From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alex Buynytskyy <alexbuy@google.com>
Date: Wed, 20 Dec 2023 01:50:36 +0000
Subject: [PATCH] Disallow system apps to be installed/updated as instant.

Bug: 299441833
Test: atest android.content.pm.cts.PackageManagerTest
(cherry picked from commit 496e78a1951f2ed69290f03c5625c0f8382f4d31)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0d0f185c0d526c1dac0a8894b2c2f2e378328d73)
Merged-In: Idd89a6dd72f0e68259095f677185f0494391025c
Change-Id: Idd89a6dd72f0e68259095f677185f0494391025c
---
 .../core/java/com/android/server/pm/PackageManagerService.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 25f70b23e68f..893268da7f36 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -14291,6 +14291,9 @@ public class PackageManagerService extends IPackageManager.Stub
                 if (pkgSetting == null) {
                     return PackageManager.INSTALL_FAILED_INVALID_URI;
                 }
+                if (instantApp && (pkgSetting.isSystem() || isUpdatedSystemApp(pkgSetting))) {
+                    return PackageManager.INSTALL_FAILED_INVALID_URI;
+                }
                 if (!canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
                     // only allow the existing package to be used if it's installed as a full
                     // application for at least one user