Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9543490 authored by Nikita Ioffe's avatar Nikita Ioffe
Browse files

Unset INSTALL_DISABLE_VERIFICATION flag if install is not from system 

Bug: 138650665
Test: pushed manual privapp that attempts an install
  with INSTALL_DISABLE_VERIFICATION flag.
  Checked that PackageVerifier was called.
Test: atest CtsSecurityTestCases:android.security.cts.PackageInstallerTest
Test: atest CtsStagedInstallHostTestCases
Change-Id: I041d2e5f6d2609bfe9475f24eefb936f0c8e2a32
(cherry picked from commit dfd3641ec9fa6a428af62540e53ac22e6ba0b412)
parent 90ad227c

services/core/java/com/android/server/pm/PackageInstallerService.java

+5 −0
Original line number Diff line number Diff line
@@ -505,6 +505,11 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
            params.installFlags &= ~PackageManager.INSTALL_REQUEST_DOWNGRADE;

        }



        if (callingUid != Process.SYSTEM_UID) {

            // Only system_server can use INSTALL_DISABLE_VERIFICATION.

            params.installFlags &= ~PackageManager.INSTALL_DISABLE_VERIFICATION;

        }



        boolean isApex = (params.installFlags & PackageManager.INSTALL_APEX) != 0;

        if (params.isStaged || isApex) {

            mContext.enforceCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES, TAG);