applications – How to whitelist Android apps in Packagemanager to be installable for Android 10/11?

Anyone know how to create a system/etc/whitelist.xml file to feed into the PMS code of the below patch for Android 10/11?

All apps inside the whitelist.xml file should be installable by Package manager. Apps not inside the whitelist should be blocked from being installed.

Eg. How to allow Chrome to be installed – com.android.chrome. Also is there a way to add the app package names directly in the code without using an external file?

I found it on a Chinese site.

    diff --git a/frameworks/base/core/java/android/content/pm/IPackageManager.aidl b/frameworks/base/core/java/android/content/pm/IPackageManager.aidl

old mode 100644

new mode 100755

index a369cc89a3..90fafe5a8f

--- a/frameworks/base/core/java/android/content/pm/IPackageManager.aidl

+++ b/frameworks/base/core/java/android/content/pm/IPackageManager.aidl

@@ -798,4 +798,7 @@ interface IPackageManager {

     */

     int restoreAppData(String sourceDir, String pkgName);

    /* @} */

+   
+       void setInstallPackageWhiteList(in List<String> packageNames);
+       List<String> getInstallPackageWhiteList();

 }


2.在PMS中实现接口

diff --git a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

index 45289f2e39..6727b10e35 100755

--- a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

+++ b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

@@ -111,7 +111,13 @@ import static com.android.server.pm.PackageManagerServiceUtils.getCompressedFile

 import static com.android.server.pm.PackageManagerServiceUtils.getLastModifiedTime;

 import static com.android.server.pm.PackageManagerServiceUtils.logCriticalInfo;

 import static com.android.server.pm.PackageManagerServiceUtils.verifySignatures;

-
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.LineNumberReader;
+import java.io.PrintWriter;

 import android.Manifest;

 import android.annotation.IntDef;

 import android.annotation.NonNull;

@@ -2141,7 +2147,16 @@ public class PackageManagerService extends PackageManagerServiceExAbs

             }

         }

     }

-
+       private List<String> installwhitepackageNames;
+           @Override
+    public void setInstallPackageWhiteList( List<String> packageNames) {
+               this.installwhitepackageNames=packageNames;
+    }
+       
+       @Override
+    public List<String> getInstallPackageWhiteList(){
+               return this.installwhitepackageNames;
+    }

     private void notifyInstallObserver(String packageName) {

         Pair<PackageInstalledInfo, IPackageInstallObserver2> pair =

                 mNoKillInstallObservers.remove(packageName);


    无论是pm安装或者是 代码安装 都会走preparePackageLI 所以在这里添加判断包名是否在白名单即可

@@ -17482,7 +17497,13 @@ public class PackageManagerService extends PackageManagerServiceExAbs

 @GuardedBy("mInstallLock")
    private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
            throws PrepareFailure {      try {
            // either use what we've been given or parse directly from the APK
            if (args.signingDetails != PackageParser.SigningDetails.UNKNOWN) {
                pkg.setSigningDetails(args.signingDetails);
            } else {
                PackageParser.collectCertificates(pkg, false /* skipVerify */);
            }
        } catch (PackageParserException e) {
            throw new PrepareFailure("Failed collect during installPackageLI", e);
        }

-
+               if(!isWhiteListApp(pkg.packageName)){
+            Log.d("TAG","--isWhiteListApp--");
+                       
+                       throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
+                    "app is not in the whitelist. packageName");
+           
+        }

         if (instantApp && pkg.mSigningDetails.signatureSchemeVersion

                 < SignatureSchemeVersion.SIGNING_BLOCK_V2) {

             Slog.w(TAG, "Instant app package " + pkg.packageName

@@ -18039,7 +18060,21 @@ public class PackageManagerService extends PackageManagerServiceExAbs

             }

         }

     }

+    private boolean isWhiteListApp(String packagename){

 

+               if(this.installwhitepackageNames ==null || this.installwhitepackageNames.size()==0){

+                       return true;
+               }
+               
+        Iterator<String> it = this.installwhitepackageNames.iterator();
+        while (it.hasNext()) {
+            String whitelistItem = it.next();

+            if (whitelistItem.equals(packagename)) {
+                return true;
+            }
+        }
+        return false;
+    }