Merge "DO NOT MERGE: Verify INSTALL_PACKAGES permissions when adding installer...

            // Verify: if target already has an installer package, it must

            // be signed with the same cert as the caller.

            if (targetPackageSetting.installerPackageName != null) {

                PackageSetting setting = mSettings.mPackages.get(

                        targetPackageSetting.installerPackageName);

                // If the currently set package isn't valid, then it's always

                // okay to change it.

                if (setting != null) {

            String targetInstallerPackageName =

                    targetPackageSetting.installerPackageName;

            PackageSetting targetInstallerPkgSetting = targetInstallerPackageName == null ? null :

                    mSettings.mPackages.get(targetInstallerPackageName);

            if (targetInstallerPkgSetting != null) {

                if (compareSignatures(callerSignature,

                            setting.signatures.mSignatures)

                        targetInstallerPkgSetting.signatures.mSignatures)

                        != PackageManager.SIGNATURE_MATCH) {

                    throw new SecurityException(

                            "Caller does not have same cert as old installer package "

                                + targetPackageSetting.installerPackageName);

                    }

                                    + targetInstallerPackageName);

                }

            } else if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES)

                    != PackageManager.PERMISSION_GRANTED) {

                // This is probably an attempt to exploit vulnerability b/150857253 of taking

                // privileged installer permissions when the installer has been uninstalled or

                // was never set.

                EventLog.writeEvent(0x534e4554, "150857253", callingUid, "");

                return;

            }

            // Okay!