From b0bed46691db3fa0b9a109d236cb9cd85f4042e6 Mon Sep 17 00:00:00 2001 From: lpeter Date: Tue, 6 Aug 2024 09:22:12 +0000 Subject: Disallow device admin package and protected packages to be reinstalled as instant. We should prevent the following types of apps from being reinstalled with --install-existing as an instant. (1)device admin package (2)protected packages Flag: EXEMPT bugfix Bug: 341256043 Test: Manual test Merged-In: Ib1ed417072a3e942284e267e660631bd9e863248 Merged-In: I30244cf18aa6522361f13a1d2119ac5847939ddd Change-Id: I4e913a12477fd4a64990033eaae533e30863e2a2 --- services/core/java/com/android/server/pm/PackageManagerService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 3bf19bbaa640..8abf3a66b747 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -16174,6 +16174,9 @@ public class PackageManagerService extends IPackageManager.Stub (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; final boolean fullApp = (installFlags & PackageManager.INSTALL_FULL_APP) != 0; + final boolean isPackageDeviceAdmin = isPackageDeviceAdmin(packageName, userId); + final boolean isProtectedPackage = mProtectedPackages != null + && mProtectedPackages.isPackageStateProtected(userId, packageName); // writer synchronized (mLock) { @@ -16181,7 +16184,8 @@ public class PackageManagerService extends IPackageManager.Stub if (pkgSetting == null) { return PackageManager.INSTALL_FAILED_INVALID_URI; } - if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting))) { + if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting) + || isPackageDeviceAdmin || isProtectedPackage)) { return PackageManager.INSTALL_FAILED_INVALID_URI; } if (!canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) { -- cgit v1.2.3-59-g8ed1b