Bug #113130: 【AF】【EVT】【应用】将一个第三方apk push到user版的DUT里，在文件中找到apk进行安装；将其卸载后，就无法点击该apk进行安装 - Figure - 中科创达

Bug #113130

测试 Test-IT #110961: V2.0功能测试

测试 Test-IT #111057: AF-V2.0-Launcher/SystemU--应用预置

【AF】【EVT】【应用】将一个第三方apk push到user版的DUT里，在文件中找到apk进行安装；将其卸载后，就无法点击该apk进行安装

Added by 物联网测试组_CDTS 段小刚 over 2 years ago. Updated over 2 years ago.

Status:

CLOSED

Start date:

2022-10-27

Priority:

Normal

Due date:

2022-10-31

Assignee:

物联网测试组_CDTS 段小刚

% Done:

100%

Category:

CD-APP

Target version:

VX1_MCE_FSE_V3.0_update_20221115

Need_Info:

Found Version:

FlatBuild_HH_VX1_MCE_FSE.M.R.user.01.00.0040.X101

Resolution:

WONTFIX

Degrated:

Severity:

Normal

Verified Version:

FlatBuild_HH_VX1_MCE_FSE.M.R.user.01.00.0046.X101

Reproducibility:

Every time

Fixed Version:

Test Type:

Root cause:

AOSP问题

Description

刷机版本：FlatBuild_HH_VX1_MCE_FSE.M.R.user.01.00.0040.X101

【前提条件】
1、设备已开机
2、设备上的开发者模式和usb调试已被打开

【测试步骤】
1、首先将一个三方应用apk 通过adb push到设备路径下——/sdcard/Download/
2、使用文件系统找到该apk，进行安装
3、安装完毕后，将其卸载
4、再次进入文件系统找到该apk进行安装

【预期结果】
4、成功安装应用

【实际结果】
4、点击安装包无法进行安装

【复现率】
4/4

【Log】
log见附件

figu_ApkInstall.log - 日志 (1.64 MB) 物联网测试组_CDTS 段小刚, 2022-10-27 15:04

screen-20221027-030717.mp4 - 操作视频 (19.1 MB) 物联网测试组_CDTS 段小刚, 2022-10-27 15:04

com.wedobest.puzzlebubble_1.79_179.apk - 第三方apk (45.1 MB) 物联网测试组_CDTS 段小刚, 2022-10-27 15:04

History

#1 Updated by 物联网测试组_CDTS 段小刚 over 2 years ago

Tracker changed from 测试 Test-IT to Bug
Severity set to Critical
Reproducibility set to Every time
Test Type set to IT
Found Version set to FlatBuild_HH_VX1_MCE_FSE.M.R.user.01.00.0040.X101

#2 Updated by 物联网测试组_CDTS 段小刚 over 2 years ago

Severity changed from Critical to Normal

#3 Updated by CDTS_TEST 王成 over 2 years ago

Target version changed from VX1_MCE_FSE_V3.0_20221030 to VX1_MCE_FSE_V3.0_update_20221115

#4 Updated by CD APP-王营 over 2 years ago

Status changed from New to ASSIGNED

#5 Updated by CD APP-黄棚 over 2 years ago

■ Current conclusion
初步分析userid改变导致权限检测不通过
■ My analysis
通过打log 分析如下，安装不成功的时候用户是shell，shell没有REQUEST_INSTALL_PACKAGES所以安装不通过。
第一次安装：
2022-11-08 01:52:33.530 3951-3951/com.android.packageinstaller E/InstallStart: callingPackagenull, isTrustedSource = false, originatingUid= -1
第二次安装：
2022-11-08 01:52:37.138 3951-3951/com.android.packageinstaller E/InstallStart: callingPackagenull, isTrustedSource = false, originatingUid= 2000
2022-11-08 01:52:37.139 3951-3951/com.android.packageinstaller E/InstallStart: packageName = com.android.shell
2022-11-08 01:52:37.139 3951-3951/com.android.packageinstaller E/InstallStart: packageName = com.android.shell, false permission
2022-11-08 01:52:37.139 3951-3951/com.android.packageinstaller E/InstallStart: Requesting uid 2000 needs to declare permission android.permission.REQUEST_INSTALL_PACKAGES
■ Next action
需要fw进一步分析为什么第一次uid是-1，然后第二次安装UID就变成2000（shell）了

