetting newPkgSetting = (PackageSetting)newPackage.mExtras; newPkgSetting.firstInstallTime = oldPkgSetting.firstInstallTime; newPkgSetting.lastUpdateTime = System.currentTimeMillis(); } updateSettingsLI(newPackage, installerPackageName, res); updatedSettings = true; } if (res.returnCode != PackageManager.INSTALL_SUCCEEDED) { // Re installation failed. Restore old information // Remove new pkg information if (newPackage != null) { removeInstalledPackageLI(newPackage, true); } // Add back the old system package scanPackageLI(oldPkg, parseFlags, SCAN_MONITOR | SCAN_UPDATE_SIGNATURE, 0, user); // Restore the old system information in Settings synchronized(mPackages) { if (updatedSettings) { mSettings.enableSystemPackageLPw(packageName); mSettings.setInstallerPackageName(packageName, oldPkgSetting.installerPackageName); } mSettings.writeLPr(); } } } // Utility method used to move dex files during install. private int moveDexFilesLI(PackageParser.Package newPackage) { int retCode; if ((newPackage.applicationInfo.flags&ApplicationInfo.FLAG_HAS_CODE) != 0) { retCode = mInstaller.movedex(newPackage.mScanPath, newPackage.mPath); if (retCode != 0) { if (mNoDexOpt) { /* * If we're in an engineering build, programs are lazily run * through dexopt. If the .dex file doesn't exist yet, it * will be created when the program is run next. */ Slog.i(TAG, "dex file doesn't exist, skipping move: " + newPackage.mPath); } else { Slog.e(TAG, "Couldn't rename dex file: " + newPackage.mPath); return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; } } } return PackageManager.INSTALL_SUCCEEDED; } private void updateSettingsLI(PackageParser.Package newPackage, String installerPackageName, PackageInstalledInfo res) { String pkgName = newPackage.packageName; synchronized (mPackages) { //write settings. the installStatus will be incomplete at this stage. //note that the new package setting would have already been //added to mPackages. It hasn't been persisted yet. mSettings.setInstallStatus(pkgName, PackageSettingBase.PKG_INSTALL_INCOMPLETE); mSettings.writeLPr(); } if ((res.returnCode = moveDexFilesLI(newPackage)) != PackageManager.INSTALL_SUCCEEDED) { // Discontinue if moving dex files failed. return; } Log.d(TAG, "New package installed in " + newPackage.mPath); synchronized (mPackages) { updatePermissionsLPw(newPackage.packageName, newPackage, UPDATE_PERMISSIONS_REPLACE_PKG | (newPackage.permissions.size() > 0 ? UPDATE_PERMISSIONS_ALL : 0)); res.name = pkgName; res.uid = newPackage.applicationInfo.uid; res.pkg = newPackage; mSettings.setInstallStatus(pkgName, PackageSettingBase.PKG_INSTALL_COMPLETE); mSettings.setInstallerPackageName(pkgName, installerPackageName); res.returnCode = PackageManager.INSTALL_SUCCEEDED; //to update install status mSettings.writeLPr(); } } private void installPackageLI(InstallArgs args, boolean newInstall, PackageInstalledInfo res) { int pFlags = args.flags; String installerPackageName = args.installerPackageName; File tmpPackageFile = new File(args.getCodePath()); boolean forwardLocked = ((pFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0); boolean onSd = ((pFlags & PackageManager.INSTALL_EXTERNAL) != 0); boolean replace = false; int scanMode = (onSd ? 0 : SCAN_MONITOR) | SCAN_FORCE_DEX | SCAN_UPDATE_SIGNATURE | (newInstall ? SCAN_NEW_INSTALL : 0); // Result object to be returned res.returnCode = PackageManager.INSTALL_SUCCEEDED; // Retrieve PackageSettings and parse package int parseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY | (forwardLocked ? PackageParser.PARSE_FORWARD_LOCK : 0) | (onSd ? PackageParser.PARSE_ON_SDCARD : 0); PackageParser pp = new PackageParser(tmpPackageFile.getPath()); pp.setSeparateProcesses(mSeparateProcesses); final PackageParser.Package pkg = pp.parsePackage(tmpPackageFile, null, mMetrics, parseFlags); if (pkg == null) { res.returnCode = pp.getParseError(); return; } String pkgName = res.name = pkg.packageName; if ((pkg.applicationInfo.flags&ApplicationInfo.FLAG_TEST_ONLY) != 0) { if ((pFlags&PackageManager.INSTALL_ALLOW_TEST) == 0) { res.returnCode = PackageManager.INSTALL_FAILED_TEST_ONLY; return; } } if (GET_CERTIFICATES && !pp.collectCertificates(pkg, parseFlags)) { res.returnCode = pp.getParseError(); return; } /* If the installer passed in a manifest digest, compare it now. */ if (args.manifestDigest != null) { if (DEBUG_INSTALL) { final String parsedManifest = pkg.manifestDigest == null ? "null" : pkg.manifestDigest.toString(); Slog.d(TAG, "Comparing manifests: " + args.manifestDigest.toString() + " vs. " + parsedManifest); } if (!args.manifestDigest.equals(pkg.manifestDigest)) { res.returnCode = PackageManager.INSTALL_FAILED_PACKAGE_CHANGED; return; } } else if (DEBUG_INSTALL) { final String parsedManifest = pkg.manifestDigest == null ? "null" : pkg.manifestDigest.toString(); Slog.d(TAG, "manifestDigest was not present, but parser got: " + parsedManifest); } // Get rid of all references to package scan path via parser. pp = null; String oldCodePath = null; boolean systemApp = false; synchronized (mPackages) { // Check if installing already existing package if ((pFlags&PackageManager.INSTALL_REPLACE_EXISTING) != 0) { String oldName = mSettings.mRenamedPackages.get(pkgName); if (pkg.mOriginalPackages != null && pkg.mOriginalPackages.contains(oldName) && mPackages.containsKey(oldName)) { // This package is derived from an original package, // and this device has been updating from that original // name. We must continue using the original name, so // rename the new package here. pkg.setPackageName(oldName); pkgName = pkg.packageName; replace = true; } else if (mPackages.containsKey(pkgName)) { // This package, under its official name, already exists // on the device; we should replace it. replace = true; } } PackageSetting ps = mSettings.mPackages.get(pkgName); if (ps != null) { oldCodePath = mSettings.mPackages.get(pkgName).codePathString; if (ps.pkg != null && ps.pkg.applicationInfo != null) { systemApp = (ps.pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; } res.origUsers = ps.queryInstalledUsers(sUserManager.getUserIds(), true); } } if (systemApp && onSd) { // Disable updates to system apps on sdcard Slog.w(TAG, "Cannot install updates to system apps on sdcard"); res.returnCode = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; return; } if (!args.doRename(res.returnCode, pkgName, oldCodePath)) { res.returnCode = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; return; } // Set application objects path explicitly after the rename setApplicationInfoPaths(pkg, args.getCodePath(), args.getResourcePath()); pkg.applicationInfo.nativeLibraryDir = args.getNativeLibraryPath(); if (replace) { replacePackageLI(pkg, parseFlags, scanMode, args.user, installerPackageName, res); } else { installNewPackageLI(pkg, parseFlags, scanMode, args.user, installerPackageName, res); } synchronized (mPackages) { final PackageSetting ps = mSettings.mPackages.get(pkgName); if (ps != null) { res.newUsers = ps.queryInstalledUsers(sUserManager.getUserIds(), true); } } } private static boolean isForwardLocked(PackageParser.Package pkg) { return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_FORWARD_LOCK) != 0; } private boolean isForwardLocked(PackageSetting ps) { return (ps.pkgFlags & ApplicationInfo.FLAG_FORWARD_LOCK) != 0; } private static boolean isExternal(PackageParser.Package pkg) { return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) != 0; } private static boolean isExternal(PackageSetting ps) { return (ps.pkgFlags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) != 0; } private static boolean isSystemApp(PackageParser.Package pkg) { return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; } private static boolean isSystemApp(ApplicationInfo info) { return (info.flags & ApplicationInfo.FLAG_SYSTEM) != 0; } private static boolean isSystemApp(PackageSetting ps) { return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0; } private static boolean isUpdatedSystemApp(PackageParser.Package pkg) { return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; } private int packageFlagsToInstallFlags(PackageSetting ps) { int installFlags = 0; if (isExternal(ps)) { installFlags |= PackageManager.INSTALL_EXTERNAL; } if (isForwardLocked(ps)) { installFlags |= PackageManager.INSTALL_FORWARD_LOCK; } return installFlags; } private void deleteTempPackageFiles() { final FilenameFilter filter = new FilenameFilter() { public boolean accept(File dir, String name) { return name.startsWith("vmdl") && name.endsWith(".tmp"); } }; deleteTempPackageFilesInDirectory(mAppInstallDir, filter); deleteTempPackageFilesInDirectory(mDrmAppPrivateInstallDir, filter); } private static final void deleteTempPackageFilesInDirectory(File directory, FilenameFilter filter) { final String[] tmpFilesList = directory.list(filter); if (tmpFilesList == null) { return; } for (int i = 0; i < tmpFilesList.length; i++) { final File tmpFile = new File(directory, tmpFilesList[i]); tmpFile.delete(); } } private File createTempPackageFile(File installDir) { File tmpPackageFile; try { tmpPackageFile = File.createTempFile("vmdl", ".tmp", installDir); } catch (IOException e) { Slog.e(TAG, "Couldn't create temp file for downloaded package file."); return null; } try { FileUtils.setPermissions( tmpPackageFile.getCanonicalPath(), FileUtils.S_IRUSR|FileUtils.S_IWUSR, -1, -1); if (!SELinux.restorecon(tmpPackageFile)) { return null; } } catch (IOException e) { Slog.e(TAG, "Trouble getting the canoncical path for a temp file."); return null; } return tmpPackageFile; } public void deletePackage(final String packageName, final IPackageDeleteObserver observer, final int flags) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.DELETE_PACKAGES, null); // Queue up an async operation since the package deletion may take a little while. final int uid = Binder.getCallingUid(); mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); final int returnCode = deletePackageX(packageName, uid, flags); if (observer != null) { try { observer.packageDeleted(packageName, returnCode); } catch (RemoteException e) { Log.i(TAG, "Observer no longer exists."); } //end catch } //end if } //end run }); } /** * This method is an internal method that could be get invoked either * to delete an installed package or to clean up a failed installation. * After deleting an installed package, a broadcast is sent to notify any * listeners that the package has been installed. For cleaning up a failed * installation, the broadcast is not necessary since the package's * installation wouldn't have sent the initial broadcast either * The key steps in deleting a package are * deleting the package information in internal structures like mPackages, * deleting the packages base directories through installd * updating mSettings to reflect current status * persisting settings for later use * sending a broadcast if necessary */ private int deletePackageX(String packageName, int uid, int flags) { final PackageRemovedInfo info = new PackageRemovedInfo(); final boolean res; IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface( ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); try { if (dpm != null && dpm.packageHasActiveAdmins(packageName, UserHandle.getUserId(uid))) { Slog.w(TAG, "Not removing package " + packageName + ": has active device admin"); return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER; } } catch (RemoteException e) { } boolean removedForAllUsers = false; boolean systemUpdate = false; synchronized (mInstallLock) { res = deletePackageLI(packageName, (flags & PackageManager.DELETE_ALL_USERS) != 0 ? UserHandle.ALL : new UserHandle(UserHandle.getUserId(uid)), true, flags | REMOVE_CHATTY, info, true); systemUpdate = info.isRemovedPackageSystemUpdate; if (res && !systemUpdate && mPackages.get(packageName) == null) { removedForAllUsers = true; } } if (res) { info.sendBroadcast(true, systemUpdate, removedForAllUsers); // If the removed package was a system update, the old system package // was re-enabled; we need to broadcast this information if (systemUpdate) { Bundle extras = new Bundle(1); extras.putInt(Intent.EXTRA_UID, info.removedAppId >= 0 ? info.removedAppId : info.uid); extras.putBoolean(Intent.EXTRA_REPLACING, true); sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName, extras, null, null, null); sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED, packageName, extras, null, null, null); sendPackageBroadcast(Intent.ACTION_MY_PACKAGE_REPLACED, null, null, packageName, null, null); } } // Force a gc here. Runtime.getRuntime().gc(); // Delete the resources here after sending the broadcast to let // other processes clean up before deleting resources. if (info.args != null) { synchronized (mInstallLock) { info.args.doPostDeleteLI(true); } } return res ? PackageManager.DELETE_SUCCEEDED : PackageManager.DELETE_FAILED_INTERNAL_ERROR; } static class PackageRemovedInfo { String removedPackage; int uid = -1; int removedAppId = -1; int[] removedUsers = null; boolean isRemovedPackageSystemUpdate = false; // Clean up resources deleted packages. InstallArgs args = null; void sendBroadcast(boolean fullRemove, boolean replacing, boolean removedForAllUsers) { Bundle extras = new Bundle(1); extras.putInt(Intent.EXTRA_UID, removedAppId >= 0 ? removedAppId : uid); extras.putBoolean(Intent.EXTRA_DATA_REMOVED, fullRemove); if (replacing) { extras.putBoolean(Intent.EXTRA_REPLACING, true); } extras.putBoolean(Intent.EXTRA_REMOVED_FOR_ALL_USERS, removedForAllUsers); if (removedPackage != null) { sendPackageBroadcast(Intent.ACTION_PACKAGE_REMOVED, removedPackage, extras, null, null, removedUsers); if (fullRemove && !replacing) { sendPackageBroadcast(Intent.ACTION_PACKAGE_FULLY_REMOVED, removedPackage, extras, null, null, removedUsers); } } if (removedAppId >= 0) { sendPackageBroadcast(Intent.ACTION_UID_REMOVED, null, extras, null, null, removedUsers); } } } /* * This method deletes the package from internal data structures. If the DONT_DELETE_DATA * flag is not set, the data directory is removed as well. * make sure this flag is set for partially installed apps. If not its meaningless to * delete a partially installed application. */ private void removePackageDataLI(PackageSetting ps, PackageRemovedInfo outInfo, int flags, boolean writeSettings) { String packageName = ps.name; removePackageLI(ps, (flags&REMOVE_CHATTY) != 0); // Retrieve object to delete permissions for shared user later on final PackageSetting deletedPs; // reader synchronized (mPackages) { deletedPs = mSettings.mPackages.get(packageName); if (outInfo != null) { outInfo.removedPackage = packageName; outInfo.removedUsers = deletedPs != null ? deletedPs.queryInstalledUsers(sUserManager.getUserIds(), true) : null; } } if ((flags&PackageManager.DELETE_KEEP_DATA) == 0) { removeDataDirsLI(packageName); schedulePackageCleaning(packageName, UserHandle.USER_ALL, true); } // writer synchronized (mPackages) { if (deletedPs != null) { if ((flags&PackageManager.DELETE_KEEP_DATA) == 0) { if (outInfo != null) { outInfo.removedAppId = mSettings.removePackageLPw(packageName); } if (deletedPs != null) { updatePermissionsLPw(deletedPs.name, null, 0); if (deletedPs.sharedUser != null) { // remove permissions associated with package mSettings.updateSharedUserPermsLPw(deletedPs, mGlobalGids); } } clearPackagePreferredActivitiesLPw(deletedPs.name, UserHandle.USER_ALL); } } // can downgrade to reader if (writeSettings) { // Save settings now mSettings.writeLPr(); } } } /* * Tries to delete system package. */ private boolean deleteSystemPackageLI(PackageSetting newPs, int flags, PackageRemovedInfo outInfo, boolean writeSettings) { PackageSetting disabledPs = null; // Confirm if the system package has been updated // An updated system app can be deleted. This will also have to restore // the system pkg from system partition // reader synchronized (mPackages) { disabledPs = mSettings.getDisabledSystemPkgLPr(newPs.name); } if (disabledPs == null) { Slog.w(TAG, "Attempt to delete unknown system package "+ newPs.name); return false; } else { Log.i(TAG, "Deleting system pkg from data partition"); } // Delete the updated package outInfo.isRemovedPackageSystemUpdate = true; if (disabledPs.versionCode < newPs.versionCode) { // Delete data for downgrades flags &= ~PackageManager.DELETE_KEEP_DATA; } else { // Preserve data by setting flag flags |= PackageManager.DELETE_KEEP_DATA; } boolean ret = deleteInstalledPackageLI(newPs, true, flags, outInfo, writeSettings); if (!ret) { return false; } // writer synchronized (mPackages) { // Reinstate the old system package mSettings.enableSystemPackageLPw(newPs.name); // Remove any native libraries from the upgraded package. NativeLibraryHelper.removeNativeBinariesLI(newPs.nativeLibraryPathString); } // Install the system package PackageParser.Package newPkg = scanPackageLI(disabledPs.codePath, PackageParser.PARSE_MUST_BE_APK | PackageParser.PARSE_IS_SYSTEM, SCAN_MONITOR | SCAN_NO_PATHS, 0, null); if (newPkg == null) { Slog.w(TAG, "Failed to restore system package:" + newPs.name + " with error:" + mLastScanError); return false; } // writer synchronized (mPackages) { updatePermissionsLPw(newPkg.packageName, newPkg, UPDATE_PERMISSIONS_ALL | UPDATE_PERMISSIONS_REPLACE_PKG); // can downgrade to reader here if (writeSettings) { mSettings.writeLPr(); } } return true; } private boolean deleteInstalledPackageLI(PackageSetting ps, boolean deleteCodeAndResources, int flags, PackageRemovedInfo outInfo, boolean writeSettings) { if (outInfo != null) { outInfo.uid = ps.appId; } // Delete package data from internal structures and also remove data if flag is set removePackageDataLI(ps, outInfo, flags, writeSettings); // Delete application code and resources if (deleteCodeAndResources && (outInfo != null)) { outInfo.args = createInstallArgs(packageFlagsToInstallFlags(ps), ps.codePathString, ps.resourcePathString, ps.nativeLibraryPathString); } return