OP_REQUEST_INSTALL_PACKAGES denied by default

Some system apps may download unknown content and the user should be explicitly asked whether they trust these files. System apps should explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check. Test: Builds, boots, existing tests pass: atest CtsPackageInstallTestCases Locally verified they pass if CtsPackageInstallTestCases.apk was signed by the platform cert. Bug: 123700348 Change-Id: I2578251906f6656b83464d1c4fc4db99165841c9
2019-04-05 16:34:19 -07:00
parent 35ed6c34c7
commit acc75528ff
2 changed files with 2 additions and 15 deletions
--- a/packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java
+++ b/packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java
@@ -43,7 +43,6 @@ import android.content.pm.PackageUserState;
 import android.net.Uri;
 import android.os.Bundle;
 import android.os.Process;
-import android.os.RemoteException;
 import android.os.UserManager;
 import android.provider.Settings;
 import android.util.Log;
@@ -472,16 +471,6 @@ public class PackageInstallerActivity extends AlertActivity {
                mOriginatingUid, mOriginatingPackage);
        switch (appOpMode) {
            case AppOpsManager.MODE_DEFAULT:
-                try {
-                    int result = mIpm.checkUidPermission(
-                            Manifest.permission.REQUEST_INSTALL_PACKAGES, mOriginatingUid);
-                    if (result == PackageManager.PERMISSION_GRANTED) {
-                        initiateInstall();
-                        break;
-                    }
-                } catch (RemoteException exc) {
-                    Log.e(TAG, "Unable to talk to package manager");
-                }
                mAppOpsManager.setMode(appOpCode, mOriginatingUid,
                        mOriginatingPackage, AppOpsManager.MODE_ERRORED);
                // fall through
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -24816,11 +24816,9 @@ public class PackageManagerService extends IPackageManager.Stub
        }
        if (mExternalSourcesPolicy != null) {
            int isTrusted = mExternalSourcesPolicy.getPackageTrustedToInstallApps(packageName, uid);
-            if (isTrusted != PackageManagerInternal.ExternalSourcesPolicy.USER_DEFAULT) {
-                return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED;
-            }
+            return isTrusted == PackageManagerInternal.ExternalSourcesPolicy.USER_TRUSTED;
        }
-        return checkUidPermission(appOpPermission, uid) == PERMISSION_GRANTED;
+        return false;
    }

    @Override