#6 Updated by CD APP-黄棚 over 2 years ago

Assignee changed from CD APP-王营 to CD FW 曹覃刚
% Done changed from 0 to 20

#7 Updated by CD FW 曹覃刚 over 2 years ago

Assignee changed from CD FW 曹覃刚 to CD APP-王营

Hi王营

■ Current state
经过调查，问题定位在文件管理应用的文件打开logic中

■ My analysis
normal log:
11-09 00:03:26.812 1084 1541 I ActivityTaskManager: START u0 {dat=//com.android.documentsui.launchControl flg=0x10200000 cmp=com.android.documentsui/.files.FilesActivity (has extras)} from uid 10024
11-09 00:03:28.670 1084 1660 I ActivityTaskManager: START u0 {act=android.provider.action.MANAGE_DOCUMENT dat=content://com.android.providers.downloads.documents/document/raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk cmp=com.android.providers.downloads.ui/.TrampolineActivity} from uid 10024 *
11-09 00:03:28.765 3259 3259 D cqg1109 : TrampolineActivity onCreate
11-09 00:03:28.765 3259 3259 D cqg1109 : TrampolineActivity onCreate jude 01 =true *
11-09 00:03:28.844 3732 3732 D cqg1109 : InstallStart onCreate callingPackage = null
11-09 00:03:28.845 3732 3732 D cqg1109 : InstallStart getOriginatingUid 02 callingUid = 10020
11-09 00:03:28.846 3732 3732 D cqg1109 : InstallStart getOriginatingUid 02 uidFromIntent = -1
11-09 00:03:28.846 3732 3732 D cqg1109 : InstallStart onCreate originatingUid = -1

ng log:
11-09 00:05:50.390 1084 1130 I ActivityTaskManager: START u0 {dat=//com.android.documentsui.launchControl flg=0x10280000 cmp=com.android.documentsui/.files.FilesActivity (has extras)} from uid 10024
11-09 00:05:51.929 1084 2857 I ActivityTaskManager: START u0 {act=android.provider.action.MANAGE_DOCUMENT dat=content://com.android.providers.downloads.documents/document/msf:18 cmp=com.android.providers.downloads.ui/.TrampolineActivity} from uid 10024 *
11-09 00:05:51.996 3259 3259 D cqg1109 : TrampolineActivity onCreate
11-09 00:05:51.996 3259 3259 D cqg1109 : TrampolineActivity onCreate jude 01 =false *
11-09 00:05:51.996 3259 3259 D cqg1109 : TrampolineActivity onCreate jude 02 =true
11-09 00:05:52.042 3732 3732 D cqg1109 : InstallStart onCreate callingPackage = null
11-09 00:05:52.043 3732 3732 D cqg1109 : InstallStart getOriginatingUid 02 callingUid = 10020
11-09 00:05:52.044 3732 3732 D cqg1109 : InstallStart getOriginatingUid 02 uidFromIntent = 2000
11-09 00:05:52.044 3732 3732 D cqg1109 : InstallStart onCreate originatingUid = 2000
11-09 00:05:52.045 3732 3732 D cqg1109 : InstallStart onCreate targetSdkVersion = 31
11-09 00:05:52.046 3732 3732 E cqg1109 : Requesting uid 2000 needs to declare permission android.permission.REQUEST_INSTALL_PACKAGES

分析异常日志，差异点主要在下面两条
normal:
11-09 00:03:28.670 1084 1660 I ActivityTaskManager: START u0 {act=android.provider.action.MANAGE_DOCUMENT dat=content://com.android.providers.downloads.documents/document/raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk cmp=com.android.providers.downloads.ui/.TrampolineActivity} from uid 10024 *
11-09 00:03:28.765 3259 3259 D cqg1109 : TrampolineActivity onCreate jude 01 =true *
ng:
11-09 00:05:51.929 1084 2857 I ActivityTaskManager: START u0 {act=android.provider.action.MANAGE_DOCUMENT dat=content://com.android.providers.downloads.documents/document/msf:18 cmp=com.android.providers.downloads.ui/.TrampolineActivity} from uid 10024 *
11-09 00:05:51.996 3259 3259 D cqg1109 : TrampolineActivity onCreate jude 01 =false *

