Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 5e87848e authored by Winson's avatar Winson Committed by Vasyl Gello
Browse files

DO NOT MERGE: Verify INSTALL_PACKAGES permissions when adding installer package 



Without this check, any package can set the installer package of
another package whose installer has been removed or was never set.
This provides access to other privileged actions and is undesired.

Bug: 150857253

Test: manual verify with proof of concept in linked bug
Test: atest android.appsecurity.cts.PackageSetInstallerTest

[basilgello: Backport to 14.1:
 - callingUid -> Binder.getCallingUid()]
Signed-off-by: default avatarVasyl Gello <vasek.gello@gmail.com>

Change-Id: I2159c357911ff39ffd819054b42f96ae86bc98bc
(cherry picked from commit fc8bfed5)
parent c3ad6422
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment