From 43e682abef2a1c65585bef510c390480f0c4a2fd Mon Sep 17 00:00:00 2001 From: Christopher Dombroski Date: Tue, 16 Apr 2019 13:21:39 -0700 Subject: OP_REQUEST_INSTALL_PACKAGES denied by default Some system apps may download unknown content and the user should be explicitly asked whether they trust these files. System apps should explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check. Test: Builds, boots, existing tests pass: atest CtsPackageInstallTestCases Locally verified they pass if CtsPackageInstallTestCases.apk was signed by the platform cert. Bug: 123700348 Change-Id: I3028bf8ff3f79a41521deeee43fba3c32bb1b2ca Merged-In: I2578251906f6656b83464d1c4fc4db99165841c9 --- services/core/java/com/android/server/pm/PackageManagerService.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index fe7c8738af6c..ab6c956c6924 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -25010,11 +25010,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); } if (mExternalSourcesPolicy != null) { int isTrusted = mExternalSourcesPolicy.getPackageTrustedToInstallApps(packageName, uid); - if (isTrusted != PackageManagerInternal.ExternalSourcesPolicy.USER_DEFAULT) { - return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED; - } + return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED; } - return checkUidPermission(appOpPermission, uid) == PERMISSION_GRANTED; + return false; } @Override -- cgit v1.2.3-59-g8ed1b