/*
* Copyright (C) 2011 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.pm;
import android.annotation.Nullable;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageParser;
import android.service.pm.PackageServiceDumpProto;
import android.util.ArraySet;
import android.util.proto.ProtoOutputStream;
import com.android.internal.util.ArrayUtils;
import libcore.util.EmptyArray;
import java.util.ArrayList;
import java.util.List;
/**
* Settings data for a particular shared user ID we know about.
*/
public final class SharedUserSetting extends SettingBase {
final String name;
int userId;
// flags that are associated with this uid, regardless of any package flags
int uidFlags;
int uidPrivateFlags;
// The lowest targetSdkVersion of all apps in the sharedUserSetting, used to assign seinfo so
// that all apps within the sharedUser run in the same selinux context.
int seInfoTargetSdkVersion;
final ArraySet<PackageSetting> packages = new ArraySet<PackageSetting>();
final PackageSignatures signatures = new PackageSignatures();
Boolean signaturesChanged;
SharedUserSetting(String _name, int _pkgFlags, int _pkgPrivateFlags) {
super(_pkgFlags, _pkgPrivateFlags);
uidFlags = _pkgFlags;
uidPrivateFlags = _pkgPrivateFlags;
name = _name;
seInfoTargetSdkVersion = android.os.Build.VERSION_CODES.CUR_DEVELOPMENT;
}
@Override
public String toString() {
return "SharedUserSetting{" + Integer.toHexString(System.identityHashCode(this)) + " "
+ name + "/" + userId + "}";
}
public void writeToProto(ProtoOutputStream proto, long fieldId) {
long token = proto.start(fieldId);
proto.write(PackageServiceDumpProto.SharedUserProto.UID, userId);
proto.write(PackageServiceDumpProto.SharedUserProto.NAME, name);
proto.end(token);
}
boolean removePackage(PackageSetting packageSetting) {
if (!packages.remove(packageSetting)) {
return false;
}
// recalculate the pkgFlags for this shared user if needed
if ((this.pkgFlags & packageSetting.pkgFlags) != 0) {
int aggregatedFlags = uidFlags;
for (PackageSetting ps : packages) {
aggregatedFlags |= ps.pkgFlags;
}
setFlags(aggregatedFlags);
}
if ((this.pkgPrivateFlags & packageSetting.pkgPrivateFlags) != 0) {
int aggregatedPrivateFlags = uidPrivateFlags;
for (PackageSetting ps : packages) {
aggregatedPrivateFlags |= ps.pkgPrivateFlags;
}
setPrivateFlags(aggregatedPrivateFlags);
}
return true;
}
void addPackage(PackageSetting packageSetting) {
// If this is the first package added to this shared user, temporarily (until next boot) use
// its targetSdkVersion when assigning seInfo for the shared user.
if ((packages.size() == 0) && (packageSetting.pkg != null)) {
seInfoTargetSdkVersion = packageSetting.pkg.applicationInfo.targetSdkVersion;
}
if (packages.add(packageSetting)) {
setFlags(this.pkgFlags | packageSetting.pkgFlags);
setPrivateFlags(this.pkgPrivateFlags | packageSetting.pkgPrivateFlags);
}
}
public @Nullable List<PackageParser.Package> getPackages() {
if (packages == null || packages.size() == 0) {
return null;
}
final ArrayList<PackageParser.Package> pkgList = new ArrayList<>(packages.size());
for (PackageSetting ps : packages) {
if ((ps == null) || (ps.pkg == null)) {
continue;
}
pkgList.add(ps.pkg);
}
return pkgList;
}
public boolean isPrivileged() {
return (this.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0;
}
/**
* Determine the targetSdkVersion for a sharedUser and update pkg.applicationInfo.seInfo
* to ensure that all apps within the sharedUser share an SELinux domain. Use the lowest
* targetSdkVersion of all apps within the shared user, which corresponds to the least
* restrictive selinux domain.
*/
public void fixSeInfoLocked() {
final List<PackageParser.Package> pkgList = getPackages();
if (pkgList == null || pkgList.size() == 0) {
return;
}
for (PackageParser.Package pkg : pkgList) {
if (pkg.applicationInfo.targetSdkVersion < seInfoTargetSdkVersion) {
seInfoTargetSdkVersion = pkg.applicationInfo.targetSdkVersion;
}
}
for (PackageParser.Package pkg : pkgList) {
final boolean isPrivileged = isPrivileged() | pkg.isPrivileged();
pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged,
pkg.applicationInfo.targetSandboxVersion, seInfoTargetSdkVersion);
}
}
/** Returns userIds which doesn't have any packages with this sharedUserId */
public int[] getNotInstalledUserIds() {
int[] excludedUserIds = null;
for (PackageSetting ps : packages) {
final int[] userIds = ps.getNotInstalledUserIds();
if (excludedUserIds == null) {
excludedUserIds = userIds;
} else {
for (int userId : excludedUserIds) {
if (!ArrayUtils.contains(userIds, userId)) {
excludedUserIds = ArrayUtils.removeInt(excludedUserIds, userId);
}
}
}
}
return excludedUserIds == null ? EmptyArray.INT : excludedUserIds;
}
/** Updates all fields in this shared user setting from another. */
public SharedUserSetting updateFrom(SharedUserSetting sharedUser) {
copyFrom(sharedUser);
this.userId = sharedUser.userId;
this.uidFlags = sharedUser.uidFlags;
this.uidPrivateFlags = sharedUser.uidPrivateFlags;
this.seInfoTargetSdkVersion = sharedUser.seInfoTargetSdkVersion;
this.packages.clear();
this.packages.addAll(sharedUser.packages);
this.signaturesChanged = sharedUser.signaturesChanged;
return this;
}
}