true; } /* * This method handles package deletion in general */ private boolean deletePackageLI(String packageName, UserHandle user, boolean deleteCodeAndResources, int flags, PackageRemovedInfo outInfo, boolean writeSettings) { if (packageName == null) { Slog.w(TAG, "Attempt to delete null packageName."); return false; } PackageSetting ps; boolean dataOnly = false; int removeUser = -1; int appId = -1; synchronized (mPackages) { ps = mSettings.mPackages.get(packageName); if (ps == null) { Slog.w(TAG, "Package named '" + packageName + "' doesn't exist."); return false; } if (!isSystemApp(ps) && user != null && user.getIdentifier() != UserHandle.USER_ALL) { // The caller is asking that the package only be deleted for a single // user. To do this, we just mark its uninstalled state and delete // its data. ps.setUserState(user.getIdentifier(), COMPONENT_ENABLED_STATE_DEFAULT, false, //installed true, //stopped true, //notLaunched null, null); if (ps.isAnyInstalled(sUserManager.getUserIds())) { // Other user still have this package installed, so all // we need to do is clear this user's data and save that // it is uninstalled. removeUser = user.getIdentifier(); appId = ps.appId; mSettings.writePackageRestrictionsLPr(removeUser); } else { // We need to set it back to 'installed' so the uninstall // broadcasts will be sent correctly. ps.setInstalled(true, user.getIdentifier()); } } } if (removeUser >= 0) { // From above, we determined that we are deleting this only // for a single user. Continue the work here. if (outInfo != null) { outInfo.removedPackage = packageName; outInfo.removedAppId = appId; outInfo.removedUsers = new int[] {removeUser}; } mInstaller.clearUserData(packageName, removeUser); schedulePackageCleaning(packageName, removeUser, false); return true; } if (dataOnly) { // Delete application data first removePackageDataLI(ps, outInfo, flags, writeSettings); return true; } boolean ret = false; if (isSystemApp(ps)) { Log.i(TAG, "Removing system package:" + ps.name); // When an updated system application is deleted we delete the existing resources as well and // fall back to existing code in system partition ret = deleteSystemPackageLI(ps, flags, outInfo, writeSettings); } else { Log.i(TAG, "Removing non-system package:" + ps.name); // Kill application pre-emptively especially for apps on sd. killApplication(packageName, ps.appId); ret = deleteInstalledPackageLI(ps, deleteCodeAndResources, flags, outInfo, writeSettings); } return ret; } private final class ClearStorageConnection implements ServiceConnection { IMediaContainerService mContainerService; @Override public void onServiceConnected(ComponentName name, IBinder service) { synchronized (this) { mContainerService = IMediaContainerService.Stub.asInterface(service); notifyAll(); } } @Override public void onServiceDisconnected(ComponentName name) { } } private void clearExternalStorageDataSync(String packageName, int userId, boolean allData) { final boolean mounted; if (Environment.isExternalStorageEmulated()) { mounted = true; } else { final String status = Environment.getExternalStorageState(); mounted = status.equals(Environment.MEDIA_MOUNTED) || status.equals(Environment.MEDIA_MOUNTED_READ_ONLY); } if (!mounted) { return; } final Intent containerIntent = new Intent().setComponent(DEFAULT_CONTAINER_COMPONENT); int[] users; if (userId == UserHandle.USER_ALL) { users = sUserManager.getUserIds(); } else { users = new int[] { userId }; } final ClearStorageConnection conn = new ClearStorageConnection(); if (mContext.bindService( containerIntent, conn, Context.BIND_AUTO_CREATE, UserHandle.USER_OWNER)) { try { for (int curUser : users) { long timeout = SystemClock.uptimeMillis() + 5000; synchronized (conn) { long now = SystemClock.uptimeMillis(); while (conn.mContainerService == null && now < timeout) { try { conn.wait(timeout - now); } catch (InterruptedException e) { } } } if (conn.mContainerService == null) { return; } final UserEnvironment userEnv = new UserEnvironment(curUser); final File externalCacheDir = userEnv .getExternalStorageAppCacheDirectory(packageName); try { conn.mContainerService.clearDirectory(externalCacheDir.toString()); } catch (RemoteException e) { } if (allData) { final File externalDataDir = userEnv .getExternalStorageAppDataDirectory(packageName); try { conn.mContainerService.clearDirectory(externalDataDir.toString()); } catch (RemoteException e) { } final File externalMediaDir = userEnv .getExternalStorageAppMediaDirectory(packageName); try { conn.mContainerService.clearDirectory(externalMediaDir.toString()); } catch (RemoteException e) { } } } } finally { mContext.unbindService(conn); } } } @Override public void clearApplicationUserData(final String packageName, final IPackageDataObserver observer, final int userId) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.CLEAR_APP_USER_DATA, null); enforceCrossUserPermission(Binder.getCallingUid(), userId, true, "clear application data"); // Queue up an async operation since the package deletion may take a little while. mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); final boolean succeeded; synchronized (mInstallLock) { succeeded = clearApplicationUserDataLI(packageName, userId); } clearExternalStorageDataSync(packageName, userId, true); if (succeeded) { // invoke DeviceStorageMonitor's update method to clear any notifications DeviceStorageMonitorService dsm = (DeviceStorageMonitorService) ServiceManager.getService(DeviceStorageMonitorService.SERVICE); if (dsm != null) { dsm.updateMemory(); } } if(observer != null) { try { observer.onRemoveCompleted(packageName, succeeded); } catch (RemoteException e) { Log.i(TAG, "Observer no longer exists."); } } //end if observer } //end run }); } private boolean clearApplicationUserDataLI(String packageName, int userId) { if (packageName == null) { Slog.w(TAG, "Attempt to delete null packageName."); return false; } PackageParser.Package p; boolean dataOnly = false; synchronized (mPackages) { p = mPackages.get(packageName); if(p == null) { dataOnly = true; PackageSetting ps = mSettings.mPackages.get(packageName); if((ps == null) || (ps.pkg == null)) { Slog.w(TAG, "Package named '" + packageName +"' doesn't exist."); return false; } p = ps.pkg; } } if (!dataOnly) { //need to check this only for fully installed applications if (p == null) { Slog.w(TAG, "Package named '" + packageName +"' doesn't exist."); return false; } final ApplicationInfo applicationInfo = p.applicationInfo; if (applicationInfo == null) { Slog.w(TAG, "Package " + packageName + " has no applicationInfo."); return false; } } int retCode = mInstaller.clearUserData(packageName, userId); if (retCode < 0) { Slog.w(TAG, "Couldn't remove cache files for package: " + packageName); return false; } return true; } public void deleteApplicationCacheFiles(final String packageName, final IPackageDataObserver observer) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.DELETE_CACHE_FILES, null); // Queue up an async operation since the package deletion may take a little while. final int userId = UserHandle.getCallingUserId(); mHandler.post(new Runnable() { public void run() { mHandler.removeCallbacks(this); final boolean succeded; synchronized (mInstallLock) { succeded = deleteApplicationCacheFilesLI(packageName, userId); } clearExternalStorageDataSync(packageName, userId, false); if(observer != null) { try { observer.onRemoveCompleted(packageName, succeded); } catch (RemoteException e) { Log.i(TAG, "Observer no longer exists."); } } //end if observer } //end run }); } private boolean deleteApplicationCacheFilesLI(String packageName, int userId) { if (packageName == null) { Slog.w(TAG, "Attempt to delete null packageName."); return false; } PackageParser.Package p; synchronized (mPackages) { p = mPackages.get(packageName); } if (p == null) { Slog.w(TAG, "Package named '" + packageName +"' doesn't exist."); return false; } final ApplicationInfo applicationInfo = p.applicationInfo; if (applicationInfo == null) { Slog.w(TAG, "Package " + packageName + " has no applicationInfo."); return false; } int retCode = mInstaller.deleteCacheFiles(packageName, userId); if (retCode < 0) { Slog.w(TAG, "Couldn't remove cache files for package: " + packageName + " u" + userId); return false; } return true; } public void getPackageSizeInfo(final String packageName, int userHandle, final IPackageStatsObserver observer) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.GET_PACKAGE_SIZE, null); PackageStats stats = new PackageStats(packageName, userHandle); /* * Queue up an async operation since the package measurement may take a * little while. */ Message msg = mHandler.obtainMessage(INIT_COPY); msg.obj = new MeasureParams(stats, observer); mHandler.sendMessage(msg); } private boolean getPackageSizeInfoLI(String packageName, int userHandle, PackageStats pStats) { if (packageName == null) { Slog.w(TAG, "Attempt