Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6be4be5 authored by Sumedh Sen's avatar Sumedh Sen
Browse files

[piav2] Modify logic to compute trustedSource 

A caller can be trusted if it is privileged and passed
EXTRA_NOT_UNKNOWN_SOURCE or holds the INSTALL_PACKAGES permission.

This was implemented in PiaV1 in ag/27608687

Bug: 343233266
Test: CtsPackageInstallTestCases
Flag: android.content.pm.use_pia_v2
Change-Id: Ic2ac168b56083af7e21878cf031d9987d7676cc7
parent 3a86dc44

packages/PackageInstaller/src/com/android/packageinstaller/v2/model/InstallRepository.kt

+6 −4
Original line number Diff line number Diff line
@@ -237,10 +237,12 @@ class InstallRepository(private val context: Context) { 
        intent: Intent,

        callingUid: Int,

    ): Boolean {

        val isNotUnknownSource = intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)

        return (sourceInfo != null && sourceInfo.isPrivilegedApp

            && (isNotUnknownSource

            || isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, callingUid)))

        val isPrivilegedAndKnown = sourceInfo != null && sourceInfo.isPrivilegedApp &&

            intent.getBooleanExtra(Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)

        val isInstallPkgPermissionGranted =

            isPermissionGranted(context, Manifest.permission.INSTALL_PACKAGES, callingUid)



        return isPrivilegedAndKnown || isInstallPkgPermissionGranted

    }



    private fun getDevicePolicyRestrictions(isTrustedSource: Boolean): String? {

packages/PackageInstaller/src/com/android/packageinstaller/v2/model/PackageUtil.kt

+2 −2
Original line number Diff line number Diff line
@@ -130,8 +130,8 @@ object PackageUtil { 
     * @param context the [Context] object

     * @param callingUid the UID of the caller of Pia

     * @param isTrustedSource indicates whether install request is coming from a privileged app

     * that has passed EXTRA_NOT_UNKNOWN_SOURCE as `true` in the installation intent, or that has

     * the [INSTALL_PACKAGES][Manifest.permission.INSTALL_PACKAGES] permission granted.

     * that has passed EXTRA_NOT_UNKNOWN_SOURCE as `true` in the installation intent, or an app that

     * has the [INSTALL_PACKAGES][Manifest.permission.INSTALL_PACKAGES] permission granted.

     *

     * @return `true` if the package is either a system downloads provider, a document manager,

     * a trusted source, or has declared the