Loading core/java/android/content/pm/IPackageInstaller.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -55,4 +55,6 @@ interface IPackageInstaller { in IntentSender statusReceiver, int userId, in List<String> whiteListedPermissions); void setPermissionsResult(int sessionId, boolean accepted); void bypassNextStagedInstallerCheck(boolean value); } services/core/java/com/android/server/pm/PackageInstallerService.java +21 −2 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ import com.android.internal.util.ImageUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.IoThread; import com.android.server.LocalServices; import com.android.server.SystemConfig; import com.android.server.pm.parsing.PackageParser2; import com.android.server.pm.permission.PermissionManagerServiceInternal; Loading Loading @@ -151,6 +152,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements private final Callbacks mCallbacks; private volatile boolean mOkToSendBroadcasts = false; private volatile boolean mBypassNextStagedInstallerCheck = false; /** * File storing persisted {@link #mSessions} metadata. Loading Loading @@ -541,7 +543,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements } } if (Build.IS_DEBUGGABLE || isDowngradeAllowedForCaller(callingUid)) { if (Build.IS_DEBUGGABLE || isCalledBySystemOrShell(callingUid)) { params.installFlags |= PackageManager.INSTALL_ALLOW_DOWNGRADE; } else { params.installFlags &= ~PackageManager.INSTALL_ALLOW_DOWNGRADE; Loading Loading @@ -571,6 +573,14 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements } } if (mBypassNextStagedInstallerCheck) { mBypassNextStagedInstallerCheck = false; } else if (params.isStaged && !isCalledBySystemOrShell(callingUid) && !isWhitelistedStagedInstaller(requestedInstallerPackageName)) { throw new SecurityException("Installer not allowed to commit staged install"); } if (!params.isMultiPackage) { // Only system components can circumvent runtime permissions when installing. if ((params.installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0 Loading Loading @@ -683,11 +693,15 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements return sessionId; } private boolean isDowngradeAllowedForCaller(int callingUid) { private boolean isCalledBySystemOrShell(int callingUid) { return callingUid == Process.SYSTEM_UID || callingUid == Process.ROOT_UID || callingUid == Process.SHELL_UID; } private boolean isWhitelistedStagedInstaller(String installerName) { return SystemConfig.getInstance().getWhitelistedStagedInstallers().contains(installerName); } @Override public void updateSessionAppIcon(int sessionId, Bitmap appIcon) { synchronized (mSessions) { Loading Loading @@ -963,6 +977,11 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements } } @Override public void bypassNextStagedInstallerCheck(boolean value) { mBypassNextStagedInstallerCheck = value; } private static int getSessionCount(SparseArray<PackageInstallerSession> sessions, int installerUid) { int count = 0; Loading services/core/java/com/android/server/pm/PackageManagerShellCommand.java +16 −0 Original line number Diff line number Diff line Loading @@ -297,6 +297,8 @@ class PackageManagerShellCommand extends ShellCommand { return runGetModuleInfo(); case "log-visibility": return runLogVisibility(); case "bypass-staged-installer-check": return runBypassStagedInstallerCheck(); default: { String nextArg = getNextArg(); if (nextArg == null) { Loading Loading @@ -392,6 +394,20 @@ class PackageManagerShellCommand extends ShellCommand { return 1; } private int runBypassStagedInstallerCheck() { final PrintWriter pw = getOutPrintWriter(); try { mInterface.getPackageInstaller() .bypassNextStagedInstallerCheck(Boolean.parseBoolean(getNextArg())); return 0; } catch (RemoteException e) { pw.println("Failure [" + e.getClass().getName() + " - " + e.getMessage() + "]"); return -1; } } private int uninstallSystemUpdates() { final PrintWriter pw = getOutPrintWriter(); List<String> failedUninstalls = new LinkedList<>(); Loading Loading
core/java/android/content/pm/IPackageInstaller.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -55,4 +55,6 @@ interface IPackageInstaller { in IntentSender statusReceiver, int userId, in List<String> whiteListedPermissions); void setPermissionsResult(int sessionId, boolean accepted); void bypassNextStagedInstallerCheck(boolean value); }
services/core/java/com/android/server/pm/PackageInstallerService.java +21 −2 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ import com.android.internal.util.ImageUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.IoThread; import com.android.server.LocalServices; import com.android.server.SystemConfig; import com.android.server.pm.parsing.PackageParser2; import com.android.server.pm.permission.PermissionManagerServiceInternal; Loading Loading @@ -151,6 +152,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements private final Callbacks mCallbacks; private volatile boolean mOkToSendBroadcasts = false; private volatile boolean mBypassNextStagedInstallerCheck = false; /** * File storing persisted {@link #mSessions} metadata. Loading Loading @@ -541,7 +543,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements } } if (Build.IS_DEBUGGABLE || isDowngradeAllowedForCaller(callingUid)) { if (Build.IS_DEBUGGABLE || isCalledBySystemOrShell(callingUid)) { params.installFlags |= PackageManager.INSTALL_ALLOW_DOWNGRADE; } else { params.installFlags &= ~PackageManager.INSTALL_ALLOW_DOWNGRADE; Loading Loading @@ -571,6 +573,14 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements } } if (mBypassNextStagedInstallerCheck) { mBypassNextStagedInstallerCheck = false; } else if (params.isStaged && !isCalledBySystemOrShell(callingUid) && !isWhitelistedStagedInstaller(requestedInstallerPackageName)) { throw new SecurityException("Installer not allowed to commit staged install"); } if (!params.isMultiPackage) { // Only system components can circumvent runtime permissions when installing. if ((params.installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0 Loading Loading @@ -683,11 +693,15 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements return sessionId; } private boolean isDowngradeAllowedForCaller(int callingUid) { private boolean isCalledBySystemOrShell(int callingUid) { return callingUid == Process.SYSTEM_UID || callingUid == Process.ROOT_UID || callingUid == Process.SHELL_UID; } private boolean isWhitelistedStagedInstaller(String installerName) { return SystemConfig.getInstance().getWhitelistedStagedInstallers().contains(installerName); } @Override public void updateSessionAppIcon(int sessionId, Bitmap appIcon) { synchronized (mSessions) { Loading Loading @@ -963,6 +977,11 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements } } @Override public void bypassNextStagedInstallerCheck(boolean value) { mBypassNextStagedInstallerCheck = value; } private static int getSessionCount(SparseArray<PackageInstallerSession> sessions, int installerUid) { int count = 0; Loading
services/core/java/com/android/server/pm/PackageManagerShellCommand.java +16 −0 Original line number Diff line number Diff line Loading @@ -297,6 +297,8 @@ class PackageManagerShellCommand extends ShellCommand { return runGetModuleInfo(); case "log-visibility": return runLogVisibility(); case "bypass-staged-installer-check": return runBypassStagedInstallerCheck(); default: { String nextArg = getNextArg(); if (nextArg == null) { Loading Loading @@ -392,6 +394,20 @@ class PackageManagerShellCommand extends ShellCommand { return 1; } private int runBypassStagedInstallerCheck() { final PrintWriter pw = getOutPrintWriter(); try { mInterface.getPackageInstaller() .bypassNextStagedInstallerCheck(Boolean.parseBoolean(getNextArg())); return 0; } catch (RemoteException e) { pw.println("Failure [" + e.getClass().getName() + " - " + e.getMessage() + "]"); return -1; } } private int uninstallSystemUpdates() { final PrintWriter pw = getOutPrintWriter(); List<String> failedUninstalls = new LinkedList<>(); Loading
