summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/PackageInstallerService.java9
1 files changed, 8 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 0b63b7ddef85..871dd3dbf7f6 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -626,7 +626,14 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
}
boolean isApex = (params.installFlags & PackageManager.INSTALL_APEX) != 0;
- if (params.isStaged || isApex) {
+ if (isApex) {
+ if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGE_UPDATES)
+ == PackageManager.PERMISSION_DENIED
+ && mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES)
+ == PackageManager.PERMISSION_DENIED) {
+ throw new SecurityException("Not allowed to perform APEX updates");
+ }
+ } else if (params.isStaged) {
mContext.enforceCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES, TAG);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-02 02:55:44 +0000