Merge "Prevent system reset staged installer bypass flag unexpactly" into rvc-dev am: 809bf93563 (c5c10519) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageInstallerService.java

+7 −7

Original line number	Original line	Diff line number	Diff line
	@@ -589,13 +589,13 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
	}		}
	}		}

			if (params.isStaged && !isCalledBySystemOrShell(callingUid)) {
	if (mBypassNextStagedInstallerCheck) {		if (mBypassNextStagedInstallerCheck) {
	mBypassNextStagedInstallerCheck = false;		mBypassNextStagedInstallerCheck = false;
	} else if (params.isStaged		} else if (!isStagedInstallerAllowed(requestedInstallerPackageName)) {
	&& !isCalledBySystemOrShell(callingUid)
	&& !isWhitelistedStagedInstaller(requestedInstallerPackageName)) {
	throw new SecurityException("Installer not allowed to commit staged install");		throw new SecurityException("Installer not allowed to commit staged install");
	}		}
			}

	if (!params.isMultiPackage) {		if (!params.isMultiPackage) {
	// Only system components can circumvent runtime permissions when installing.		// Only system components can circumvent runtime permissions when installing.
	@@ -725,7 +725,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
	\|\| callingUid == Process.SHELL_UID;		\|\| callingUid == Process.SHELL_UID;
	}		}

	private boolean isWhitelistedStagedInstaller(String installerName) {		private boolean isStagedInstallerAllowed(String installerName) {
	return SystemConfig.getInstance().getWhitelistedStagedInstallers().contains(installerName);		return SystemConfig.getInstance().getWhitelistedStagedInstallers().contains(installerName);
	}		}