From 36168195b48231f044bd4af23ea667fa1b514c6d Mon Sep 17 00:00:00 2001 From: Christopher Dombroski Date: Tue, 16 Apr 2019 13:21:39 -0700 Subject: [PATCH] OP_REQUEST_INSTALL_PACKAGES denied by default Some system apps may download unknown content and the user should be explicitly asked whether they trust these files. System apps should explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check. Test: Builds, boots, existing tests pass: atest CtsPackageInstallTestCases Locally verified they pass if CtsPackageInstallTestCases.apk was signed by the platform cert. Bug: 123700348 Change-Id: I3028bf8ff3f79a41521deeee43fba3c32bb1b2ca Merged-In: I2578251906f6656b83464d1c4fc4db99165841c9 (cherry picked from commit 43e682abef2a1c65585bef510c390480f0c4a2fd) --- services/core/java/com/android/server/pm/PackageManagerService.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 132f3040d207..0a509146df22 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -25853,11 +25853,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); } if (mExternalSourcesPolicy != null) { int isTrusted = mExternalSourcesPolicy.getPackageTrustedToInstallApps(packageName, uid); - if (isTrusted != PackageManagerInternal.ExternalSourcesPolicy.USER_DEFAULT) { - return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED; - } + return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED; } - return checkUidPermission(appOpPermission, uid) == PERMISSION_GRANTED; + return false; } @Override -- 2.11.0