Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit febe3918 authored by Sumedh Sen's avatar Sumedh Sen
Browse files

Prevent installing apps in policy restricted work profile using ADB 

If DISALLOW_DEBUGGING_FEATURES or DISALLOW_INSTALL_APPS restrictions are
set on a work profile, prevent side loading of APKs using ADB in the
work profile.

Bug: 257443065
Test: atest CtsPackageInstallTestCases:UserRestrictionInstallTest

Change-Id: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
parent b3a6aa48

services/core/java/com/android/server/pm/InstallPackageHelper.java

+20 −4
Original line number Diff line number Diff line
@@ -2264,11 +2264,27 @@ final class InstallPackageHelper { 
                    // The caller explicitly specified INSTALL_ALL_USERS flag.

                    // Thus, updating the settings to install the app for all users.

                    for (int currentUserId : allUsers) {

                        // If the app is already installed for the currentUser,

                        // keep it as installed as we might be updating the app at this place.

                        // If not currently installed, check if the currentUser is restricted by

                        // DISALLOW_INSTALL_APPS or DISALLOW_DEBUGGING_FEATURES device policy.

                        // Install / update the app if the user isn't restricted. Skip otherwise.

                        final boolean installedForCurrentUser = ArrayUtils.contains(

                                installedForUsers, currentUserId);

                        final boolean restrictedByPolicy =

                                mPm.isUserRestricted(currentUserId,

                                        UserManager.DISALLOW_INSTALL_APPS)

                                || mPm.isUserRestricted(currentUserId,

                                        UserManager.DISALLOW_DEBUGGING_FEATURES);

                        if (installedForCurrentUser || !restrictedByPolicy) {

                            ps.setInstalled(true, currentUserId);

                            if (!installRequest.isApplicationEnabledSettingPersistent()) {

                                ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, currentUserId,

                                        installerPackageName);

                            }

                        } else {

                            ps.setInstalled(false, currentUserId);

                        }

                    }

                }