Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 074b547a authored by Nick Kovacs's avatar Nick Kovacs
Browse files

Only allow low target sdk bypass when system, root or shell 

If the --bypass-low-target-sdk-block flag is passed in to
package manager, ignore the flag if the calling UID is not
system, root, or shell (except when on debuggable builds).

Bug: 237321649
Test: run cts
Change-Id: I90d23658b13a24be6974bdf74e59d887b3adc3ab
parent 7b05f71d

services/core/java/com/android/server/pm/InstallPackageHelper.java

+1 −0
Original line number Diff line number Diff line
@@ -1093,6 +1093,7 @@ final class InstallPackageHelper { 


            // Determine if enforcement is in strict mode

            boolean strictMode = false;



            if (DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_PACKAGE_MANAGER_SERVICE,

                    "MinInstallableTargetSdk__install_block_strict_mode_enabled",

                    false)) {

services/core/java/com/android/server/pm/PackageInstallerService.java

+8 −0
Original line number Diff line number Diff line
@@ -765,6 +765,14 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
            }

        }



        if ((params.installFlags & PackageManager.INSTALL_BYPASS_LOW_TARGET_SDK_BLOCK) != 0

                && !PackageManagerServiceUtils.isSystemOrRootOrShell(callingUid)

                && !Build.IS_DEBUGGABLE) {

            // If the bypass flag is set, but not running as system root or shell then remove

            // the flag

            params.installFlags &= ~PackageManager.INSTALL_BYPASS_LOW_TARGET_SDK_BLOCK;

        }



        if ((params.installFlags & PackageManager.INSTALL_INSTANT_APP) != 0

                && !PackageManagerServiceUtils.isSystemOrRootOrShell(callingUid)

                && (snapshot.getFlagsForUid(callingUid) & ApplicationInfo.FLAG_SYSTEM)