mirror/fdroidclient
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidclient.git synced 2026-05-19 14:10:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

[app] don't change installer if APK permissions don't match

Browse Source
This commit is contained in:
Torsten Grote
2024-07-12 15:18:39 -03:00
committed by Torsten Grote
parent 1cdcec215d
commit 38fe5f6b3c
2 changed files with 7 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java
View File

@@ -82,11 +82,6 @@ class ApkVerifier {
throw new ApkVerificationException("Apk file has no valid versionCode!");
}
// verify permissions, important for unattended installer
if (!requestedPermissionsEqual(expectedApk.requestedPermissions, localApkInfo.requestedPermissions)) {
throw new ApkPermissionUnequalException("Permissions in APK and index do not match!");
}
int localTargetSdkVersion = localApkInfo.applicationInfo.targetSdkVersion;
int expectedTargetSdkVersion = expectedApk.targetSdkVersion;
Utils.debugLog(TAG, "localTargetSdkVersion: " + localTargetSdkVersion);
@@ -99,6 +94,11 @@ class ApkVerifier {
String.format("TargetSdkVersion of apk file (%d) is not the expected targetSdkVersion (%d)!",
localTargetSdkVersion, expectedTargetSdkVersion));
}
// verify permissions last, used to be important for unattended installer that had no permission prompts
if (!requestedPermissionsEqual(expectedApk.requestedPermissions, localApkInfo.requestedPermissions)) {
throw new ApkPermissionUnequalException("Permissions in APK and index do not match!");
}
}
/**

12
app/src/main/java/org/fdroid/fdroid/installer/Installer.java
View File

@@ -320,16 +320,8 @@ public abstract class Installer {
sendBroadcastInstall(canonicalUri, Installer.ACTION_INSTALL_INTERRUPTED, e.getMessage());
return;
} catch (ApkVerifier.ApkPermissionUnequalException e) {
// if permissions of apk are not the ones listed in the repo
// and an unattended installer is used, a wrong permission screen
// has been shown, thus fallback to AOSP DefaultInstaller!
if (isUnattended()) {
Log.e(TAG, e.getMessage(), e);
Log.e(TAG, "Falling back to AOSP DefaultInstaller!");
DefaultInstaller defaultInstaller = new DefaultInstaller(context, app, apk);
defaultInstaller.installPackageInternal(sanitizedUri, canonicalUri);
return;
}
// permissions of APK are not the ones listed in the repo index
// TODO we could prompt the user if a non-runtime permission we consider dangerous has been added
}
installPackageInternal(sanitizedUri, canonicalUri);