RESTRICT AUTOMERGE: Trust session id only if started with ACTION_CONFIRM_INSTALL
InstallStart was reading sessionInfo whenever the starting intent had
the extra EXTRA_SESSION_ID. This could happen even if an external app
inserted a valid session id into its own REQUEST_INSTALL_PACKAGE intent.
This allows apps to potentially spoof the calling package.
Test: Existing tests pass:
atest GtsPackageInstallTestCases GtsNoPermissionTestCases \
GtsNoPermissionTestCases25
Bug: 112031362
Change-Id: Icdab1deeaf6b0afe7a61709cd87305336c467e33
(cherry picked from commit 8af3d62da1a56d8cc3e7c915516cbc4ce8642099)
diff --git a/src/com/android/packageinstaller/InstallStart.java b/src/com/android/packageinstaller/InstallStart.java
index d06b6f5..4292737 100644
--- a/src/com/android/packageinstaller/InstallStart.java
+++ b/src/com/android/packageinstaller/InstallStart.java
@@ -58,9 +58,14 @@
Intent intent = getIntent();
String callingPackage = getCallingPackage();
+ final boolean isSessionInstall =
+ PackageInstaller.ACTION_CONFIRM_PERMISSIONS.equals(intent.getAction());
+
// If the activity was started via a PackageInstaller session, we retrieve the calling
// package from that session
- int sessionId = intent.getIntExtra(PackageInstaller.EXTRA_SESSION_ID, -1);
+ final int sessionId = (isSessionInstall
+ ? intent.getIntExtra(PackageInstaller.EXTRA_SESSION_ID, -1)
+ : -1);
if (callingPackage == null && sessionId != -1) {
PackageInstaller packageInstaller = getPackageManager().getPackageInstaller();
PackageInstaller.SessionInfo sessionInfo = packageInstaller.getSessionInfo(sessionId);
@@ -103,7 +108,7 @@
nextActivity.putExtra(PackageInstallerActivity.EXTRA_ORIGINAL_SOURCE_INFO, sourceInfo);
nextActivity.putExtra(Intent.EXTRA_ORIGINATING_UID, originatingUid);
- if (PackageInstaller.ACTION_CONFIRM_PERMISSIONS.equals(intent.getAction())) {
+ if (isSessionInstall) {
nextActivity.setClass(this, PackageInstallerActivity.class);
} else {
Uri packageUri = intent.getData();