Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6c28c614 authored by Joanne Chung's avatar Joanne Chung
Browse files

Allow update owner to access InstallConstraints APIs 

An app may not have an installer of record, but could have an update
owner, the API should make it honour the update owner.

Bug: 280724094
Test: atest InstallConstraintsTest
Test: manual. Local comment out the installer name check and CTS test
sets with para.setRequestUpdateOwnership(true) and run test.

Change-Id: I4ed9c3802df581608766908d5385d5f8e1e925a8
parent f3475fcf

services/core/java/com/android/server/pm/PackageInstallerService.java

+9 −2
Original line number Diff line number Diff line
@@ -104,6 +104,7 @@ import com.android.server.SystemConfig; 
import com.android.server.SystemService;

import com.android.server.SystemServiceManager;

import com.android.server.pm.parsing.PackageParser2;

import com.android.server.pm.pkg.PackageStateInternal;

import com.android.server.pm.utils.RequestThrottle;



import libcore.io.IoUtils;
@@ -1308,6 +1309,13 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
        }

    }



    private boolean isValidForInstallConstraints(PackageStateInternal ps,

            String installerPackageName) {

        return TextUtils.equals(ps.getInstallSource().mInstallerPackageName, installerPackageName)

                || TextUtils.equals(ps.getInstallSource().mUpdateOwnerPackageName,

                installerPackageName);

    }



    private CompletableFuture<InstallConstraintsResult> checkInstallConstraintsInternal(

            String installerPackageName, List<String> packageNames,

            InstallConstraints constraints, long timeoutMillis) {
@@ -1319,8 +1327,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
        if (!PackageManagerServiceUtils.isSystemOrRootOrShell(callingUid)) {

            for (var packageName : packageNames) {

                var ps = snapshot.getPackageStateInternal(packageName);

                if (ps == null || !TextUtils.equals(

                        ps.getInstallSource().mInstallerPackageName, installerPackageName)) {

                if (ps == null || !isValidForInstallConstraints(ps, installerPackageName)) {

                    throw new SecurityException("Caller has no access to package " + packageName);

                }

            }