Fix priv-app edge case across OTAs

In this case:

   1. Privileged system app FOO is overlain by an installed update,
   2. FOO was replaced during an OTA,
   3. The new in-system FOO introduced new privileged permission requests
      that had not been requested by the original FOO,
   4. the update version of FOO still had a higher version code than
      the new FOO on the system disk, and
   5. the update version of FOO had been requesting these same (newly-
      added-to-system-apk) permissions all along;

then the newly-added privileged permission requests were incorrectly being
refused.  FOO should be able to use any privileged permission used by the
APK sited on the system disk; but instead, it was only being granted the
permissions used by the *original* version of FOO, even though the system
FOO now attempted to use them.

Still with me?

The fix is to (a) properly track privileged-install state when processing
known-to-be-hidden system packages, and (b) to tie the semantics of the
permission grant more explicitly to that evaluated state, rather than
using the prior (rather fragile) fixed-up privilege calculation applied
to the overlain apk's parse records.

Bug 11271490

Change-Id: Id8a45d667e52f3b5d18109e3620d5865f85bb9c9
3 files changed