[pm] prevent installations of apex packages with permission declarations

     */

    public static final int PARSE_IGNORE_OVERLAY_REQUIRED_SYSTEM_PROPERTY = 1 << 7;

    public static final int PARSE_APK_IN_APEX = 1 << 9;

    public static final int PARSE_APEX = 1 << 10;

    public static final int PARSE_CHATTY = 1 << 31;

        if ((flags & PARSE_APK_IN_APEX) != 0) {

            liteParseFlags |= PARSE_APK_IN_APEX;

        }

        if ((flags & PARSE_APEX) != 0) {

            liteParseFlags |= PARSE_APEX;

        }

        final ParseResult<PackageLite> liteResult =

                ApkLiteParseUtils.parseClusterPackageLite(input, packageDir, liteParseFlags);

        if (liteResult.isError()) {

        afterParseBaseApplication(pkg);

        final ParseResult<ParsingPackage> result = validateBaseApkTags(input, pkg);

        final ParseResult<ParsingPackage> result = validateBaseApkTags(input, pkg, flags);

        if (result.isError()) {

            return result;

        }

            }

        }

        return validateBaseApkTags(input, pkg);

        return validateBaseApkTags(input, pkg, flags);

    }

    private ParseResult<ParsingPackage> validateBaseApkTags(ParseInput input, ParsingPackage pkg) {

    private ParseResult<ParsingPackage> validateBaseApkTags(ParseInput input, ParsingPackage pkg,

            int flags) {

        if (!ParsedAttributionUtils.isCombinationValid(pkg.getAttributions())) {

            return input.error(

                    INSTALL_PARSE_FAILED_BAD_MANIFEST,

            adjustPackageToBeUnresizeableAndUnpipable(pkg);

        }

        // An Apex package shouldn't have permission declarations

        final boolean isApex = (flags & PARSE_APEX) != 0;

        if (android.permission.flags.Flags.ignoreApexPermissions()

                && isApex && !pkg.getPermissions().isEmpty()) {

            return input.error(

                    INSTALL_PARSE_FAILED_MANIFEST_MALFORMED,

                    pkg.getPackageName()

                            + " is an APEX package and shouldn't declare permissions."

            );

        }

        return input.success(pkg);

    }

package com.android.server.pm;

import static com.android.internal.pm.pkg.parsing.ParsingPackageUtils.PARSE_APEX;

import android.apex.ApexInfo;

import android.apex.ApexInfoList;

import android.apex.ApexSessionInfo;

            final ParsedPackage parsedPackage;

            try (PackageParser2 packageParser = mPackageParserSupplier.get()) {

                File apexFile = new File(apexInfo.modulePath);

                parsedPackage = packageParser.parsePackage(apexFile, 0, false);

                parsedPackage = packageParser.parsePackage(apexFile, PARSE_APEX, false);

            } catch (PackageParserException e) {

                throw new PackageManagerException(

                        PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE,