diff options
author | Christopher Tate <ctate@google.com> | 2013-06-14 13:25:00 -0700 |
---|---|---|
committer | Christopher Tate <ctate@google.com> | 2013-06-14 16:12:26 -0700 |
commit | 320bbe71d34e40f89862b41c53a8a393834f5de7 (patch) | |
tree | 3970560c74c805fbd49d85d1cea88de241c2f783 | |
parent | fcb35c2455c1ac0b89536c4b285b5c66e9f56b84 (diff) | |
download | android_packages_apps_PackageInstaller-320bbe71d34e40f89862b41c53a8a393834f5de7.tar.gz android_packages_apps_PackageInstaller-320bbe71d34e40f89862b41c53a8a393834f5de7.tar.bz2 android_packages_apps_PackageInstaller-320bbe71d34e40f89862b41c53a8a393834f5de7.zip |
Update install-permission logic to use new FLAG_PRIVILEGED
We no longer grant all "signatureOrSystem" type permissions to all apps
bundled on the system partition; there is a build-time grant of
privileged status. The logic for granting install permission now
checks the caller's privileged status, not just its apk location.
Bug 8765951
Change-Id: Ib88f4b0911743bd6bfd3458302fe88518e08ac86
-rw-r--r-- | src/com/android/packageinstaller/PackageInstallerActivity.java | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/com/android/packageinstaller/PackageInstallerActivity.java b/src/com/android/packageinstaller/PackageInstallerActivity.java index afe6e012..478d1f8d 100644 --- a/src/com/android/packageinstaller/PackageInstallerActivity.java +++ b/src/com/android/packageinstaller/PackageInstallerActivity.java @@ -410,8 +410,8 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen try { mSourceInfo = mPm.getApplicationInfo(callerPackage, 0); if (mSourceInfo != null) { - if ((mSourceInfo.flags&ApplicationInfo.FLAG_SYSTEM) != 0) { - // System apps don't need to be approved. + if ((mSourceInfo.flags&ApplicationInfo.FLAG_PRIVILEGED) != 0) { + // Privileged apps don't need to be approved. initiateInstall(); return; } @@ -470,7 +470,7 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen ApplicationInfo sourceInfo = getSourceInfo(); if (sourceInfo != null) { if (uidFromIntent != VerificationParams.NO_UID && - (mSourceInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { + (mSourceInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0) { return uidFromIntent; } @@ -491,7 +491,7 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen } // If we got a uid from the intent, we need to verify that the caller is a - // system package before we use it + // privileged system package before we use it if (uidFromIntent != VerificationParams.NO_UID) { String[] callingPackages = mPm.getPackagesForUid(callingUid); if (callingPackages != null) { @@ -500,7 +500,7 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen ApplicationInfo applicationInfo = mPm.getApplicationInfo(packageName, 0); - if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { + if ((applicationInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0) { return uidFromIntent; } } catch (NameNotFoundException ex) { |