Remove the resolved path of session's APK from user confirmation intent
Intent sent to the user for install confirmation includes the resolved
path of the session's base apk. A malicious app can modify this path, resulting in the installer activity to show a different app icon and label in the confirmation dialog.
To fix this, expose a @hide API for getting the resolved path and
permission protect it with a privileged permission.
Since @hide API is used, have PackageInstaller app depend on platform_apis
Bug: 269728874
Bug: 279028637
Test: Adding a @hide API in UDC. No CTS test required for the API. Performed manual test by installing an apk and verifying UI elements of the installation dialog.
Test: Test: atest CtsPackageInstallTestCases:SessionTest (To verify contents of user confirmation intent)
Merged-In: Ibe7fe3ab5e74e3e910d9f7bd5b6f3f2e3c0ca658
Change-Id: Ibe7fe3ab5e74e3e910d9f7bd5b6f3f2e3c0ca658
(cherry picked from commit 7623ac966ee0a8fd94925f14527565325ee9dbd8)
diff --git a/packages/PackageInstaller/Android.bp b/packages/PackageInstaller/Android.bp
index fd982f5..6ecd328 100644
--- a/packages/PackageInstaller/Android.bp
+++ b/packages/PackageInstaller/Android.bp
@@ -39,8 +39,7 @@
certificate: "platform",
privileged: true,
- platform_apis: false,
- sdk_version: "system_current",
+ platform_apis: true,
rename_resources_package: false,
static_libs: [
"xz-java",
@@ -57,8 +56,7 @@
certificate: "platform",
privileged: true,
- platform_apis: false,
- sdk_version: "system_current",
+ platform_apis: true,
rename_resources_package: false,
overrides: ["PackageInstaller"],
@@ -77,8 +75,7 @@
certificate: "platform",
privileged: true,
- platform_apis: false,
- sdk_version: "system_current",
+ platform_apis: true,
rename_resources_package: false,
overrides: ["PackageInstaller"],