to get size of null packageName."); return false; } PackageParser.Package p; boolean dataOnly = false; String asecPath = null; synchronized (mPackages) { p = mPackages.get(packageName); if(p == null) { dataOnly = true; PackageSetting ps = mSettings.mPackages.get(packageName); if((ps == null) || (ps.pkg == null)) { Slog.w(TAG, "Package named '" + packageName +"' doesn't exist."); return false; } p = ps.pkg; } if (p != null && (isExternal(p) || isForwardLocked(p))) { String secureContainerId = cidFromCodePath(p.applicationInfo.sourceDir); if (secureContainerId != null) { asecPath = PackageHelper.getSdFilesystem(secureContainerId); } } } String publicSrcDir = null; if(!dataOnly) { final ApplicationInfo applicationInfo = p.applicationInfo; if (applicationInfo == null) { Slog.w(TAG, "Package " + packageName + " has no applicationInfo."); return false; } if (isForwardLocked(p)) { publicSrcDir = applicationInfo.publicSourceDir; } } int res = mInstaller.getSizeInfo(packageName, userHandle, p.mPath, publicSrcDir, asecPath, pStats); if (res < 0) { return false; } // Fix-up for forward-locked applications in ASEC containers. if (!isExternal(p)) { pStats.codeSize += pStats.externalCodeSize; pStats.externalCodeSize = 0L; } return true; } public void addPackageToPreferred(String packageName) { Slog.w(TAG, "addPackageToPreferred: this is now a no-op"); } public void removePackageFromPreferred(String packageName) { Slog.w(TAG, "removePackageFromPreferred: this is now a no-op"); } public List getPreferredPackages(int flags) { return new ArrayList(); } private int getUidTargetSdkVersionLockedLPr(int uid) { Object obj = mSettings.getUserIdLPr(uid); if (obj instanceof SharedUserSetting) { final SharedUserSetting sus = (SharedUserSetting) obj; int vers = Build.VERSION_CODES.CUR_DEVELOPMENT; final Iterator it = sus.packages.iterator(); while (it.hasNext()) { final PackageSetting ps = it.next(); if (ps.pkg != null) { int v = ps.pkg.applicationInfo.targetSdkVersion; if (v < vers) vers = v; } } return vers; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; if (ps.pkg != null) { return ps.pkg.applicationInfo.targetSdkVersion; } } return Build.VERSION_CODES.CUR_DEVELOPMENT; } public void addPreferredActivity(IntentFilter filter, int match, ComponentName[] set, ComponentName activity, int userId) { // writer int callingUid = Binder.getCallingUid(); enforceCrossUserPermission(callingUid, userId, true, "add preferred activity"); synchronized (mPackages) { if (mContext.checkCallingOrSelfPermission( android.Manifest.permission.SET_PREFERRED_APPLICATIONS) != PackageManager.PERMISSION_GRANTED) { if (getUidTargetSdkVersionLockedLPr(callingUid) < Build.VERSION_CODES.FROYO) { Slog.w(TAG, "Ignoring addPreferredActivity() from uid " + callingUid); return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); } Slog.i(TAG, "Adding preferred activity " + activity + " for user " + userId + " :"); filter.dump(new LogPrinter(Log.INFO, TAG), " "); mSettings.editPreferredActivitiesLPw(userId).addFilter( new PreferredActivity(filter, match, set, activity)); mSettings.writePackageRestrictionsLPr(userId); } } public void replacePreferredActivity(IntentFilter filter, int match, ComponentName[] set, ComponentName activity) { if (filter.countActions() != 1) { throw new IllegalArgumentException( "replacePreferredActivity expects filter to have only 1 action."); } if (filter.countCategories() != 1) { throw new IllegalArgumentException( "replacePreferredActivity expects filter to have only 1 category."); } if (filter.countDataAuthorities() != 0 || filter.countDataPaths() != 0 || filter.countDataSchemes() != 0 || filter.countDataTypes() != 0) { throw new IllegalArgumentException( "replacePreferredActivity expects filter to have no data authorities, " + "paths, schemes or types."); } synchronized (mPackages) { if (mContext.checkCallingOrSelfPermission( android.Manifest.permission.SET_PREFERRED_APPLICATIONS) != PackageManager.PERMISSION_GRANTED) { if (getUidTargetSdkVersionLockedLPr(Binder.getCallingUid()) < Build.VERSION_CODES.FROYO) { Slog.w(TAG, "Ignoring replacePreferredActivity() from uid " + Binder.getCallingUid()); return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.SET_PREFERRED_APPLICATIONS, null); } final int callingUserId = UserHandle.getCallingUserId(); ArrayList removed = null; PreferredIntentResolver pir = mSettings.mPreferredActivities.get(callingUserId); if (pir != null) { Iterator it = pir.filterIterator(); String action = filter.getAction(0); String category = filter.getCategory(0); while (it.hasNext()) { PreferredActivity pa = it.next(); if (pa.getAction(0).equals(action) && pa.getCategory(0).equals(category)) { if (removed == null) { removed = new ArrayList(); } removed.add(pa); Log.i(TAG, "Removing preferred activity " + pa.mPref.mComponent + ":"); filter.dump(new LogPrinter(Log.INFO, TAG), " "); } } if (removed != null) { for (int i=0; i removed = null; boolean changed = false; for (int i=0; i it = pir.filterIterator(); while (it.hasNext()) { PreferredActivity pa = it.next(); if (pa.mPref.mComponent.getPackageName().equals(packageName)) { if (removed == null) { removed = new ArrayList(); } removed.add(pa); } } if (removed != null) { for (int j=0; j outFilters, List outActivities, String packageName) { int num = 0; final int userId = UserHandle.getCallingUserId(); // reader synchronized (mPackages) { PreferredIntentResolver pir = mSettings.mPreferredActivities.get(userId); if (pir != null) { final Iterator it = pir.filterIterator(); while (it.hasNext()) { final PreferredActivity pa = it.next(); if (packageName == null || pa.mPref.mComponent.getPackageName().equals(packageName)) { if (outFilters != null) { outFilters.add(new IntentFilter(pa)); } if (outActivities != null) { outActivities.add(pa.mPref.mComponent); } } } } } return num; } @Override public void setApplicationEnabledSetting(String appPackageName, int newState, int flags, int userId) { if (!sUserManager.exists(userId)) return; setEnabledSetting(appPackageName, null, newState, flags, userId); } @Override public void setComponentEnabledSetting(ComponentName componentName, int newState, int flags, int userId) { if (!sUserManager.exists(userId)) return; setEnabledSetting(componentName.getPackageName(), componentName.getClassName(), newState, flags, userId); } private void setEnabledSetting( final String packageName, String className, int newState, final int flags, int userId) { if (!(newState == COMPONENT_ENABLED_STATE_DEFAULT || newState == COMPONENT_ENABLED_STATE_ENABLED || newState == COMPONENT_ENABLED_STATE_DISABLED || newState == COMPONENT_ENABLED_STATE_DISABLED_USER)) { throw new IllegalArgumentException("Invalid new component state: " + newState); } PackageSetting pkgSetting; final int uid = Binder.getCallingUid(); final int permission = mContext.checkCallingPermission( android.Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE); enforceCrossUserPermission(uid, userId, false, "set enabled"); final boolean allowedByPermission = (permission == PackageManager.PERMISSION_GRANTED); boolean sendNow = false; boolean isApp = (className == null); String componentName = isApp ? packageName : className; int packageUid = -1; ArrayList components; // writer synchronized (mPackages) { pkgSetting = mSettings.mPackages.get(packageName); if (pkgSetting == null) { if (className == null) { throw new IllegalArgumentException( "Unknown package: " + packageName); } throw new IllegalArgumentException( "Unknown component: " + packageName + "/" + className); } // Allow root and verify that userId is not being specified by a different user if (!allowedByPermission && !UserHandle.isSameApp(uid, pkgSetting.appId)) { throw new SecurityException( "Permission Denial: attempt to change component state from pid=" + Binder.getCallingPid() + ", uid=" + uid + ", package uid=" + pkgSetting.appId); } if (className == null) { // We're dealing with an application/package level state change if (pkgSetting.getEnabled(userId) == newState) { // Nothing to do return; } pkgSetting.setEnabled(newState, userId); // pkgSetting.pkg.mSetEnabled = newState; } else { // We're dealing with a component level state change // First, verify that this is a valid class name. PackageParser.Package pkg = pkgSetting.pkg; if (pkg == null || !pkg.hasComponentClassName(className)) { if (pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.JELLY_BEAN) { throw new IllegalArgumentException("Component class " + className + " does not exist in " + packageName); } else { Slog.w(TAG, "Failed setComponentEnabledSetting: component class " + className + " does not exist in " + packageName); } } switch (newState) { case COMPONENT_ENABLED_STATE_ENABLED: if (!pkgSetting.enableComponentLPw(className, userId)) { return; } break; case COMPONENT_ENABLED_STATE_DISABLED: if (!pkgSetting.disableComponentLPw(className, userId)) { return; } break; case COMPONENT_ENABLED_STATE_DEFAULT: if (!pkgSetting.restoreComponentLPw(className, userId)) { return; } break; default: Slog.e(TAG, "Invalid new component state: " + newState); return; } } mSettings.writePackageRestrictionsLPr(userId); packageUid = UserHandle.getUid(userId, pkgSetting.appId); components = mPendingBroadcasts.get(packageName); final boolean newPackage = components == null; if (newPackage) { components = new ArrayList(); } if (!components.contains(componentName)) { components.add(componentName); } if ((flags&PackageManager.DONT_KILL_APP) == 0) { sendNow = true; // Purge entry from pending broadcast list if another one exists already // since we are sending one right away. mPendingBroadcasts.remove(packageName); } else { if (newPackage) { mPendingBroadcasts.put(packageName, components); } if (!mHandler.hasMessages(SEND_PENDING_BROADCAST)) { // Schedule a message mHandler.sendEmptyMessageDelayed(SEND_PENDING_BROADCAST, BROADCAST_DELAY); } } } long callingId = Binder.clearCallingIdentity(); try { if (sendNow) { sendPackageChangedBroadcast(packageName, (flags&PackageManager.DONT_KILL_APP) != 0, components, packageUid); } } finally { Binder.restoreCallingIdentity(callingId); } } private void sendPackageChangedBroadcast(String packageName, boolean killFlag, ArrayList componentNames, int packageUid) { if (DEBUG_INSTALL) Log.v(TAG, "Sending package changed: package=" + packageName + " components=" + componentNames); Bundle extras = new Bundle(4); extras.putString(Intent.EXTRA_CHANGED_COMPONENT_NAME, componentNames.get(0)); String nameList[] = new String[componentNames.size()]; componentNames.toArray(nameList); extras.putStringArray(Intent.EXTRA_CHANGED_COMPONENT_NAME_LIST, nameList); extras.putBoolean(Intent.EXTRA_DONT_KILL_APP, killFlag); extras.putInt(Intent.EXTRA_UID, packageUid); sendPackageBroadcast(Intent.ACTION_PACKAGE_CHANGED, packageName, extras, null, null, new int[] {UserHandle.getUserId(packageUid)}); } public void setPackageStoppedState(String packageName, boolean stopped, int userId) { if (!sUserManager.exists(userId)) return; final int uid = Binder.getCallingUid(); final int permission = mContext.checkCallingOrSelfPermission( android.Manifest.permission.CHANGE_COMPONENT_ENABLED_STATE); final boolean allowedByPermission = (permission == PackageManager.PERMISSION_GRANTED); enforceCrossUserPermission(uid, userId, true, "stop package"); // writer synchronized (mPackages) { if (mSettings.setPackageStoppedStateLPw(packageName, stopped, allowedByPermission, uid, userId)) { scheduleWritePackageRestrictionsLocked(userId); } } } public String getInstallerPackageName(String packageName) { // reader synchronized (mPackages) { return mSettings.getInstallerPackageNameLPr(packageName); } } @Override public int getApplicationEnabledSetting(String packageName, int userId) { if (!sUserManager.exists(userId)) return COMPONENT_ENABLED_STATE_DISABLED; int uid = Binder.getCallingUid(); enforceCrossUserPermission(uid, userId, false, "get enabled"); // reader synchronized (mPackages) { return mSettings.getApplicationEnabledSettingLPr(packageName, userId); } } @Override public int getComponentEnabledSetting(ComponentName componentName, int userId) { if (!sUserManager.exists(userId)) return COMPONENT_ENABLED_STATE_DISABLED; int uid = Binder.getCallingUid(); enforceCrossUserPermission(uid, userId, false, "get component enabled"); // reader synchronized (mPackages) { return mSettings.getComponentEnabledSettingLPr(componentName, userId); } } public void enterSafeMode() { enforceSystemOrRoot("Only the system can request entering safe mode"); if (!mSystemReady) { mSafeMode = true; } } public void systemReady() { mSystemReady = true; // Read the compatibilty setting when the system is ready. boolean compatibilityModeEnabled = android.provider.Settings.Global.getInt( mContext.getContentResolver(), android.provider.Settings.Global.COMPATIBILITY_MODE, 1) == 1; PackageParser.setCompatibilityModeEnabled(compatibilityModeEnabled); if (DEBUG_SETTINGS) { Log.d(TAG, "compatibility mode:" + compatibilityModeEnabled); } synchronized (mPackages) { // Verify that all of the preferred activity components actually // exist. It is possible for applications to be updated and at // that point remove a previously declared activity component that // had been set as a preferred activity. We try to clean this up // the next time we encounter that preferred activity, but it is // possible for the user flow to never be able to return to that // situation so here we do a sanity check to make sure we haven't // left any junk around. ArrayList removed = new ArrayList(); for (int i=0; i 0) { for (int j=0; j 0) buf.append(", "); buf.append(array[i]); } } buf.append(']'); return buf.toString(); } static class DumpState { public static final int DUMP_LIBS = 1 << 0; public static final int DUMP_FEATURES = 1 << 1; public static final int DUMP_RESOLVERS = 1 << 2; public static final int DUMP_PERMISSIONS = 1 << 3; public static final int DUMP_PACKAGES = 1 << 4; public static final int DUMP_SHARED_USERS = 1 << 5; public static final int DUMP_MESSAGES = 1 << 6; public static final int DUMP_PROVIDERS = 1 << 7; public static final int DUMP_VERIFIERS = 1 << 8; public static final int DUMP_PREFERRED = 1 << 9; public static final int DUMP_PREFERRED_XML = 1 << 10; public static final int OPTION_SHOW_FILTERS = 1 << 0; private int mTypes; private int mOptions; private boolean mTitlePrinted; private SharedUserSetting mSharedUser; public boolean isDumping(int type) { if (mTypes == 0 && type != DUMP_PREFERRED_XML) { return true; } return (mTypes & type) != 0; } public void setDump(int type) { mTypes |= type; } public boolean isOptionEnabled(int option) { return (mOptions & option) != 0; } public void setOptionEnabled(int option) { mOptions |= option; } public boolean onTitlePrinted() { final boolean printed = mTitlePrinted; mTitlePrinted = true; return printed; } public boolean getTitlePrinted() { return mTitlePrinted; } public void setTitlePrinted(boolean enabled) { mTitlePrinted = enabled; } public SharedUserSetting getSharedUser() { return mSharedUser; } public void setSharedUser(SharedUserSetting user) { mSharedUser = user; } } @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) != PackageManager.PERMISSION_GRANTED) { pw.println("Permission Denial: can't dump ActivityManager from from pid=" + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() + " without permission " + android.Manifest.permission.DUMP); return; } DumpState dumpState = new DumpState(); String packageName = null; int opti = 0; while (opti < args.length) { String opt = args[opti]; if (opt == null || opt.length() <= 0 || opt.charAt(0) != '-') { break; } opti++; if ("-a".equals(opt)) { // Right now we only know how to print all. } else if ("-h".equals(opt)) { pw.println("Package manager dump options:"); pw.println(" [-h] [-f] [cmd] ..."); pw.println(" -f: print details of intent filters"); pw.println(" -h: print this help"); pw.println(" cmd may be one of:"); pw.println(" l[ibraries]: list known shared libraries"); pw.println(" f[ibraries]: list device features"); pw.println(" r[esolvers]: dump intent resolvers"); pw.println(" perm[issions]: dump permissions"); pw.println(" pref[erred]: print preferred package settings"); pw.println(" preferred-xml: print preferred package settings as xml"); pw.println(" prov[iders]: dump content providers"); pw.println(" p[ackages]: dump installed packages"); pw.println(" s[hared-users]: dump shared user IDs"); pw.println(" m[essages]: print collected runtime messages"); pw.println(" v[erifiers]: print package verifier info"); pw.println(" : info about given package"); return; } else if ("-f".equals(opt)) { dumpState.setOptionEnabled(DumpState.OPTION_SHOW_FILTERS); } else { pw.println("Unknown argument: " + opt + "; use -h for help"); } } // Is the caller requesting to dump a particular piece of data? if (opti < args.length) { String cmd = args[opti]; opti++; // Is this a package name? if ("android".equals(cmd) || cmd.contains(".")) { packageName = cmd; } else if ("l".equals(cmd) || "libraries".equals(cmd)) { dumpState.setDump(DumpState.DUMP_LIBS); } else if ("f".equals(cmd) || "features".equals(cmd)) { dumpState.setDump(DumpState.DUMP_FEATURES); } else if ("r".equals(cmd) || "resolvers".equals(cmd)) { dumpState.setDump(DumpState.DUMP_RESOLVERS); } else if ("perm".equals(cmd) || "permissions".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PERMISSIONS); } else if ("pref".equals(cmd) || "preferred".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PREFERRED); } else if ("preferred-xml".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PREFERRED_XML); } else if ("p".equals(cmd) || "packages".