Restrict the getter of where the app launched from

It may reveal the package name and user behavior. Though the methods
are hidden, the app can still bypass the guard of hidden api and
use reflection to invoke the methods.

Currently the methods are only used by system, Settings, Nfc, SystemUI,
CertInstaller and PackageInstaller. So by enforcing platform signature,
most of cases are protected. Except PackageInstaller can be signed with
different key, hence there is a special case to check it.

Bug: 191954233
Test: Use reflection to call the methods from an app without
      platform signature.
Change-Id: I69a1774e8db63baca4e0d05c238911208b4cd1e9
1 file changed