It is allowed to install a package via a "package" URI. This means that
if a package with the same name is already installed (for any user), please
(re-)install it for the current user.
This was broken as mPackageURI.getPath() does not work for such package
URIs. This call is only needed when we need to show UI, but for package
URIs we don't even new UI, hence we can move it for the "content" path.
Test: atest CtsPackageInstallTestCases
Bug: 117768093
Change-Id: I58d3abde22ae0a77aabe5068680fd0148d799776
Some system apps may download unknown content and the user should
be explicitly asked whether they trust these files. System apps should
explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check.
Test: Builds, boots, existing tests pass:
atest CtsPackageInstallTestCases
Locally verified they pass if CtsPackageInstallTestCases.apk was signed by
the platform cert.
Bug: 123700348
Change-Id: I2578251906f6656b83464d1c4fc4db99165841c9
This change adds a mechanism for restricting permissions (only runtime
for now), so that an app cannot hold the permission if it is not white
listed. The whitelisting can happen at install or at any later point.
There are three whitelists: system: OS managed with default grants
and role holders being on it; upgrade: only OS puts on this list
apps when upgrading from a pre to post restriction permission database
version and OS and installer on record can remove; installer: only
the installer on record can add and remove (and the system of course).
Added a permission policy service that sits on top of permissions
and app ops and is responsible to sync between permissions and app
ops when there is an interdependecy in any direction.
Added versioning to the runtime permissions database to allow operations
that need to be done once on upgrade such as adding all permissions held
by apps pre upgrade to the upgrade whitelist if the new permisison version
inctroduces a new restricted permission. The upgrade logic is in the
permission controller and we will eventually put the default grants there.
NOTE: This change is reacting to a VP feedback for how we would handle
SMS/CallLog restriction as we pivoted from role based approach to roles
for things the user would understand plus whitelist for everything else.
This would also help us roll out softly the storage permisison as there
is too much churm coming from developer feedback.
Exempt-From-Owner-Approval: trivial change due to APi adjustment
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest RoleManagerTestCases
bug:124769181
Change-Id: Ic48e3c728387ecf02f89d517ba1fe785ab9c75fd
We've messaged since the N release that file:// Uris are going away,
and we've been crashing those apps via StrictMode for many years.
The broader storage changes in Q mean it's finally a good time to say
we only handle content:// items.
Bug: 123212933
Test: none
Change-Id: I69a791468c4bcf45b0022cf52264e78f94bfdeae
Obtain the correct admin and dialog information when a restriction prevents the
user from installing apps from unknown sources.
Bug: 118881180
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I8112aaca64f85d421ee1029edc5c47909e31f12f
This reverts commit 38ea50c63e8a031a6430d26b1f5b561402007243.
Revert and clean up merge conflicts. The checkbox which asks
to remove app data is still here
Fixes:112002130
Test: Build and check that the correct box is gone
atest CtsPackageUninstallTestCases
Change-Id: I47d8632d2fca360c02151ad54a4b927a5c2801f1
If an app declares that is has flagile user data, all the user to choose
to keep the app-data on uninstall.
Test: Unistalled apps that set the new flag and app that did not.
Verified that the KEEP_DATA flag was set when checkbox was
clicked.
Change-Id: I032fb21854352bbc175934ae5eb68a1430b1d403
Fixes: 117578306
Apps might have contributed files. During uninstall the files are
usually left on the system. To avoid filling up the storage we allow the
user to delete the files during uninstall.
Bug: 112002130
Test: Uninstalled an app that contributed files
Change-Id: I7e71ed524055bdda91ce9e66f995540363ceb229
I am not sure if .bp files already allow creating google-signed variations, hence go back to .mk file.
Test: Built + Booted on taimen-eng
Change-Id: I4b413d18eec07a1f84050693a7b8a97b51fa3270
and "install app notification"
Bug: 111214100
Test: CTS test will be submitted with flag enabling commit
Change-Id: I604d75dc48e09039619f571d418a700106cbdd5d
Bug: 114719061
Test: builds, installed the app and verified visually
TL;DR;; when main icon is rendered, there's no guarantee that the icon
will be rendered in 48dp view. For the inset to be applied proportionally,
percentage should be used instead of static dp unit.
Change-Id: Iacfcf7a5a2aa430c70c5db7c803267cf7eb5ad45
InstallStart was reading sessionInfo whenever the starting intent had
the extra EXTRA_SESSION_ID. This could happen even if an external app
inserted a valid session id into its own REQUEST_INSTALL_PACKAGE intent.
This allows apps to potentially spoof the calling package.
Test: Existing tests pass:
atest GtsPackageInstallTestCases GtsNoPermissionTestCases \
GtsNoPermissionTestCases25
Bug: 112031362
Change-Id: Icdab1deeaf6b0afe7a61709cd87305336c467e33
Also add a special API to set them. Internally they are still just
regular private flags
Test: Built
Bug: 116798569
Change-Id: I687b751fa18c7fbcc9bf95aa44d94d8a5614a88f
The android.content.pm.PackageInstaller install + uninstall APIs are
fully functional. No need to try to keep the intent based APIs
feature compatible.
In the future we will be able to restrict app targeting old targetSDK
levels from using the intent-based API. Even further in the future we
can radically simplify the package installer app.
Fixes: 116616700
Test: Built
Change-Id: Ia225d70fbee3fa31a3c1de388dcb05ff1063dccd
This adds a new framework user restriction that can be used by the DPC
to block installs from unknown sources on all profiles of a device.
Test: Manual test, disallowing installs in TestDPC disables installing
unknown sources apps.
Bug: 111335021
Change-Id: Ib9fb672c5e5dea2ac63bf8cbd1b04484b12b4056
