Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1aec7fea authored by Sumedh Sen's avatar Sumedh Sen Committed by Android Build Coastguard Worker
Browse files

[RESTRICT AUTOMERGE] Prevent installing apps in policy restricted work profile using ADB 

If DISALLOW_DEBUGGING_FEATURES or DISALLOW_INSTALL_APPS restrictions are
set on a work profile, prevent side loading of APKs using ADB in the
work profile.

Bug: 257443065
Test: atest CtsPackageInstallTestCases:UserRestrictionInstallTest


(cherry picked from commit febe3918)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:28e133dff148cf8f43c551073000a459a1573985)
Merged-In: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
Change-Id: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
parent 3a448067

services/core/java/com/android/server/pm/InstallPackageHelper.java

+18 −2
Original line number Original line Diff line number Diff line
@@ -2093,9 +2093,25 @@ final class InstallPackageHelper { 
                    // The caller explicitly specified INSTALL_ALL_USERS flag.

                    // The caller explicitly specified INSTALL_ALL_USERS flag.

                    // Thus, updating the settings to install the app for all users.

                    // Thus, updating the settings to install the app for all users.

                    for (int currentUserId : allUsers) {

                    for (int currentUserId : allUsers) {

                        // If the app is already installed for the currentUser,

                        // keep it as installed as we might be updating the app at this place.

                        // If not currently installed, check if the currentUser is restricted by

                        // DISALLOW_INSTALL_APPS or DISALLOW_DEBUGGING_FEATURES device policy.

                        // Install / update the app if the user isn't restricted. Skip otherwise.

                        final boolean installedForCurrentUser = ArrayUtils.contains(

                                installedForUsers, currentUserId);

                        final boolean restrictedByPolicy =

                                mPm.isUserRestricted(currentUserId,

                                        UserManager.DISALLOW_INSTALL_APPS)

                                || mPm.isUserRestricted(currentUserId,

                                        UserManager.DISALLOW_DEBUGGING_FEATURES);

                        if (installedForCurrentUser || !restrictedByPolicy) {

                            ps.setInstalled(true, currentUserId);

                            ps.setInstalled(true, currentUserId);

                        ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, userId,

                            ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, currentUserId,

                                installerPackageName);

                                installerPackageName);

                        } else {

                            ps.setInstalled(false, currentUserId);

                        }

                    }

                    }

                }

                }