Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2fe5d488 authored by Ivan Chiang's avatar Ivan Chiang Committed by Nishith Khanna
Browse files

[PM] Check unknown sources for intent installation 

Bypass the unknown source check for the device policy and the AppOps
permission when either of the following two conditions is met:

1. An installer with the INSTALL_PACKAGES permission initiated the
   installation via the PackageInstaller APIs and not via an
   ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.
2. An installer is a privileged app and it has set the
   EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

Flag: EXEMPT BUGFIX
Bug: 461467954
Test: atest CtsDevicePolicyManagerTestCases:MixedProfileOwnerTest#testPackageInstallUserRestrictions
Test: atest CtsDevicePolicyManagerTestCases:MixedManagedProfileOwnerTest#testPackageInstallUserRestrictions
Test: atest CtsPackageInstallTestCases:IntentTest
Test: atest CtsPackageInstallSessionTestCases:SessionTest
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:3a8cafbc916bb16f08093cd138a4f3d4dc71b5a0

DISABLE_TOPIC_PROTECTOR
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:2037b1942fa03b2bcef1a594391a9066843e12b9
Merged-In: I66e863cf06566ddc08ad78a61dd82a548cde5e4c
Change-Id: I66e863cf06566ddc08ad78a61dd82a548cde5e4c
parent 0d9de753

packages/PackageInstaller/src/com/android/packageinstaller/InstallStart.java

+16 −18
Original line number Diff line number Diff line
@@ -133,7 +133,18 @@ public class InstallStart extends Activity { 
            checkPermission(Manifest.permission.INSTALL_PACKAGES, /* pid= */ -1, callingUid)

                    == PackageManager.PERMISSION_GRANTED;



        boolean isTrustedSource = isPrivilegedAndKnown || isInstallPkgPermissionGranted;

        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        final boolean isIntentInstall =

                Intent.ACTION_VIEW.equals(intentAction)

                        || Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);

        final boolean isTrustedSource =

                (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown;



        if (!isTrustedSource && !isSystemDownloadsProvider && !isDocumentsManager

                && callingUid != Process.INVALID_UID) {
@@ -156,20 +167,7 @@ public class InstallStart extends Activity { 
            mAbortInstall = true;

        }



        // Bypass the unknown source user restrictions check when either of the following

        // two conditions is met:

        // 1. An installer with the INSTALL_PACKAGES permission initiated the

        // installation via the PackageInstaller APIs and not via an

        // ACTION_VIEW or ACTION_INSTALL_PACKAGE intent.

        // 2. An installer is a privileged app and initiated the installer via

        // the ACTION_INSTALL_PACKAGE or ACTION_VIEW intent, but it has set the

        // EXTRA_NOT_UNKNOWN_SOURCE flag to be true in the intent.

        final boolean isIntentInstall =

                Intent.ACTION_VIEW.equals(intentAction)

                        || Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);

        final boolean bypassUnknownSourceRestrictions =

                (!isIntentInstall && isInstallPkgPermissionGranted) || isPrivilegedAndKnown;

        checkDevicePolicyRestrictions(bypassUnknownSourceRestrictions);

        checkDevicePolicyRestrictions(isTrustedSource);



        final String installerPackageNameFromIntent = getIntent().getStringExtra(

                Intent.EXTRA_INSTALLER_PACKAGE_NAME);
@@ -319,9 +317,9 @@ public class InstallStart extends Activity { 
        return callingUid == installerUid;

    }



    private void checkDevicePolicyRestrictions(boolean bypassUnknownSourceRestrictions) {

    private void checkDevicePolicyRestrictions(boolean isTrustedSource) {

        String[] restrictions;

        if (bypassUnknownSourceRestrictions) {

        if (isTrustedSource) {

            restrictions = new String[] { UserManager.DISALLOW_INSTALL_APPS };

        } else {

            restrictions =  new String[] {