OMS: Only allow trusted overlays to be registered.
Bug: 69383160
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.OverlayHostTest
Change-Id: I930c11716317cff1ec485a3943d1f22f07a423df
Merged-In: I930c11716317cff1ec485a3943d1f22f07a423df
(cherry picked from commit 80609e584c9c6155ed3199109735ec8d16f6115c)
diff --git a/core/java/android/content/pm/PackageInfo.java b/core/java/android/content/pm/PackageInfo.java
index ba488f6..3230ee7 100644
--- a/core/java/android/content/pm/PackageInfo.java
+++ b/core/java/android/content/pm/PackageInfo.java
@@ -286,8 +286,26 @@
/** @hide */
public int overlayPriority;
- /** @hide */
- public boolean isStaticOverlay;
+
+ /**
+ * Flag for use with {@link #overlayFlags}. Marks the overlay as static, meaning it cannot
+ * be enabled/disabled at runtime.
+ * @hide
+ */
+ public static final int FLAG_OVERLAY_STATIC = 1 << 1;
+
+ /**
+ * Flag for use with {@link #overlayFlags}. Marks the overlay as trusted (not 3rd party).
+ * @hide
+ */
+ public static final int FLAG_OVERLAY_TRUSTED = 1 << 2;
+
+ /**
+ * Modifiers that affect the state of this overlay. See {@link #FLAG_OVERLAY_STATIC},
+ * {@link #FLAG_OVERLAY_TRUSTED}.
+ * @hide
+ */
+ public int overlayFlags;
public PackageInfo() {
}
@@ -342,8 +360,8 @@
dest.writeString(restrictedAccountType);
dest.writeString(requiredAccountType);
dest.writeString(overlayTarget);
- dest.writeInt(isStaticOverlay ? 1 : 0);
dest.writeInt(overlayPriority);
+ dest.writeInt(overlayFlags);
}
public static final Parcelable.Creator<PackageInfo> CREATOR
@@ -394,8 +412,8 @@
restrictedAccountType = source.readString();
requiredAccountType = source.readString();
overlayTarget = source.readString();
- isStaticOverlay = source.readInt() != 0;
overlayPriority = source.readInt();
+ overlayFlags = source.readInt();
// The component lists were flattened with the redundant ApplicationInfo
// instances omitted. Distribute the canonical one here as appropriate.
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index cb9ecf3..4689f45 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -678,7 +678,15 @@
pi.requiredAccountType = p.mRequiredAccountType;
pi.overlayTarget = p.mOverlayTarget;
pi.overlayPriority = p.mOverlayPriority;
- pi.isStaticOverlay = p.mIsStaticOverlay;
+
+ if (p.mIsStaticOverlay) {
+ pi.overlayFlags |= PackageInfo.FLAG_OVERLAY_STATIC;
+ }
+
+ if (p.mTrustedOverlay) {
+ pi.overlayFlags |= PackageInfo.FLAG_OVERLAY_TRUSTED;
+ }
+
pi.firstInstallTime = firstInstallTime;
pi.lastUpdateTime = lastUpdateTime;
if ((flags&PackageManager.GET_GIDS) != 0) {
diff --git a/services/core/java/com/android/server/om/OverlayManagerService.java b/services/core/java/com/android/server/om/OverlayManagerService.java
index 2940a6e..0b3efdb 100644
--- a/services/core/java/com/android/server/om/OverlayManagerService.java
+++ b/services/core/java/com/android/server/om/OverlayManagerService.java
@@ -669,7 +669,8 @@
};
private boolean isOverlayPackage(@NonNull final PackageInfo pi) {
- return pi != null && pi.overlayTarget != null;
+ return pi != null && pi.overlayTarget != null
+ && (pi.overlayFlags & PackageInfo.FLAG_OVERLAY_TRUSTED) != 0;
}
private final class OverlayChangeListener
diff --git a/services/core/java/com/android/server/om/OverlayManagerServiceImpl.java b/services/core/java/com/android/server/om/OverlayManagerServiceImpl.java
index db6e974..497d79d 100644
--- a/services/core/java/com/android/server/om/OverlayManagerServiceImpl.java
+++ b/services/core/java/com/android/server/om/OverlayManagerServiceImpl.java
@@ -68,6 +68,11 @@
mListener = listener;
}
+ private static boolean isPackageStaticOverlay(final PackageInfo packageInfo) {
+ return packageInfo.overlayTarget != null
+ && (packageInfo.overlayFlags & PackageInfo.FLAG_OVERLAY_STATIC) != 0;
+ }
+
/**
* Call this to synchronize the Settings for a user with what PackageManager knows about a user.
* Returns a list of target packages that must refresh their overlays. This list is the union
@@ -102,11 +107,11 @@
mSettings.init(overlayPackage.packageName, newUserId,
overlayPackage.overlayTarget,
overlayPackage.applicationInfo.getBaseCodePath(),
- overlayPackage.isStaticOverlay, overlayPackage.overlayPriority);
+ isPackageStaticOverlay(overlayPackage), overlayPackage.overlayPriority);
if (oi == null) {
// This overlay does not exist in our settings.
- if (overlayPackage.isStaticOverlay ||
+ if (isPackageStaticOverlay(overlayPackage) ||
mDefaultOverlays.contains(overlayPackage.packageName)) {
// Enable this overlay by default.
if (DEBUG) {
@@ -255,8 +260,8 @@
mPackageManager.getPackageInfo(overlayPackage.overlayTarget, userId);
mSettings.init(packageName, userId, overlayPackage.overlayTarget,
- overlayPackage.applicationInfo.getBaseCodePath(), overlayPackage.isStaticOverlay,
- overlayPackage.overlayPriority);
+ overlayPackage.applicationInfo.getBaseCodePath(),
+ isPackageStaticOverlay(overlayPackage), overlayPackage.overlayPriority);
try {
if (updateState(targetPackage, overlayPackage, userId)) {
mListener.onOverlaysChanged(overlayPackage.overlayTarget, userId);
@@ -313,7 +318,7 @@
}
// Ignore static overlays.
- if (overlayPackage.isStaticOverlay) {
+ if (isPackageStaticOverlay(overlayPackage)) {
return false;
}
@@ -363,7 +368,7 @@
continue;
}
- if (disabledOverlayPackageInfo.isStaticOverlay) {
+ if (isPackageStaticOverlay(disabledOverlayPackageInfo)) {
// Don't touch static overlays.
continue;
}
@@ -388,7 +393,7 @@
private boolean isPackageUpdatableOverlay(@NonNull final String packageName, final int userId) {
final PackageInfo overlayPackage = mPackageManager.getPackageInfo(packageName, userId);
- if (overlayPackage == null || overlayPackage.isStaticOverlay) {
+ if (overlayPackage == null || isPackageStaticOverlay(overlayPackage)) {
return false;
}
return true;
@@ -483,7 +488,8 @@
throws OverlayManagerSettings.BadKeyException {
// Static RROs targeting to "android", ie framework-res.apk, are handled by native layers.
if (targetPackage != null &&
- !("android".equals(targetPackage.packageName) && overlayPackage.isStaticOverlay)) {
+ !("android".equals(targetPackage.packageName)
+ && isPackageStaticOverlay(overlayPackage))) {
mIdmapManager.createIdmap(targetPackage, overlayPackage, userId);
}