Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 320bbe71 authored by Christopher Tate's avatar Christopher Tate
Browse files

Update install-permission logic to use new FLAG_PRIVILEGED 

We no longer grant all "signatureOrSystem" type permissions to all apps
bundled on the system partition; there is a build-time grant of
privileged status.  The logic for granting install permission now
checks the caller's privileged status, not just its apk location.

Bug 8765951

Change-Id: Ib88f4b0911743bd6bfd3458302fe88518e08ac86
parent fcb35c24

src/com/android/packageinstaller/PackageInstallerActivity.java

+5 −5
Original line number Diff line number Diff line
@@ -410,8 +410,8 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen 
            try {

                mSourceInfo = mPm.getApplicationInfo(callerPackage, 0);

                if (mSourceInfo != null) {

                    if ((mSourceInfo.flags&ApplicationInfo.FLAG_SYSTEM) != 0) {

                        // System apps don't need to be approved.

                    if ((mSourceInfo.flags&ApplicationInfo.FLAG_PRIVILEGED) != 0) {

                        // Privileged apps don't need to be approved.

                        initiateInstall();

                        return;

                    }
@@ -470,7 +470,7 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen 
        ApplicationInfo sourceInfo = getSourceInfo();

        if (sourceInfo != null) {

            if (uidFromIntent != VerificationParams.NO_UID &&

                    (mSourceInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {

                    (mSourceInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0) {

                return uidFromIntent;



            }
@@ -491,7 +491,7 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen 
        }



        // If we got a uid from the intent, we need to verify that the caller is a

        // system package before we use it

        // privileged system package before we use it

        if (uidFromIntent != VerificationParams.NO_UID) {

            String[] callingPackages = mPm.getPackagesForUid(callingUid);

            if (callingPackages != null) {
@@ -500,7 +500,7 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen 
                        ApplicationInfo applicationInfo =

                                mPm.getApplicationInfo(packageName, 0);



                        if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {

                        if ((applicationInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0) {

                            return uidFromIntent;

                        }

                    } catch (NameNotFoundException ex) {