上述日志是因为文件管理应用在打开文件时，传入的参数有差异导致，详情见如下代码
参数 normal:raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk
参数 ng:msf:18
代码如下
http://192.168.87.66:8006/source/xref/Pre_figure_turbox-c2130c-la1.1-qssi12-dev/LA.QSSI/LINUX/android/packages/apps/DocumentsUI/src/com/android/documentsui/AbstractActionHandler.java#380
http://192.168.87.66:8006/source/xref/Pre_figure_turbox-c2130c-la1.1-qssi12-dev/LA.QSSI/LINUX/android/packages/apps/DocumentsUI/src/com/android/documentsui/AbstractActionHandler.java#505

■ Next action
请检查两次安装，参数不一样的原因，是否封装DocumentInfo出现问题,谢谢

#8 Updated by CD APP-黄棚 over 2 years ago

Assignee changed from CD APP-王营 to CD FW 曹覃刚

■ Current conclusion
经查，不应是URI的问题
■ My analysis
如下格式是属于正常的URI格式，具体为什么是这种格式还不清楚，我试了下其他文件都是类似的格式URI
如图片：
content://com.android.providers.media.documents/document/image%3A35
apk:
content://com.android.providers.downloads.documents/document/msf%3A31

问题点在于PackageInstaller在检查originatingUid的时候前后不一致，导致安装逻辑判断不一致

我尝试过绕过REQUEST_INSTALL_PACKAGES权限是用该格式的URI可以正常走安装安装逻辑，证明不是URI的问题

■ Next action
需要分析为什么两次检查PackageInstaller的originatingUid不一致，UID为什么会变成shell(无REQUEST_INSTALL_PACKAGES权限，所以会导致安装检测不通过)

#9 Updated by CD APP-黄棚 over 2 years ago

Assignee changed from CD FW 曹覃刚 to CD APP-黄棚

#10 Updated by CD APP-黄棚 over 2 years ago

■ Current conclusion
尝试不修改URI的格式方式解决
■ My analysis
DownloadProvider会扫描下载的文件并更新文件的URI为msf类型
■ Next action
在DownloadProvider的includeDownlod的方法中写入COLUMN_DOCUMENT_ID前先查询query数据库已存在的COLUMN_DOCUMENT_ID值，对比前后两个值差异以及原值是否为"raw:"，决定是否更新该条数据

但这里有个问题，在通过cursor去查询该条数据的时候，会触发迭代查询，重复调用在DownloadProvider的includeDownlod的方法，所以该方式行不通

#11 Updated by CD APP-黄棚 over 2 years ago

■ Current conclusion
尝试不修改URI的格式方式解决
■ My analysis
DownloadProvider会扫描下载的文件并更新文件的URI为msf类型
■ Next action
尝试换一种方式，在在DownloadProvider的includeDownlod的方法中写入COLUMN_DOCUMENT_ID前，判断是否该文件名和mimeType是否为apk类型，如果是就不写入

经过验证，不写入id，会导致，COLUMN_DOCUMENT_ID被复写为空，此方法不可取
48/com.android.mtp I/hpe-doc: includeDownload displayName: com.wedobest.puzzlebubble_1.79_179.apk, mimeType: application/vnd.android.package-archive
2022-11-08 01:52:45.453 3294-3348/com.android.mtp I/hpe-doc: no need update, docId: msf:63
2022-11-08 01:52:45.502 4545-4545/com.android.documentsui I/hpe-doc: authority= com.android.providers.downloads.documents, documentId= null, derivedUri= content://com.android.providers.downloads.documents/document/null

#12 Updated by CD APP-黄棚 over 2 years ago

Status changed from ASSIGNED to RESOLVED
% Done changed from 20 to 100
Degrated set to No
Fixed Version set to 2022-11-13
Root cause set to AOSP问题

■ Current conclusion
尝试不修改URI的格式方式解决
■ My analysis
DownloadProvider会扫描下载的文件并更新文件的URI为msf类型
■ Next action
尝试另外一种方式，根据原始的data按规则，重新生成我们想要的raw格式的docid，然后复写

