Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24e6e128 authored by Nikita Ioffe's avatar Nikita Ioffe
Browse files

Don't allow installing of new apexes on user builds 

For user builds only update of apexes in /system/apex is allowed.

Test: tried adb install foo.apex on user build
Change-Id: I333602c241a458a82906f7d2231d1f86076ac12c
parent 061317ba

services/core/java/com/android/server/pm/StagingManager.java

+6 −3
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ import android.content.pm.PackageParser.SigningDetails.SignatureSchemeVersion; 
import android.content.pm.ParceledListSlice;

import android.content.pm.Signature;

import android.content.rollback.IRollbackManager;

import android.os.Build;

import android.os.Bundle;

import android.os.Handler;

import android.os.IBinder;
@@ -117,9 +118,11 @@ public class StagingManager { 
        final PackageInfo packageInfo = mApexManager.getActivePackage(packageName);



        if (packageInfo == null) {

            // TODO: What is the right thing to do here ? This implies there's no active package

            // with the given name. This should never be the case in production (where we only

            // accept updates to existing APEXes) but may be required for testing.

            // Only allow installing new apexes if on a debuggable build.

            if (!Build.IS_DEBUGGABLE) {

                Slog.w(TAG, "Attempted to install new apex " + packageName + " on user build");

                return false;

            }

            return true;

        }