Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cfdc1eea authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Add self update permission

This permission is a subset of INSTALL_PACKAGES that only allows a
package to update itself. Many of the users of INSTALL_PACKAGE claim to
be using it solely for self updating but INSTALL_PACKAGES gives a lot
more power than is needed. This limits those priv apps to what they
intend to do.

Test: manual
Change-Id: I3442ad1a285df660b8c2635e3db59d7bc0662324
parent 65de1621
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -127,6 +127,7 @@ package android {
    field public static final java.lang.String INSTALL_GRANT_RUNTIME_PERMISSIONS = "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS";
    field public static final java.lang.String INSTALL_LOCATION_PROVIDER = "android.permission.INSTALL_LOCATION_PROVIDER";
    field public static final java.lang.String INSTALL_PACKAGES = "android.permission.INSTALL_PACKAGES";
    field public static final java.lang.String INSTALL_SELF_UPDATES = "android.permission.INSTALL_SELF_UPDATES";
    field public static final java.lang.String INSTALL_SHORTCUT = "com.android.launcher.permission.INSTALL_SHORTCUT";
    field public static final java.lang.String INSTANT_APP_FOREGROUND_SERVICE = "android.permission.INSTANT_APP_FOREGROUND_SERVICE";
    field public static final java.lang.String INTENT_FILTER_VERIFICATION_AGENT = "android.permission.INTENT_FILTER_VERIFICATION_AGENT";
+8 −0
Original line number Diff line number Diff line
@@ -2778,6 +2778,14 @@
    <permission android:name="android.permission.INSTALL_PACKAGES"
      android:protectionLevel="signature|privileged" />

    <!-- @SystemApi Allows an application to install self updates. This is a limited version
         of {@link android.Manifest.permission#INSTALL_PACKAGES}.
        <p>Not for use by third-party applications.
        @hide
    -->
    <permission android:name="android.permission.INSTALL_SELF_UPDATES"
        android:protectionLevel="signature|privileged" />

    <!-- @SystemApi Allows an application to clear user data.
         <p>Not for use by third-party applications
         @hide
+7 −1
Original line number Diff line number Diff line
@@ -312,9 +312,15 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
            return false;
        }

        final boolean isPermissionGranted =
        final boolean isInstallPermissionGranted =
                (mPm.checkUidPermission(android.Manifest.permission.INSTALL_PACKAGES,
                        mInstallerUid) == PackageManager.PERMISSION_GRANTED);
        final boolean isSelfUpdatePermissionGranted =
                (mPm.checkUidPermission(android.Manifest.permission.INSTALL_SELF_UPDATES,
                        mInstallerUid) == PackageManager.PERMISSION_GRANTED);
        final boolean isPermissionGranted = isInstallPermissionGranted
                || (isSelfUpdatePermissionGranted
                    && mPm.getPackageUid(mPackageName, 0, userId) == mInstallerUid);
        final boolean isInstallerRoot = (mInstallerUid == Process.ROOT_UID);
        final boolean forcePermissionPrompt =
                (params.installFlags & PackageManager.INSTALL_FORCE_PERMISSION_PROMPT) != 0;