PackageManager: Restrict system packages to protected storage

Don't allow packages signed with the platform key to be installed into user (or app) controlled storage Change-Id: I4dff8a33a9be7e1877812cf821bf6148e03e7bab
progmanos · May 4, 2011 · 5585925 · 5585925
1 parent 5d4bc4e
commit 5585925
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/services/java/com/android/server/PackageManagerService.java b/services/java/com/android/server/PackageManagerService.java
@@ -2902,6 +2902,20 @@ private PackageParser.Package scanPackageLI(PackageParser.Package pkg,
             return null;
         }
 
+        if (!pkg.applicationInfo.sourceDir.startsWith(Environment.getRootDirectory().getPath()) &&
+                !pkg.applicationInfo.sourceDir.startsWith("/vendor")) {
+            Object obj = mSettings.getUserIdLP(1000);
+            Signature[] s1 = null;
+            if (obj instanceof SharedUserSetting) {
+                s1 = ((SharedUserSetting)obj).signatures.mSignatures;
+            }
+            if ((checkSignaturesLP(pkg.mSignatures, s1) == PackageManager.SIGNATURE_MATCH)) {
+                Slog.w(TAG, "Cannot install platform packages to user storage");
+                mLastScanError = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION;
+                return null;
+            }
+        }
+
         // Initialize package source and resource directories
         File destCodeFile = new File(pkg.applicationInfo.sourceDir);
         File destResourceFile = new File(pkg.applicationInfo.publicSourceDir);