[RESTRICT AUTOMERGE] Prevent installing apps in policy restricted work profile using ADB
If DISALLOW_DEBUGGING_FEATURES or DISALLOW_INSTALL_APPS restrictions are
set on a work profile, prevent side loading of APKs using ADB in the
work profile.
Bug: 257443065
Test: atest CtsPackageInstallTestCases:UserRestrictionInstallTest
(cherry picked from commit febe3918020a94b2af48ade98eb6a49cdd4a3bdf)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b988a09db551d9a8b2aeb0e8eb88e610605709e8)
Merged-In: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
Change-Id: I169a1f72c84528ca606b6a4da165d4fbcd02b08d
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index c32a57c..2597011 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -2093,9 +2093,25 @@
// The caller explicitly specified INSTALL_ALL_USERS flag.
// Thus, updating the settings to install the app for all users.
for (int currentUserId : allUsers) {
- ps.setInstalled(true, currentUserId);
- ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, userId,
- installerPackageName);
+ // If the app is already installed for the currentUser,
+ // keep it as installed as we might be updating the app at this place.
+ // If not currently installed, check if the currentUser is restricted by
+ // DISALLOW_INSTALL_APPS or DISALLOW_DEBUGGING_FEATURES device policy.
+ // Install / update the app if the user isn't restricted. Skip otherwise.
+ final boolean installedForCurrentUser = ArrayUtils.contains(
+ installedForUsers, currentUserId);
+ final boolean restrictedByPolicy =
+ mPm.isUserRestricted(currentUserId,
+ UserManager.DISALLOW_INSTALL_APPS)
+ || mPm.isUserRestricted(currentUserId,
+ UserManager.DISALLOW_DEBUGGING_FEATURES);
+ if (installedForCurrentUser || !restrictedByPolicy) {
+ ps.setInstalled(true, currentUserId);
+ ps.setEnabled(COMPONENT_ENABLED_STATE_DEFAULT, currentUserId,
+ installerPackageName);
+ } else {
+ ps.setInstalled(false, currentUserId);
+ }
}
}