Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10812111 authored by Ethan Chen's avatar Ethan Chen Committed by Paul Keith
Browse files

PackageManager: Add configuration to specify vendor platform signatures 

Devices with split system/vendor images may want to use the OEM's vendor
image. In that case, the OEM's platform signature is not actually the
same as the platform signature used to sign the Lineage system image.
Allow devices to specify an OEM platform signature which will also be
recognized as the system's platform signature.

Change-Id: Ida9bb25a32234af9d9507a214eae6a4672320d2b
parent bec4e525

services/core/java/com/android/server/pm/PackageManagerService.java

+36 −5
Original line number Diff line number Diff line
@@ -1717,6 +1717,8 @@ public class PackageManagerService extends IPackageManager.Stub 
    private final PackageUsage mPackageUsage = new PackageUsage();

    private final CompilerStats mCompilerStats = new CompilerStats();













    private Signature[] mVendorPlatformSignatures = new Signature[0];



























    private final DomainVerificationConnection mDomainVerificationConnection =















            new DomainVerificationConnection();
























@@ -7019,6 +7021,14 @@ public class PackageManagerService extends IPackageManager.Stub













        invalidatePackageInfoCache();















    }



























    private static Signature[] createSignatures(String[] hexBytes) {













        Signature[] sigs = new Signature[hexBytes.length];













        for (int i = 0; i < sigs.length; i++) {













            sigs[i] = new Signature(hexBytes[i]);













        }













        return sigs;













    }



























    public PackageManagerService(Injector injector, boolean onlyCore, boolean factoryTest,















            final String buildFingerprint, final boolean isEngBuild,















            final boolean isUserDebugBuild, final int sdkVersion, final String incrementalVersion) {










@@ -7048,6 +7058,9 @@ public class PackageManagerService extends IPackageManager.Stub













        mInstaller = injector.getInstaller();















        mEnableFreeCacheV2 = SystemProperties.getBoolean("fw.free_cache_v2", true);



























        mVendorPlatformSignatures = createSignatures(mContext.getResources().getStringArray(













                org.lineageos.platform.internal.R.array.config_vendorPlatformSignatures));



























        // Create sub-components that provide services / data. Order here is important.















        t.traceBegin("createSubComponents");
























@@ -11911,6 +11924,20 @@ public class PackageManagerService extends IPackageManager.Stub













            Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates");















            parsedPackage.setSigningDetails(















                    ParsingPackageUtils.getSigningDetails(parsedPackage, skipVerify));













            if (compareSignatures(ParsingPackageUtils.getSigningDetails(













                    parsedPackage, skipVerify).signatures, mVendorPlatformSignatures) ==













                    PackageManager.SIGNATURE_MATCH) {













                // Overwrite package signature with our platform signature













                // if the signature is the vendor's platform signature













                if (mPlatformPackage != null) {













                    parsedPackage.setSigningDetails(ParsingPackageUtils.getSigningDetails(













                            mPlatformPackage, skipVerify));













                    parsedPackage.setSeInfo(SELinuxMMAC.getSeInfo(













                            parsedPackage,













                            parsedPackage.isPrivileged(),













                            parsedPackage.getTargetSdkVersion()));













                }













            }















        } catch (PackageParserException e) {















            throw PackageManagerException.from(e);















        } finally {










@@ -12108,7 +12135,8 @@ public class PackageManagerService extends IPackageManager.Stub













                            null, disabledPkgSetting /* pkgSetting */,















                            null /* disabledPkgSetting */, null /* originalPkgSetting */,















                            null, parseFlags, scanFlags, isPlatformPackage, user, null);













                    applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, true);













                    applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, true,













                            mVendorPlatformSignatures);















                    final ScanResult scanResult =















                            scanPackageOnlyLI(request, mInjector, mFactoryTest, -1L);















                    if (scanResult.existingSettingCopied && scanResult.request.pkgSetting != null) {










@@ -13893,7 +13921,8 @@ public class PackageManagerService extends IPackageManager.Stub













            } else {















                isUpdatedSystemApp = disabledPkgSetting != null;















            }













            applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, isUpdatedSystemApp);













            applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, isUpdatedSystemApp,













                    mVendorPlatformSignatures);















            assertPackageIsValid(parsedPackage, parseFlags, scanFlags);





























            SharedUserSetting sharedUserSetting = null;










@@ -14647,7 +14676,7 @@ public class PackageManagerService extends IPackageManager.Stub













     */















    private static void applyPolicy(ParsedPackage parsedPackage, final @ParseFlags int parseFlags,















            final @ScanFlags int scanFlags, AndroidPackage platformPkg,













            boolean isUpdatedSystemApp) {













            boolean isUpdatedSystemApp, Signature[] vendorPlatformSignatures) {















        if ((scanFlags & SCAN_AS_SYSTEM) != 0) {















            parsedPackage.setSystem(true);















            // TODO(b/135203078): Can this be done in PackageParser? Or just inferred when the flag










@@ -14686,10 +14715,12 @@ public class PackageManagerService extends IPackageManager.Stub













        // Check if the package is signed with the same key as the platform package.















        parsedPackage.setSignedWithPlatformKey(















                (PLATFORM_PACKAGE_NAME.equals(parsedPackage.getPackageName())













                        || (platformPkg != null && compareSignatures(













                        || (platformPkg != null && (compareSignatures(















                        platformPkg.getSigningDetails().signatures,















                        parsedPackage.getSigningDetails().signatures













                ) == PackageManager.SIGNATURE_MATCH))













                ) == PackageManager.SIGNATURE_MATCH) || (compareSignatures(













                        vendorPlatformSignatures, parsedPackage.getSigningDetails().signatures) ==













                        PackageManager.SIGNATURE_MATCH)))















        );





























        if (!parsedPackage.isSystem()) {