Add update packages permission This subset of INSTALL_PACKAGES allows a privileged application to install updates to existing applications but not install new applications. When combined with INSTALL_SELF_UPDATES this allows privileged apps to be granted finely scoped install privileges based on their intended usage instead of the more broad INSTALL_PACKAGES permission. Test: WIP Bug: 68731532 Change-Id: Ifbb6f5a18d9e8ff06270fd79ed031b99242c6fa3

commit: adcb5222266a19ee55a1ef6acd45892164084153 [log] [tgz]
author: Chad Brubaker <cbrubaker@google.com> Thu Jan 11 14:22:15 2018 -0800
committer: Chad Brubaker <cbrubaker@google.com> Thu Jan 11 14:22:15 2018 -0800
tree: 5635587b1bca90db10584e6558c71c731a772103
parent: 5fd1c97e34e54cd74c304cacf5c3ccdaaa7a7e13 [diff] [blame]
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 6b89489..79fc965 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -2813,6 +2813,14 @@
     <permission android:name="android.permission.INSTALL_SELF_UPDATES"
         android:protectionLevel="signature|privileged" />
 
+    <!-- @SystemApi Allows an application to install updates. This is a limited version
+         of {@link android.Manifest.permission#INSTALL_PACKAGES}.
+        <p>Not for use by third-party applications.
+        @hide
+    -->
+    <permission android:name="android.permission.INSTALL_PACKAGE_UPDATES"
+        android:protectionLevel="signature|privileged" />
+
     <!-- @SystemApi Allows an application to clear user data.
          <p>Not for use by third-party applications
          @hide
commit	adcb5222266a19ee55a1ef6acd45892164084153	[log] [tgz]
author	Chad Brubaker <cbrubaker@google.com>	Thu Jan 11 14:22:15 2018 -0800
committer	Chad Brubaker <cbrubaker@google.com>	Thu Jan 11 14:22:15 2018 -0800
tree	5635587b1bca90db10584e6558c71c731a772103
parent	5fd1c97e34e54cd74c304cacf5c3ccdaaa7a7e13 [diff] [blame]