Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f4f88f9c authored by Treehugger Robot's avatar Treehugger Robot Committed by Android (Google) Code Review
Browse files

Merge changes from topic "trusted-source-restriction-check" into main 

* changes:
  [piav2] Modify logic to compute trustedSource
  [piav2] Dont check for "no_install_unknown_sources" for installs from privileged sources.
parents 2d9039b5 f6be4be5

packages/PackageInstaller/src/com/android/packageinstaller/v2/model/InstallRepository.kt

+18 −11
Original line number Diff line number Diff line
@@ -206,7 +206,7 @@ class InstallRepository(private val context: Context) { 
            return InstallAborted(ABORT_REASON_INTERNAL_ERROR)

        }



        val restriction = getDevicePolicyRestrictions()

        val restriction = getDevicePolicyRestrictions(isTrustedSource)

        if (restriction != null) {

            val adminSupportDetailsIntent =

                devicePolicyManager!!.createAdminSupportIntent(restriction)
@@ -237,18 +237,25 @@ class InstallRepository(private val context: Context) { 
        intent: Intent,

        callingUid: Int,

    ): Boolean {

        val isNotUnknownSource = intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)

        return (sourceInfo != null && sourceInfo.isPrivilegedApp

            && (isNotUnknownSource

            || isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, callingUid)))

        val isPrivilegedAndKnown = sourceInfo != null && sourceInfo.isPrivilegedApp &&

            intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)

        val isInstallPkgPermissionGranted =

            isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, callingUid)



        return isPrivilegedAndKnown || isInstallPkgPermissionGranted

    }



    private fun getDevicePolicyRestrictions(): String? {

        val restrictions = arrayOf(

    private fun getDevicePolicyRestrictions(isTrustedSource: Boolean): String? {

        val restrictions: Array<String> = if (isTrustedSource) {

            arrayOf(UserManager.DISALLOW_INSTALL_APPS)

        } else {

            arrayOf(

                UserManager.DISALLOW_INSTALL_APPS,

                UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,

                UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY

            )

        }



        for (restriction in restrictions) {

            if (!userManager!!.hasUserRestrictionForUser(restriction, Process.myUserHandle())) {

                continue

packages/PackageInstaller/src/com/android/packageinstaller/v2/model/PackageUtil.kt

+2 −2
Original line number Diff line number Diff line
@@ -130,8 +130,8 @@ object PackageUtil { 
     * @param context the [Context] object

     * @param callingUid the UID of the caller of Pia

     * @param isTrustedSource indicates whether install request is coming from a privileged app

     * that has passed EXTRA_NOT_UNKNOWN_SOURCE as `true` in the installation intent, or that has

     * the [INSTALL_PACKAGES][Manifest.permission.INSTALL_PACKAGES] permission granted.

     * that has passed EXTRA_NOT_UNKNOWN_SOURCE as `true` in the installation intent, or an app that

     * has the [INSTALL_PACKAGES][Manifest.permission.INSTALL_PACKAGES] permission granted.

     *

     * @return `true` if the package is either a system downloads provider, a document manager,

     * a trusted source, or has declared the