Revert "[PM] Check unknown sources user restriction for intent installation" (e3c8f2ad) · Commits · e / os / android_frameworks_base

packages/PackageInstaller/src/com/android/packageinstaller/InstallStart.java

+3 −12

Original line number	Original line	Diff line number	Diff line
	@@ -178,16 +178,7 @@ public class InstallStart extends Activity {
	mAbortInstall = true;		mAbortInstall = true;
	}		}

	// Bypass the unknown source user restrictions check when either of the following		checkDevicePolicyRestrictions(isTrustedSource);
	// two conditions is met:
	// 1. the installation is not triggered via ACTION_VIEW or ACTION_INSTALL_PACKAGE
	// 2. the value of the Intent.EXTRA_NOT_UNKNOWN_SOURCE is TRUE and the caller is
	// a privileged app
	final boolean isIntentInstall =
	Intent.ACTION_VIEW.equals(intentAction)
	\|\| Intent.ACTION_INSTALL_PACKAGE.equals(intentAction);
	final boolean bypassUnknownSourceRestrictions = !isIntentInstall \|\| isPrivilegedAndKnown;
	checkDevicePolicyRestrictions(bypassUnknownSourceRestrictions);

	final String installerPackageNameFromIntent = getIntent().getStringExtra(		final String installerPackageNameFromIntent = getIntent().getStringExtra(
	Intent.EXTRA_INSTALLER_PACKAGE_NAME);		Intent.EXTRA_INSTALLER_PACKAGE_NAME);
	@@ -353,9 +344,9 @@ public class InstallStart extends Activity {
	return callingUid == installerUid;		return callingUid == installerUid;
	}		}

	private void checkDevicePolicyRestrictions(boolean bypassUnknownSourceRestrictions) {		private void checkDevicePolicyRestrictions(boolean isTrustedSource) {
	String[] restrictions;		String[] restrictions;
	if (bypassUnknownSourceRestrictions) {		if(isTrustedSource) {
	restrictions = new String[] { UserManager.DISALLOW_INSTALL_APPS };		restrictions = new String[] { UserManager.DISALLOW_INSTALL_APPS };
	} else {		} else {
	restrictions = new String[] {		restrictions = new String[] {

packages/PackageInstaller/src/com/android/packageinstaller/v2/model/InstallRepository.kt

+17 −19

Original line number	Original line	Diff line number	Diff line
	@@ -253,13 +253,7 @@ class InstallRepository(private val context: Context) : EventResultPersister.Eve
	return InstallAborted(ABORT_REASON_INTERNAL_ERROR)		return InstallAborted(ABORT_REASON_INTERNAL_ERROR)
	}		}

	val isPrivilegedAndKnown = sourceInfo != null && sourceInfo.isPrivilegedApp &&		isTrustedSource = isInstallRequestFromTrustedSource(sourceInfo, this.intent, originatingUid)
	intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)
	val isInstallPkgPermissionGranted = originatingUid != Process.INVALID_UID &&
	isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, originatingUid)

	isTrustedSource = isPrivilegedAndKnown \|\| isInstallPkgPermissionGranted

	// In general case, the originatingUid is callingUid. If callingUid is INVALID_UID, return		// In general case, the originatingUid is callingUid. If callingUid is INVALID_UID, return
	// InstallAborted in the check above. When the originatingUid is INVALID_UID here, it means		// InstallAborted in the check above. When the originatingUid is INVALID_UID here, it means
	// the originatingUid is from the system download manager or the system documents manager,		// the originatingUid is from the system download manager or the system documents manager,
	@@ -270,16 +264,7 @@ class InstallRepository(private val context: Context) : EventResultPersister.Eve
	return InstallAborted(ABORT_REASON_INTERNAL_ERROR)		return InstallAborted(ABORT_REASON_INTERNAL_ERROR)
	}		}

	// Bypass the unknown source user restrictions check when either of the following		val restriction = getDevicePolicyRestrictions(isTrustedSource)
	// two conditions is met:
	// 1. the installation is not triggered via ACTION_VIEW or ACTION_INSTALL_PACKAGE
	// 2. the value of the Intent.EXTRA_NOT_UNKNOWN_SOURCE is TRUE and the caller is
	// a privileged app
	val isIntentInstall =
	Intent.ACTION_VIEW == intent.action
	\|\| Intent.ACTION_INSTALL_PACKAGE == intent.action
	val bypassUnknownSourceRestrictions = !isIntentInstall \|\| isPrivilegedAndKnown
	val restriction = getDevicePolicyRestrictions(bypassUnknownSourceRestrictions)
	if (restriction != null) {		if (restriction != null) {
	val adminSupportDetailsIntent =		val adminSupportDetailsIntent =
	devicePolicyManager!!.createAdminSupportIntent(restriction)		devicePolicyManager!!.createAdminSupportIntent(restriction)
	@@ -305,8 +290,21 @@ class InstallRepository(private val context: Context) : EventResultPersister.Eve
	}		}
	}		}

	private fun getDevicePolicyRestrictions(bypassUnknownSourceRestrictions: Boolean): String? {		private fun isInstallRequestFromTrustedSource(
	val restrictions: Array<String> = if (bypassUnknownSourceRestrictions) {		sourceInfo: ApplicationInfo?,
			intent: Intent,
			callingUid: Int,
			): Boolean {
			val isPrivilegedAndKnown = sourceInfo != null && sourceInfo.isPrivilegedApp &&
			intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)
			val isInstallPkgPermissionGranted = callingUid != Process.INVALID_UID
			&& isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, callingUid)

			return isPrivilegedAndKnown \|\| isInstallPkgPermissionGranted
			}

			private fun getDevicePolicyRestrictions(isTrustedSource: Boolean): String? {
			val restrictions: Array<String> = if (isTrustedSource) {
	arrayOf(UserManager.DISALLOW_INSTALL_APPS)		arrayOf(UserManager.DISALLOW_INSTALL_APPS)
	} else {		} else {
	arrayOf(		arrayOf(