Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 217f31fb authored by Christopher Dombroski's avatar Christopher Dombroski
Browse files

[RESTRICT AUTOMERGE]: OP_REQUEST_INSTALL_PACKAGES denied by default 

Some system apps may download unknown content and the user should
be explicitly asked whether they trust these files. System apps should
explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check.

Test: Builds, boots, existing tests pass:
atest CtsPackageInstallTestCases

Locally verified they pass if CtsPackageInstallTestCases.apk was signed by
the platform cert.

Bug: 123700348
Change-Id: I962217e8736f1f62e91fd968ba7dc7fda46d67db
parent b5302e67

src/com/android/packageinstaller/PackageInstallerActivity.java

+0 −11
Original line number Diff line number Diff line
@@ -40,7 +40,6 @@ import android.net.Uri; 
import android.os.Build;

import android.os.Bundle;

import android.os.Process;

import android.os.RemoteException;

import android.os.UserManager;

import android.provider.Settings;

import android.support.annotation.NonNull;
@@ -521,16 +520,6 @@ public class PackageInstallerActivity extends OverlayTouchActivity implements On 
                mOriginatingUid, mOriginatingPackage);

        switch (appOpMode) {

            case AppOpsManager.MODE_DEFAULT:

                try {

                    int result = mIpm.checkUidPermission(

                            Manifest.permission.REQUEST_INSTALL_PACKAGES, mOriginatingUid);

                    if (result == PackageManager.PERMISSION_GRANTED) {

                        initiateInstall();

                        break;

                    }

                } catch (RemoteException exc) {

                    Log.e(TAG, "Unable to talk to package manager");

                }

                mAppOpsManager.setMode(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES, mOriginatingUid,

                        mOriginatingPackage, AppOpsManager.MODE_ERRORED);

                // fall through