Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 17419c47 authored by Ivan Chiang's avatar Ivan Chiang Committed by Michael Bestas
Browse files

[PM] Check unknown sources for intent installation 

Bypass the unknown source check for the device policy and the AppOps
permission when either of the following two conditions is met:

1. An installer with the INSTALL_PACKAGES permission initiated the
   installation via the PackageInstaller APIs and not via an
   ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.
2. An installer is a privileged app and it has set the
   EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

Flag: EXEMPT BUGFIX
Bug: 461467954
Test: atest CtsDevicePolicyManagerTestCases:MixedProfileOwnerTest#testPackageInstallUserRestrictions
Test: atest CtsDevicePolicyManagerTestCases:MixedManagedProfileOwnerTest#testPackageInstallUserRestrictions
Test: atest CtsPackageInstallTestCases:IntentTest
Test: atest CtsPackageInstallSessionTestCases:SessionTest
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:3a8cafbc916bb16f08093cd138a4f3d4dc71b5a0

DISABLE_TOPIC_PROTECTOR
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:2037b1942fa03b2bcef1a594391a9066843e12b9
Merged-In: I66e863cf06566ddc08ad78a61dd82a548cde5e4c
Change-Id: I66e863cf06566ddc08ad78a61dd82a548cde5e4c
parent 63997105

packages/PackageInstaller/src/com/android/packageinstaller/InstallStart.java

+16 −18
Original line number Diff line number Diff line
@@ -151,7 +151,18 @@ public class InstallStart extends Activity { 
                && checkPermission(Manifest.permission.INSTALL_PACKAGES, /* pid= */ -1,

                originatingUid) == PackageManager.PERMISSION_GRANTED;



        boolean isTrustedSource = isPrivilegedAndKnown || isInstallPkgPermissionGranted;

        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        final boolean isIntentInstall =

                Intent.ACTION_VIEW.equals(intentAction)

                        || Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);

        final boolean isTrustedSource =

                (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown;



        // In general case, the originatingUid is callingUid. If callingUid is INVALID_UID, return

        // InstallAborted in the check above. When the originatingUid is INVALID_UID here, it means
@@ -178,20 +189,7 @@ public class InstallStart extends Activity { 
            mAbortInstall = true;

        }



        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and initiated the installer via

        // the ACTION_INSTALL_PACKAGE or ACTION_VIEW intent, but it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        final boolean isIntentInstall =

                Intent.ACTION_VIEW.equals(intentAction)

                        || Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);

        final boolean bypassUnknownSourceRestrictions =

                (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown;

        checkDevicePolicyRestrictions(bypassUnknownSourceRestrictions);

        checkDevicePolicyRestrictions(isTrustedSource);



        final String installerPackageNameFromIntent = getIntent().getStringExtra(

                Intent.EXTRA_INSTALLER_PACKAGE_NAME);
@@ -357,9 +355,9 @@ public class InstallStart extends Activity { 
        return callingUid == installerUid;

    }



    private void checkDevicePolicyRestrictions(boolean bypassUnknownSourceRestrictions) {

    private void checkDevicePolicyRestrictions(boolean isTrustedSource) {

        String[] restrictions;

        if (bypassUnknownSourceRestrictions) {

        if (isTrustedSource) {

            restrictions = new String[] { UserManager.DISALLOW_INSTALL_APPS };

        } else {

            restrictions =  new String[] {

packages/PackageInstaller/src/com/android/packageinstaller/v2/model/InstallRepository.kt

+16 −17
Original line number Diff line number Diff line
@@ -258,7 +258,19 @@ class InstallRepository(private val context: Context) : EventResultPersister.Eve 
        val isInstallPkgPermissionGranted = originatingUid != Process.INVALID_UID &&

                isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, originatingUid)



        isTrustedSource = isPrivilegedAndKnown || isInstallPkgPermissionGranted

        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        val isIntentInstall =

            Intent.ACTION_VIEW == intent.action

                    || Intent.ACTION_INSTALL_PACKAGE == intent.action



        isTrustedSource =

            (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown



        // In general case, the originatingUid is callingUid. If callingUid is INVALID_UID, return

        // InstallAborted in the check above. When the originatingUid is INVALID_UID here, it means
@@ -270,20 +282,7 @@ class InstallRepository(private val context: Context) : EventResultPersister.Eve 
            return InstallAborted(ABORT_REASON_INTERNAL_ERROR)

        }



        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and initiated the installer via

        // the ACTION_INSTALL_PACKAGE or ACTION_VIEW intent, but it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        val isIntentInstall =

            Intent.ACTION_VIEW == intent.action

                    || Intent.ACTION_INSTALL_PACKAGE == intent.action

        val bypassUnknownSourceRestrictions =

            (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown

        val restriction = getDevicePolicyRestrictions(bypassUnknownSourceRestrictions)

        val restriction = getDevicePolicyRestrictions(isTrustedSource)

        if (restriction != null) {

            val adminSupportDetailsIntent =

                devicePolicyManager!!.createAdminSupportIntent(restriction)
@@ -309,8 +308,8 @@ class InstallRepository(private val context: Context) : EventResultPersister.Eve 
        }

    }



    private fun getDevicePolicyRestrictions(bypassUnknownSourceRestrictions: Boolean): String? {

        val restrictions: Array<String> = if (bypassUnknownSourceRestrictions) {

    private fun getDevicePolicyRestrictions(isTrustedSource: Boolean): String? {

        val restrictions: Array<String> = if (isTrustedSource) {

            arrayOf(UserManager.DISALLOW_INSTALL_APPS)

        } else {

            arrayOf(