Disallow device admin package and protected packages to be reinstalled as instant.
We should prevent the following types of apps from being reinstalled with
--install-existing as an instant.
(1)device admin package
(2)protected packages
Flag: EXEMPT bugfix
Bug: 341256043
Test: atest android.content.pm.cts.PackageManagerTest
Test: Manual test
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:12b2fd162c91441ea89517cf9e2359ef6aea9f82)
Merged-In: I30244cf18aa6522361f13a1d2119ac5847939ddd
Change-Id: I30244cf18aa6522361f13a1d2119ac5847939ddd
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index f26a9f8..6ae78343 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -660,6 +660,9 @@
(installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
final boolean fullApp =
(installFlags & PackageManager.INSTALL_FULL_APP) != 0;
+ final boolean isPackageDeviceAdmin = mPm.isPackageDeviceAdmin(packageName, userId);
+ final boolean isProtectedPackage = mPm.mProtectedPackages != null
+ && mPm.mProtectedPackages.isPackageStateProtected(userId, packageName);
// writer
synchronized (mPm.mLock) {
@@ -668,7 +671,8 @@
if (pkgSetting == null || pkgSetting.getPkg() == null) {
return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
}
- if (instantApp && (pkgSetting.isSystem() || pkgSetting.isUpdatedSystemApp())) {
+ if (instantApp && (pkgSetting.isSystem() || pkgSetting.isUpdatedSystemApp()
+ || isPackageDeviceAdmin || isProtectedPackage)) {
return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
}
if (!snapshot.canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
