Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 67a59617 authored by Ricardo Cerqueira's avatar Ricardo Cerqueira Committed by Pawit Pornkitprasan
Browse files

PackageManager: Restrict system packages to protected storage 

Don't allow packages signed with the platform key to be
installed into user (or app) controlled storage

(cherry-picked from 64fa8092
 with changed file path)

Patch set 2: Fix compile error due to changed function name

Change-Id: I7390b3bdf5289411f7a335c69635bed9f74bbfb3
parent ec30fda8

services/java/com/android/server/pm/PackageManagerService.java

+14 −0
Original line number Original line Diff line number Diff line
@@ -3166,6 +3166,20 @@ public class PackageManagerService extends IPackageManager.Stub { 
            return null;

            return null;

        }

        }





        if (!pkg.applicationInfo.sourceDir.startsWith(Environment.getRootDirectory().getPath()) &&

                !pkg.applicationInfo.sourceDir.startsWith("/vendor")) {

            Object obj = mSettings.getUserIdLPr(1000);

            Signature[] s1 = null;

            if (obj instanceof SharedUserSetting) {

                s1 = ((SharedUserSetting)obj).signatures.mSignatures;

            }

            if ((compareSignatures(pkg.mSignatures, s1) == PackageManager.SIGNATURE_MATCH)) {

                Slog.w(TAG, "Cannot install platform packages to user storage");

                mLastScanError = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION;

                return null;

            }

        }



        // Initialize package source and resource directories

        // Initialize package source and resource directories

        File destCodeFile = new File(pkg.applicationInfo.sourceDir);

        File destCodeFile = new File(pkg.applicationInfo.sourceDir);

        File destResourceFile = new File(pkg.applicationInfo.publicSourceDir);

        File destResourceFile = new File(pkg.applicationInfo.publicSourceDir);