diff options
| author | Ethan Chen <intervigil@gmail.com> | 2020-09-10 22:00:17 -0700 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2022-05-02 09:56:20 +0800 |
| commit | b07e75c37b40446289645961aac7c8bc23cf5eb2 (patch) | |
| tree | 2ce8cb055330eb5c5f9c5ea895dcc28cc5cfd23a /services | |
| parent | 693e3ed1302539128208cb98fa46a2f91f28b7ba (diff) | |
PackageManager: Add configuration to specify vendor platform signatures
Devices with split system/vendor images may want to use the OEM's vendor
image. In that case, the OEM's platform signature is not actually the
same as the platform signature used to sign the Lineage system image.
Allow devices to specify an OEM platform signature which will also be
recognized as the system's platform signature.
Change-Id: Ida9bb25a32234af9d9507a214eae6a4672320d2b
Diffstat (limited to 'services')
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 6b9ba1577dd4..2d16f7430dc3 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -1730,6 +1730,8 @@ public class PackageManagerService extends IPackageManager.Stub private final PackageUsage mPackageUsage = new PackageUsage(); private final CompilerStats mCompilerStats = new CompilerStats(); + private Signature[] mVendorPlatformSignatures = new Signature[0]; + private final DomainVerificationConnection mDomainVerificationConnection = new DomainVerificationConnection(); @@ -7271,6 +7273,14 @@ public class PackageManagerService extends IPackageManager.Stub Watchable.verifyWatchedAttributes(this, mWatcher, !(mIsEngBuild || mIsUserDebugBuild)); } + private static Signature[] createSignatures(String[] hexBytes) { + Signature[] sigs = new Signature[hexBytes.length]; + for (int i = 0; i < sigs.length; i++) { + sigs[i] = new Signature(hexBytes[i]); + } + return sigs; + } + /** * A extremely minimal constructor designed to start up a PackageManagerService instance for * testing. @@ -7396,6 +7406,9 @@ public class PackageManagerService extends IPackageManager.Stub mInstaller = injector.getInstaller(); mEnableFreeCacheV2 = SystemProperties.getBoolean("fw.free_cache_v2", true); + mVendorPlatformSignatures = createSignatures(mContext.getResources().getStringArray( + com.android.internal.R.array.config_vendorPlatformSignatures)); + t.traceBegin("readListOfPackagesToBeDisabled"); readListOfPackagesToBeDisabled(); t.traceEnd(); @@ -12158,6 +12171,20 @@ public class PackageManagerService extends IPackageManager.Stub Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates"); parsedPackage.setSigningDetails( ParsingPackageUtils.getSigningDetails(parsedPackage, skipVerify)); + if (compareSignatures(ParsingPackageUtils.getSigningDetails( + parsedPackage, skipVerify).signatures, mVendorPlatformSignatures) == + PackageManager.SIGNATURE_MATCH) { + // Overwrite package signature with our platform signature + // if the signature is the vendor's platform signature + if (mPlatformPackage != null) { + parsedPackage.setSigningDetails(ParsingPackageUtils.getSigningDetails( + mPlatformPackage, skipVerify)); + parsedPackage.setSeInfo(SELinuxMMAC.getSeInfo( + parsedPackage, + parsedPackage.isPrivileged(), + parsedPackage.getTargetSdkVersion())); + } + } } catch (PackageParserException e) { throw PackageManagerException.from(e); } finally { @@ -12355,7 +12382,8 @@ public class PackageManagerService extends IPackageManager.Stub null, disabledPkgSetting /* pkgSetting */, null /* disabledPkgSetting */, null /* originalPkgSetting */, null, parseFlags, scanFlags, isPlatformPackage, user, null); - applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, true); + applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, true, + mVendorPlatformSignatures); final ScanResult scanResult = scanPackageOnlyLI(request, mInjector, mFactoryTest, -1L); if (scanResult.existingSettingCopied && scanResult.request.pkgSetting != null) { @@ -14135,7 +14163,8 @@ public class PackageManagerService extends IPackageManager.Stub } else { isUpdatedSystemApp = disabledPkgSetting != null; } - applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, isUpdatedSystemApp); + applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, isUpdatedSystemApp, + mVendorPlatformSignatures); assertPackageIsValid(parsedPackage, parseFlags, scanFlags); SharedUserSetting sharedUserSetting = null; @@ -14889,7 +14918,7 @@ public class PackageManagerService extends IPackageManager.Stub */ private static void applyPolicy(ParsedPackage parsedPackage, final @ParseFlags int parseFlags, final @ScanFlags int scanFlags, AndroidPackage platformPkg, - boolean isUpdatedSystemApp) { + boolean isUpdatedSystemApp, Signature[] vendorPlatformSignatures) { if ((scanFlags & SCAN_AS_SYSTEM) != 0) { parsedPackage.setSystem(true); // TODO(b/135203078): Can this be done in PackageParser? Or just inferred when the flag @@ -14928,10 +14957,12 @@ public class PackageManagerService extends IPackageManager.Stub // Check if the package is signed with the same key as the platform package. parsedPackage.setSignedWithPlatformKey( (PLATFORM_PACKAGE_NAME.equals(parsedPackage.getPackageName()) - || (platformPkg != null && compareSignatures( + || (platformPkg != null && (compareSignatures( platformPkg.getSigningDetails().signatures, parsedPackage.getSigningDetails().signatures - ) == PackageManager.SIGNATURE_MATCH)) + ) == PackageManager.SIGNATURE_MATCH) || (compareSignatures( + vendorPlatformSignatures, parsedPackage.getSigningDetails().signatures) == + PackageManager.SIGNATURE_MATCH))) ); if (!parsedPackage.isSystem()) { |