Unset INSTALL_DISABLE_VERIFICATION flag if install is not from system
Bug: 138650665
Test: pushed manual privapp that attempts an install
with INSTALL_DISABLE_VERIFICATION flag.
Checked that PackageVerifier was called.
Change-Id: I041d2e5f6d2609bfe9475f24eefb936f0c8e2a32
Merged-In: I041d2e5f6d2609bfe9475f24eefb936f0c8e2a32
(cherry picked from commit bf8e2576f3cf953217cd68ef616d244d250aaef7)
diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java
index 0032e9a..e75f545 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -505,6 +505,11 @@
params.installFlags &= ~PackageManager.INSTALL_REQUEST_DOWNGRADE;
}
+ if (callingUid != Process.SYSTEM_UID) {
+ // Only system_server can use INSTALL_DISABLE_VERIFICATION.
+ params.installFlags &= ~PackageManager.INSTALL_DISABLE_VERIFICATION;
+ }
+
boolean isApex = (params.installFlags & PackageManager.INSTALL_APEX) != 0;
if (params.isStaged || isApex) {
mContext.enforceCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES, TAG);