验证后，此方案可行。
2022-11-08 01:55:59.462 3317-4741/com.android.mtp I/hpe-doc: overrideDocId: raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk
2022-11-08 01:55:59.462 3317-4741/com.android.mtp I/hpe-doc: includeDownload displayName: com.wedobest.puzzlebubble_1.79_179.apk, mimeType: application/vnd.android.package-archive, overrideDocId: raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk
2022-11-08 01:55:59.462 3317-4741/com.android.mtp I/hpe-doc: apk type, overrideDocId: raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk
2022-11-08 01:55:59.462 3317-4741/com.android.mtp I/hpe-doc: overrideDocId: raw:/storage/emulated/0/Download/camerademo-debug.apk
2022-11-08 01:55:59.462 3317-4741/com.android.mtp I/hpe-doc: includeDownload displayName: camerademo-debug.apk, mimeType: application/vnd.android.package-archive, overrideDocId: raw:/storage/emulated/0/Download/camerademo-debug.apk
2022-11-08 01:55:59.462 3317-4741/com.android.mtp I/hpe-doc: apk type, overrideDocId: raw:/storage/emulated/0/Download/camerademo-debug.apk

2022-11-08 01:55:59.554 4465-4465/com.android.documentsui I/hpe-doc: authority= com.android.providers.downloads.documents, documentId= raw:/storage/emulated/0/Download/com.wedobest.puzzlebubble_1.79_179.apk, derivedUri= content://com.android.providers.downloads.documents/document/raw%3A%2Fstorage%2Femulated%2F0%2FDownload%2Fcom.wedobest.puzzlebubble_1.79_179.apk
2022-11-08 01:55:59.562 4465-4465/com.android.documentsui I/hpe-doc: authority= com.android.providers.downloads.documents, documentId= raw:/storage/emulated/0/Download/camerademo-debug.apk, derivedUri= content://com.android.providers.downloads.documents/document/raw%3A%2Fstorage%2Femulated%2F0%2FDownload%2Fcamerademo-debug.apk

#13 Updated by CD APP-黄棚 over 2 years ago

Assignee changed from CD APP-黄棚 to CDTS_TEST 王成

■ Current conclusion
此问题属于正常现象
■ My analysis
1、通过浏览器下载的apk,进入文件的下载文件夹点击apk安装是ok 的
2、通过其它正规途径，如应用市场，安装apk是ok的

如果解此问题有三个方案，风险如下：
1、方案一：
赋予Shell进程REQUEST_INSTALL_PACKAGES权限
风险：Shell进程拥有了安装apk的权限
2、方案二（目前的修改方案）：
点击APK文件后，触发DownloadProvider更新，但不更新apk类型的文件的uri为"msf:"，就走普通的安装文件逻辑，不赋予其UID，就绕过PackageInstall的REQUEST_INSTALL_PACKAGES权限检测，此方案影响DownLoad文案下的所有apk的安装
风险：DownLoad文件夹下的所有apk都能任意安装
3、方案三：
点击APK文件后，触发DownloadProvider更新，判断该apk文件的UID的package为"com.android.shell"，只针对该进程不赋予UID，然后绕过安装权限检测，此方案只针对单个指定进程
风险：其它进程把apk文件放在Download文件夹下，如果其它进程没有REQUEST_INSTALL_PACKAGES权限，一样的会有上述问题

对比其它手机或者平板都是如此机制，push的apk到Download文件夹下都是安装不了的
■ Next action
基于上述风险，不作修改，属于正常现象

#14 Updated by CD APP-黄棚 over 2 years ago

Resolution set to WONTFIX
Fixed Version deleted (~~2022-11-13~~)

#15 Updated by CDTS_TEST 王成 over 2 years ago

Assignee changed from CDTS_TEST 王成 to 物联网测试组_CDTS 段小刚

#16 Updated by 物联网测试组_CDTS 段小刚 over 2 years ago

Status changed from RESOLVED to VERIFIED
Verified Version set to FlatBuild_HH_VX1_MCE_FSE.M.R.user.01.00.0046.X101

讨论结果：不做修改。通过外部push进的apk按照安全设置不应进行重复安装。保证通过浏览器下载的apk能正常安装就行

处理结果：关闭bug

#17 Updated by 物联网测试组_CDTS 段小刚 over 2 years ago

Status changed from VERIFIED to CLOSED

关闭

Also available in: Atom PDF

Figure

Issues

Custom queries