Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0943a33 authored by Joanne Chung's avatar Joanne Chung
Browse files

Allow checking install constraints for your own app 

The use cases like if the app is a prebuild app, the installer of
record, the update owner is not set. We should also allow to check
constraints for your own app if it is allowed.

Bug: 281798465
Test: build a prebuild sample app(ag/23240836) with needed permision
and call API

Change-Id: I82622935ba96dd0eade8e4136e6e1895256b0873
parent 5f4688c0

services/core/java/com/android/server/pm/PackageInstallerService.java

+10 −3
Original line number Diff line number Diff line
@@ -1318,10 +1318,16 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
    }



    private boolean isValidForInstallConstraints(PackageStateInternal ps,

            String installerPackageName) {

            String installerPackageName, int installerUid, String packageName) {

        final var snapshot = mPm.snapshotComputer();

        final var isSelfUpdatePermissionGranted =

                (snapshot.checkUidPermission(android.Manifest.permission.INSTALL_SELF_UPDATES,

                        installerUid) == PackageManager.PERMISSION_GRANTED);

        final var isSelfUpdateAllowed = isSelfUpdatePermissionGranted && TextUtils.equals(

                packageName, installerPackageName);

        return TextUtils.equals(ps.getInstallSource().mInstallerPackageName, installerPackageName)

                || TextUtils.equals(ps.getInstallSource().mUpdateOwnerPackageName,

                installerPackageName);

                installerPackageName) || isSelfUpdateAllowed;

    }



    private CompletableFuture<InstallConstraintsResult> checkInstallConstraintsInternal(
@@ -1340,7 +1346,8 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
        if (!PackageManagerServiceUtils.isSystemOrRootOrShell(callingUid)) {

            for (var packageName : packageNames) {

                var ps = snapshot.getPackageStateInternal(packageName);

                if (ps == null || !isValidForInstallConstraints(ps, installerPackageName)) {

                if (ps == null || !isValidForInstallConstraints(ps, installerPackageName,

                        callingUid, packageName)) {

                    throw new SecurityException("Caller has no access to package " + packageName);

                }

            }