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PACKAGES); } else if ("s".equals(cmd) || "shared-users".equals(cmd)) { dumpState.setDump(DumpState.DUMP_SHARED_USERS); } else if ("prov".equals(cmd) || "providers".equals(cmd)) { dumpState.setDump(DumpState.DUMP_PROVIDERS); } else if ("m".equals(cmd) || "messages".equals(cmd)) { dumpState.setDump(DumpState.DUMP_MESSAGES); } else if ("v".equals(cmd) || "verifiers".equals(cmd)) { dumpState.setDump(DumpState.DUMP_VERIFIERS); } } // reader synchronized (mPackages) { if (dumpState.isDumping(DumpState.DUMP_VERIFIERS) && packageName == null) { if (dumpState.onTitlePrinted()) pw.println(" "); pw.println("Verifiers:"); pw.print(" Required: "); pw.print(mRequiredVerifierPackage); pw.print(" (uid="); pw.print(getPackageUid(mRequiredVerifierPackage, 0)); pw.println(")"); } if (dumpState.isDumping(DumpState.DUMP_LIBS) && packageName == null) { if (dumpState.onTitlePrinted()) pw.println(" "); pw.println("Libraries:"); final Iterator it = mSharedLibraries.keySet().iterator(); while (it.hasNext()) { String name = it.next(); pw.print(" "); pw.print(name); pw.print(" -> "); pw.println(mSharedLibraries.get(name)); } } if (dumpState.isDumping(DumpState.DUMP_FEATURES) && packageName == null) { if (dumpState.onTitlePrinted()) pw.println(" "); pw.println("Features:"); Iterator it = mAvailableFeatures.keySet().iterator(); while (it.hasNext()) { String name = it.next(); pw.print(" "); pw.println(name); } } if (dumpState.isDumping(DumpState.DUMP_RESOLVERS)) { if (mActivities.dump(pw, dumpState.getTitlePrinted() ? "\nActivity Resolver Table:" : "Activity Resolver Table:", " ", packageName, dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS))) { dumpState.setTitlePrinted(true); } if (mReceivers.dump(pw, dumpState.getTitlePrinted() ? "\nReceiver Resolver Table:" : "Receiver Resolver Table:", " ", packageName, dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS))) { dumpState.setTitlePrinted(true); } if (mServices.dump(pw, dumpState.getTitlePrinted() ? "\nService Resolver Table:" : "Service Resolver Table:", " ", packageName, dumpState.isOptionEnabled(DumpState.OPTION_SHOW_FILTERS))) { dumpState.setTitlePrinted(true); } } if (dumpState.isDumping(DumpState.DUMP_PREFERRED)) { for (int i=0; i entry : mProviders.entrySet()) { PackageParser.Provider p = entry.getValue(); if (packageName != null && !packageName.equals(p.info.packageName)) { continue; } if (!printedSomething) { if (dumpState.onTitlePrinted()) pw.println(" "); pw.println("ContentProvider Authorities:"); printedSomething = true; } pw.print(" ["); pw.print(entry.getKey()); pw.println("]:"); pw.print(" "); pw.println(p.toString()); if (p.info != null && p.info.applicationInfo != null) { final String appInfo = p.info.applicationInfo.toString(); pw.print(" applicationInfo="); pw.println(appInfo); } } } if (dumpState.isDumping(DumpState.DUMP_PACKAGES)) { mSettings.dumpPackagesLPr(pw, packageName, dumpState); } if (dumpState.isDumping(DumpState.DUMP_SHARED_USERS)) { mSettings.dumpSharedUsersLPr(pw, packageName, dumpState); } if (dumpState.isDumping(DumpState.DUMP_MESSAGES) && packageName == null) { if (dumpState.onTitlePrinted()) pw.println(" "); mSettings.dumpReadMessagesLPr(pw, dumpState); pw.println(" "); pw.println("Package warning messages:"); final File fname = getSettingsProblemFile(); FileInputStream in = null; try { in = new FileInputStream(fname); final int avail = in.available(); final byte[] data = new byte[avail]; in.read(data); pw.print(new String(data)); } catch (FileNotFoundException e) { } catch (IOException e) { } finally { if (in != null) { try { in.close(); } catch (IOException e) { } } } } } } // ------- apps on sdcard specific code ------- static final boolean DEBUG_SD_INSTALL = false; private static final String SD_ENCRYPTION_KEYSTORE_NAME = "AppsOnSD"; private static final String SD_ENCRYPTION_ALGORITHM = "AES"; private boolean mMediaMounted = false; private String getEncryptKey() { try { String sdEncKey = SystemKeyStore.getInstance().retrieveKeyHexString( SD_ENCRYPTION_KEYSTORE_NAME); if (sdEncKey == null) { sdEncKey = SystemKeyStore.getInstance().generateNewKeyHexString(128, SD_ENCRYPTION_ALGORITHM, SD_ENCRYPTION_KEYSTORE_NAME); if (sdEncKey == null) { Slog.e(TAG, "Failed to create encryption keys"); return null; } } return sdEncKey; } catch (NoSuchAlgorithmException nsae) { Slog.e(TAG, "Failed to create encryption keys with exception: " + nsae); return null; } catch (IOException ioe) { Slog.e(TAG, "Failed to retrieve encryption keys with exception: " + ioe); return null; } } /* package */static String getTempContainerId() { int tmpIdx = 1; String list[] = PackageHelper.getSecureContainerList(); if (list != null) { for (final String name : list) { // Ignore null and non-temporary container entries if (name == null || !name.startsWith(mTempContainerPrefix)) { continue; } String subStr = name.substring(mTempContainerPrefix.length()); try { int cid = Integer.parseInt(subStr); if (cid >= tmpIdx) { tmpIdx = cid + 1; } } catch (NumberFormatException e) { } } } return mTempContainerPrefix + tmpIdx; } /* * Update media status on PackageManager. */ public void updateExternalMediaStatus(final boolean mediaStatus, final boolean reportStatus) { int callingUid = Binder.getCallingUid(); if (callingUid != 0 && callingUid != Process.SYSTEM_UID) { throw new SecurityException("Media status can only be updated by the system"); } // reader; this apparently protects mMediaMounted, but should probably // be a different lock in that case. synchronized (mPackages) { Log.i(TAG, "Updating external media status from " + (mMediaMounted ? "mounted" : "unmounted") + " to " + (mediaStatus ? "mounted" : "unmounted")); if (DEBUG_SD_INSTALL) Log.i(TAG, "updateExternalMediaStatus:: mediaStatus=" + mediaStatus + ", mMediaMounted=" + mMediaMounted); if (mediaStatus == mMediaMounted) { final Message msg = mHandler.obtainMessage(UPDATED_MEDIA_STATUS, reportStatus ? 1 : 0, -1); mHandler.sendMessage(msg); return; } mMediaMounted = mediaStatus; } // Queue up an async operation since the package installation may take a // little while. mHandler.post(new Runnable() { public void run() { updateExternalMediaStatusInner(mediaStatus, reportStatus, true); } }); } /** * Called by MountService when the initial ASECs to scan are available. * Should block until all the ASEC containers are finished being scanned. */ public void scanAvailableAsecs() { updateExternalMediaStatusInner(true, false, false); } /* * Collect information of applications on external media, map them against * existing containers and update information based on current mount status. * Please note that we always have to report status if reportStatus has been * set to true especially when unloading packages. */ private void updateExternalMediaStatusInner(boolean isMounted, boolean reportStatus, boolean externalStorage) { // Collection of uids int uidArr[] = null; // Collection of stale containers HashSet removeCids = new HashSet(); // Collection of packages on external media with valid containers. HashMap processCids = new HashMap(); // Get list of secure containers. final String list[] = PackageHelper.getSecureContainerList(); if (list == null || list.length == 0) { Log.i(TAG, "No secure containers on sdcard"); } else { // Process list of secure containers and categorize them // as active or stale based on their package internal state. int uidList[] = new int[list.length]; int num = 0; // reader synchronized (mPackages) { for (String cid : list) { if (DEBUG_SD_INSTALL) Log.i(TAG, "Processing container " + cid); String pkgName = getAsecPackageName(cid); if (pkgName == null) { if (DEBUG_SD_INSTALL) Log.i(TAG, "Container : " + cid + " stale"); removeCids.add(cid); continue; } if (DEBUG_SD_INSTALL) Log.i(TAG, "Looking for pkg : " + pkgName); final PackageSetting ps = mSettings.mPackages.get(pkgName); if (ps == null) { Log.i(TAG, "Deleting container with no matching settings " + cid); removeCids.add(cid); continue; } /* * Skip packages that are not external if we're unmounting * external storage. */ if (externalStorage && !isMounted && !isExternal(ps)) { continue; } final AsecInstallArgs args = new AsecInstallArgs(cid, isForwardLocked(ps)); // The package status is changed only if the code path // matches between settings and the container id. if (ps.codePathString != null && ps.codePathString.equals(args.getCodePath())) { if (DEBUG_SD_INSTALL) { Log.i(TAG, "Container : " + cid + " corresponds to pkg : " + pkgName + " at code path: " + ps.codePathString); } // We do have a valid package installed on sdcard processCids.put(args, ps.codePathString); final int uid = ps.appId; if (uid != -1) { uidList[num++] = uid; } } else { Log.i(TAG, "Deleting stale container for " + cid); removeCids.add(cid); } } } if (num > 0) { // Sort uid list Arrays.sort(uidList, 0, num); // Throw away duplicates uidArr = new int[num]; uidArr[0] = uidList[0]; int di = 0; for (int i = 1; i < num; i++) { if (uidList[i - 1] != uidList[i]) { uidArr[di++] = uidList[i]; } } } } // Process packages with valid entries. if (isMounted) { if (DEBUG_SD_INSTALL) Log.i(TAG, "Loading packages"); loadMediaPackages(processCids, uidArr, removeCids); startCleaningPackages(); } else { if (DEBUG_SD_INSTALL) Log.i(TAG, "Unloading packages"); unloadMediaPackages(processCids, uidArr, reportStatus); } } private void sendResourcesChangedBroadcast(boolean mediaStatus, ArrayList pkgList, int uidArr[], IIntentReceiver finishedReceiver) { int size = pkgList.size(); if (size > 0) { // Send broadcasts here Bundle extras = new Bundle(); extras.putStringArray(Intent.EXTRA_CHANGED_PACKAGE_LIST, pkgList .toArray(new String[size])); if (uidArr != null) { extras.putIntArray(Intent.EXTRA_CHANGED_UID_LIST, uidArr); } String action = mediaStatus ? Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE : Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE; sendPackageBroadcast(action, null, extras, null, finishedReceiver, null); } } /* * Look at potentially valid container ids from processCids If package * information doesn't match the one on record or package scanning fails, * the cid is added to list of removeCids. We currently don't delete stale * containers. */ private void loadMediaPackages(HashMap processCids, int uidArr[], HashSet removeCids) { ArrayList pkgList = new ArrayList(); Set keys = processCids.keySet(); boolean doGc = false; for (AsecInstallArgs args : keys) { String codePath = processCids.get(args); if (DEBUG_SD_INSTALL) Log.i(TAG, "Loading container : " + args.cid); int retCode = PackageManager.INSTALL_FAILED_CONTAINER_ERROR; try { // Make sure there are no container errors first. if (args.doPreInstall(PackageManager.INSTALL_SUCCEEDED) != PackageManager.INSTALL_SUCCEEDED) { Slog.e(TAG, "Failed to mount cid : " + args.cid + " when installing from sdcard"); continue; } // Check code path here. if (codePath == null || !codePath.equals(args.getCodePath())) { Slog.e(TAG, "Container " + args.cid + " cachepath " + args.getCodePath() + " does not match one in settings " + codePath); continue; } // Parse package int parseFlags = mDefParseFlags; if (args.isExternal()) { parseFlags |= PackageParser.PARSE_ON_SDCARD; } if (args.isFwdLocked()) { parseFlags |= PackageParser.PARSE_FORWARD_LOCK; } doGc = true; synchronized (mInstallLock) { final PackageParser.Package pkg = scanPackageLI(new File(codePath), parseFlags, 0, 0, null); // Scan the package if (pkg != null) { /* * TODO why is the lock being held? doPostInstall is * called in other places without the lock. This needs * to be straightened out. */ // writer synchronized (mPackages) { retCode = PackageManager.INSTALL_SUCCEEDED; pkgList.add(pkg.packageName); // Post process args args.doPostInstall(PackageManager.INSTALL_SUCCEEDED, pkg.applicationInfo.uid); } } else { Slog.i(TAG, "Failed to install pkg from " + codePath + " from sdcard"); } } } finally { if (retCode != PackageManager.INSTALL_SUCCEEDED) { // Don't destroy container here. Wait till gc clears things // up. removeCids.add(args.cid); } } } // writer synchronized (mPackages) { // If the platform SDK has changed since the last time we booted, // we need to re-grant app permission to catch any new ones that // appear. This is really a hack, and means that apps can in some // cases get permissions that the user didn't initially explicitly // allow... it would be nice to have some better way to handle // this situation. final boolean regrantPermissions = mSettings.mExternalSdkPlatform != mSdkVersion; if (regrantPermissions) Slog.i(TAG, "Platform changed from " + mSettings.mExternalSdkPlatform + " to " + mSdkVersion + "; regranting permissions for external storage"); mSettings.mExternalSdkPlatform = mSdkVersion; // Make sure group IDs have been assigned, and any permission // changes in other apps are accounted for updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL | (regrantPermissions ? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL) : 0)); // can downgrade to reader // Persist settings mSettings.writeLPr(); } // Send a broadcast to let everyone know we are done processing if (pkgList.size() > 0) { sendResourcesChangedBroadcast(true, pkgList, uidArr, null); } // Force gc to avoid any stale parser references that we might have. if (doGc) { Runtime.getRuntime().gc(); } // List stale containers and destroy stale temporary containers. if (removeCids != null) { for (String cid : removeCids) { if (cid.startsWith(mTempContainerPrefix)) { Log.i(TAG, "Destroying stale temporary container " + cid); PackageHelper.destroySdDir(cid); } else { Log.w(TAG, "Container " + cid + " is stale"); } } } } /* * Utility method to unload a list of specified containers */ private void unloadAllContainers(Set cidArgs) { // Just unmount all valid containers. for (AsecInstallArgs arg : cidArgs) { synchronized (mInstallLock) { arg.doPostDeleteLI(false); } } } /* * Unload packages mounted on external media. This involves deleting package * data from internal structures, sending broadcasts about diabled packages, * gc'ing to free up references, unmounting all secure containers * corresponding to packages on external media, and posting a * UPDATED_MEDIA_STATUS message if status has been requested. Please note * that we always have to post this message if status has been requested no * matter what. */ private void unloadMediaPackages(HashMap processCids, int uidArr[], final boolean reportStatus) { if (DEBUG_SD_INSTALL) Log.i(TAG, "unloading media packages"); ArrayList pkgList = new ArrayList(); ArrayList failedList = new ArrayList(); final Set keys = processCids.keySet(); for (AsecInstallArgs args : keys) { String pkgName = args.getPackageName(); if (DEBUG_SD_INSTALL) Log.i(TAG, "Trying to unload pkg : " + pkgName); // Delete package internally PackageRemovedInfo outInfo = new PackageRemovedInfo(); synchronized (mInstallLock) { boolean res = deletePackageLI(pkgName, null, false, PackageManager.DELETE_KEEP_DATA, outInfo, false); if (res) { pkgList.add(pkgName); } else { Slog.e(TAG, "Failed to delete pkg from sdcard : " + pkgName); failedList.add(args); } } } // reader synchronized (mPackages) { // We didn't update the settings after removing each package; // write them now for all packages. mSettings.writeLPr(); } // We have to absolutely send UPDATED_MEDIA_STATUS only // after confirming that all the receivers processed the ordered // broadcast when packages get disabled, force a gc to clean things up. // and unload all the containers. if (pkgList.size() > 0) { sendResourcesChangedBroadcast(false, pkgList, uidArr, new IIntentReceiver.Stub() { public void performReceive(Intent intent, int resultCode, String data, Bundle extras, boolean ordered, boolean sticky, int sendingUser) throws RemoteException { Message msg = mHandler.obtainMessage(UPDATED_MEDIA_STATUS, reportStatus ? 1 : 0, 1, keys); mHandler.sendMessage(msg); } }); } else { Message msg = mHandler.obtainMessage(UPDATED_MEDIA_STATUS, reportStatus ? 1 : 0, -1, keys); mHandler.sendMessage(msg); } } /** Binder call */ @Override public void movePackage(final String packageName, final IPackageMoveObserver observer, final int flags) { mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MOVE_PACKAGE, null); UserHandle user = new UserHandle(UserHandle.getCallingUserId()); int returnCode = PackageManager.MOVE_SUCCEEDED; int currFlags = 0; int newFlags = 0; // reader synchronized (mPackages) { PackageParser.Package pkg = mPackages.get(packageName); if (pkg == null) { returnCode = PackageManager.MOVE_FAILED_DOESNT_EXIST; } else { // Disable moving fwd locked apps and system packages if (pkg.applicationInfo != null && isSystemApp(pkg)) { Slog.w(TAG, "Cannot move system application"); returnCode = PackageManager.MOVE_FAILED_SYSTEM_PACKAGE; } else if (pkg.mOperationPending) { Slog.w(TAG, "Attempt to move package which has pending operations"); returnCode = PackageManager.MOVE_FAILED_OPERATION_PENDING; } else { // Find install location first if ((flags & PackageManager.MOVE_EXTERNAL_MEDIA) != 0 && (flags & PackageManager.MOVE_INTERNAL) != 0) { Slog.w(TAG, "Ambigous flags specified for move location."); returnCode = PackageManager.MOVE_FAILED_INVALID_LOCATION; } else { newFlags = (flags & PackageManager.MOVE_EXTERNAL_MEDIA) != 0 ? PackageManager.INSTALL_EXTERNAL : PackageManager.INSTALL_INTERNAL; currFlags = isExternal(pkg) ? PackageManager.INSTALL_EXTERNAL : PackageManager.INSTALL_INTERNAL; if (newFlags == currFlags) { Slog.w(TAG, "No move required. Trying to move to same location"); returnCode = PackageManager.MOVE_FAILED_INVALID_LOCATION; } else { if (isForwardLocked(pkg)) { currFlags |= PackageManager.INSTALL_FORWARD_LOCK; newFlags |= PackageManager.INSTALL_FORWARD_LOCK; } } } if (returnCode == PackageManager.MOVE_SUCCEEDED) { pkg.mOperationPending = true; } } } /* * TODO this next block probably shouldn't be inside the lock. We * can't guarantee these won't change after this is fired off * anyway. */ if (returnCode != PackageManager.MOVE_SUCCEEDED) { processPendingMove(new MoveParams(null, observer, 0, packageName, null, -1, user), returnCode); } else { Message msg = mHandler.obtainMessage(INIT_COPY); InstallArgs srcArgs = createInstallArgs(currFlags, pkg.applicationInfo.sourceDir, pkg.applicationInfo.publicSourceDir, pkg.applicationInfo.nativeLibraryDir); MoveParams mp = new MoveParams(srcArgs, observer, newFlags, packageName, pkg.applicationInfo.dataDir, pkg.applicationInfo.uid, user); msg.obj = mp; mHandler.sendMessage(msg); } } } private void processPendingMove(final MoveParams mp, final int currentStatus) { // Queue up an async operation since the package deletion may take a // little while. mHandler.post(new Runnable() { public void run() { // TODO fix this; this does nothing. mHandler.removeCallbacks(this); int returnCode = currentStatus; if (currentStatus == PackageManager.MOVE_SUCCEEDED) { int uidArr[] = null; ArrayList pkgList = null; synchronized (mPackages) { PackageParser.Package pkg = mPackages.get(mp.packageName); if (pkg == null) { Slog.w(TAG, " Package " + mp.packageName + " doesn't exist. Aborting move"); returnCode = PackageManager.MOVE_FAILED_DOESNT_EXIST; } else if (!mp.srcArgs.getCodePath().equals(pkg.applicationInfo.sourceDir)) { Slog.w(TAG, "Package " + mp.packageName + " code path changed from " + mp.srcArgs.getCodePath() + " to " + pkg.applicationInfo.sourceDir + " Aborting move and returning error"); returnCode = PackageManager.MOVE_FAILED_INTERNAL_ERROR; } else { uidArr = new int[] { pkg.applicationInfo.uid }; pkgList = new ArrayList(); pkgList.add(mp.packageName); } } if (returnCode == PackageManager.MOVE_SUCCEEDED) { // Send resources unavailable broadcast sendResourcesChangedBroadcast(false, pkgList, uidArr, null); // Update package code and resource paths synchronized (mInstallLock) { synchronized (mPackages) { PackageParser.Package pkg = mPackages.get(mp.packageName); // Recheck for package again. if (pkg == null) { Slog.w(TAG, " Package " + mp.packageName + " doesn't exist. Aborting move"); returnCode = PackageManager.MOVE_FAILED_DOESNT_EXIST; } else if (!mp.srcArgs.getCodePath().equals( pkg.applicationInfo.sourceDir)) { Slog.w(TAG, "Package " + mp.packageName + " code path changed from " + mp.srcArgs.getCodePath() + " to " + pkg.applicationInfo.sourceDir + " Aborting move and returning error"); returnCode = PackageManager.MOVE_FAILED_INTERNAL_ERROR; } else { final String oldCodePath = pkg.mPath; final String newCodePath = mp.targetArgs.getCodePath(); final String newResPath = mp.targetArgs.getResourcePath(); final String newNativePath = mp.targetArgs .getNativeLibraryPath(); final File newNativeDir = new File(newNativePath); if (!isForwardLocked(pkg) && !isExternal(pkg)) { NativeLibraryHelper.copyNativeBinariesIfNeededLI( new File(newCodePath), newNativeDir); } final int[] users = sUserManager.getUserIds(); for (int user : users) { if (mInstaller.linkNativeLibraryDirectory(pkg.packageName, newNativePath, user) < 0) { returnCode = PackageManager.MOVE_FAILED_INSUFFICIENT_STORAGE; } } if (returnCode == PackageManager.MOVE_SUCCEEDED) { pkg.mPath = newCodePath; // Move dex files around if (moveDexFilesLI(pkg) != PackageManager.INSTALL_SUCCEEDED) { // Moving of dex files failed. Set // error code and abort move. pkg.mPath = pkg.mScanPath; returnCode = PackageManager.MOVE_FAILED_INSUFFICIENT_STORAGE; } } if (returnCode == PackageManager.MOVE_SUCCEEDED) { pkg.mScanPath = newCodePath; pkg.applicationInfo.sourceDir = newCodePath; pkg.applicationInfo.publicSourceDir = newResPath; pkg.applicationInfo.nativeLibraryDir = newNativePath; PackageSetting ps = (PackageSetting) pkg.mExtras; ps.codePath = new File(pkg.applicationInfo.sourceDir); ps.codePathString = ps.codePath.getPath(); ps.resourcePath = new File( pkg.applicationInfo.publicSourceDir); ps.resourcePathString = ps.resourcePath.getPath(); ps.nativeLibraryPathString = newNativePath; // Set the application info flag // correctly. if ((mp.flags & PackageManager.INSTALL_EXTERNAL) != 0) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_EXTERNAL_STORAGE; } else { pkg.applicationInfo.flags &= ~ApplicationInfo.FLAG_EXTERNAL_STORAGE; } ps.setFlags(pkg.applicationInfo.flags); mAppDirs.remove(oldCodePath); mAppDirs.put(newCodePath, pkg); // Persist settings mSettings.writeLPr(); } } } } // Send resources available broadcast sendResourcesChangedBroadcast(true, pkgList, uidArr, null); } } if (returnCode != PackageManager.MOVE_SUCCEEDED) { // Clean up failed installation if (mp.targetArgs != null) { mp.targetArgs.doPostInstall(PackageManager.INSTALL_FAILED_INTERNAL_ERROR, -1); } } else { // Force a gc to clear things up. Runtime.getRuntime().gc(); // Delete older code synchronized (mInstallLock) { mp.srcArgs.doPostDeleteLI(true); } } // Allow more operations on this file if we didn't fail because // an operation was already pending for this package. if (returnCode != PackageManager.MOVE_FAILED_OPERATION_PENDING) { synchronized (mPackages) { PackageParser.Package pkg = mPackages.get(mp.packageName); if (pkg != null) { pkg.mOperationPending = false; } } } IPackageMoveObserver observer = mp.observer; if (observer != null) { try { observer.packageMoved(mp.packageName, returnCode); } catch (RemoteException e) { Log.i(TAG, "Observer no longer exists."); } } } }); } public boolean setInstallLocation(int loc) { mContext.enforceCallingOrSelfPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS, null); if (getInstallLocation() == loc) { return true; } if (loc == PackageHelper.APP_INSTALL_AUTO || loc == PackageHelper.APP_INSTALL_INTERNAL || loc == PackageHelper.APP_INSTALL_EXTERNAL) { android.provider.Settings.Global.putInt(mContext.getContentResolver(), android.provider.Settings.Global.DEFAULT_INSTALL_LOCATION, loc); return true; } return false; } public int getInstallLocation() { return android.provider.Settings.Global.getInt(mContext.getContentResolver(), android.provider.Settings.Global.DEFAULT_INSTALL_LOCATION, PackageHelper.APP_INSTALL_AUTO); } /** Called by UserManagerService */ void cleanUpUserLILPw(int userHandle) { if (mDirtyUsers.remove(userHandle)); mSettings.removeUserLPr(userHandle); if (mInstaller != null) { // Technically, we shouldn't be doing this with the package lock // held. However, this is very rare, and there is already so much // other disk I/O going on, that we'll let it slide for now. mInstaller.removeUserDataDirs(userHandle); } } /** Called by UserManagerService */ void createNewUserLILPw(int userHandle, File path) { if (mInstaller != null) { mSettings.createNewUserLILPw(mInstaller, userHandle, path); } } @Override public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.PACKAGE_VERIFICATION_AGENT, "Only package verification agents can read the verifier device identity"); synchronized (mPackages) { return mSettings.getVerifierDeviceIdentityLPw(); } } @Override public void setPermissionEnforced(String permission, boolean enforced) { mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null); if (READ_EXTERNAL_STORAGE.equals(permission)) { synchronized (mPackages) { if (mSettings.mReadExternalStorageEnforced == null || mSettings.mReadExternalStorageEnforced != enforced) { mSettings.mReadExternalStorageEnforced = enforced; mSettings.writeLPr(); // kill any non-foreground processes so we restart them and // grant/revoke the GID. final IActivityManager am = ActivityManagerNative.getDefault(); if (am != null) { final long token = Binder.clearCallingIdentity(); try { am.killProcessesBelowForeground("setPermissionEnforcement"); } catch (RemoteException e) { } finally { Binder.restoreCallingIdentity(token); } } } } } else { throw new IllegalArgumentException("No selective enforcement for " + permission); } } @Override public boolean isPermissionEnforced(String permission) { final boolean enforcedDefault = isPermissionEnforcedDefault(permission); synchronized (mPackages) { return isPermissionEnforcedLocked(permission, enforcedDefault); } } /** * Check if given permission should be enforced by default. Should always be * called outside of {@link #mPackages} lock. */ private boolean isPermissionEnforcedDefault(String permission) { if (READ_EXTERNAL_STORAGE.equals(permission)) { return android.provider.Settings.Global.getInt(mContext.getContentResolver(), android.provider.Settings.Global.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0; } else { return true; } } /** * Check if user has requested that given permission be enforced, using * given default if undefined. */ private boolean isPermissionEnforcedLocked(String permission, boolean enforcedDefault) { if (READ_EXTERNAL_STORAGE.equals(permission)) { if (mSettings.mReadExternalStorageEnforced != null) { return mSettings.mReadExternalStorageEnforced; } else { // User hasn't defined; fall back to secure default return enforcedDefault; } } else { return true; } } public boolean isStorageLow() { final long token = Binder.clearCallingIdentity(); try { final DeviceStorageMonitorService dsm = (DeviceStorageMonitorService) ServiceManager .getService(DeviceStorageMonitorService.SERVICE); return dsm.isMemoryLow(); } finally { Binder.restoreCallingIdentity(token); } } }