禁止应用和adb安装APK

Platform: RK3368

OS: Android 6.0

Kernel: 3.10.0

禁止应用和adb安装非平签名的APK,使用adb安装返回“Failure [INSTALL_FAILED_USER_RESTRICTED]”。
使用PackageInstaller安装提示“您的管理员不允许安装来源不明的应用。”

PackageInstaller修改
--- a/src/com/android/packageinstaller/PackageInstallerActivity.java
+++ b/src/com/android/packageinstaller/PackageInstallerActivity.java
@@ -39,6 +39,7 @@ import android.net.Uri;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.SystemClock;
+import android.os.SystemProperties;
 import android.os.UserManager;
 import android.provider.Settings;
 import android.support.v4.view.ViewPager;
@@ -549,7 +550,8 @@ public class PackageInstallerActivity extends Activity implements OnCancelListen
         // and exit. Otherwise show an option to take the user to Settings to change the setting.
         final boolean isManagedProfile = mUserManager.isManagedProfile();
         if (!unknownSourcesAllowedByAdmin
-                || (!unknownSourcesAllowedByUser && isManagedProfile)) {
+                || (!unknownSourcesAllowedByUser && isManagedProfile)
+                || !SystemProperties.getBoolean("ro.pm.unkown_sources_allow", false)) {
             showDialogInner(DLG_ADMIN_RESTRICTS_UNKNOWN_SOURCES);
             mInstallFlowAnalytics.setFlowFinished(
                     InstallFlowAnalytics.RESULT_BLOCKED_BY_UNKNOWN_SOURCES_SETTING);
PackageManagerService修改
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 844e390..a3bb959 100755
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -12449,6 +12449,17 @@ public class PackageManagerService extends IPackageManager.Stub {
             Slog.d(TAG, "manifestDigest was not present, but parser got: " + parsedManifest);
         }

+        // only platform app can install when ro.pm.unkown_sources_allow=false
+        if (!SystemProperties.getBoolean("ro.pm.unkown_sources_allow", false)) {
+            if(compareSignatures(mPlatformPackage.mSignatures, pkg.mSignatures)
+                    != PackageManager.SIGNATURE_MATCH){
+                res.setError(INSTALL_FAILED_USER_RESTRICTED, "disallow unkown sources");
+                return;
+            }else{
+                Slog.d(TAG, tmpPackageFile+" is PlatformPackage");
+            }
+        }
+
         // Get rid of all references to package scan path via parser.
         pp = null;
         String oldCodePath = null;

你可能感兴趣的:(android,rockchip)