Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24fd285d authored by Michael Groover's avatar Michael Groover Committed by Automerger Merge Worker
Browse files

Merge "Relax minimum signature scheme version for apps on system partition"... 

Merge "Relax minimum signature scheme version for apps on system partition" into rvc-dev am: 67cb3a61

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11885723

Change-Id: I4917c6ff4dee4850f31c77731c8694544cab2b1c
parents fb6735d0 67cb3a61

core/java/android/content/pm/PackageParser.java

+4 −2
Original line number Diff line number Diff line
@@ -1377,9 +1377,11 @@ public class PackageParser { 
        }

        SigningDetails verified;

        if (skipVerify) {

            // systemDir APKs are already trusted, save time by not verifying

            // systemDir APKs are already trusted, save time by not verifying; since the signature

            // is not verified and some system apps can have their V2+ signatures stripped allow

            // pulling the certs from the jar signature.

            verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        apkPath, minSignatureScheme);

                        apkPath, SigningDetails.SignatureSchemeVersion.JAR);

        } else {

            verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);

        }

core/java/android/content/pm/parsing/ParsingPackageUtils.java

+4 −2
Original line number Diff line number Diff line
@@ -2748,9 +2748,11 @@ public class ParsingPackageUtils { 
        SigningDetails verified;

        try {

            if (skipVerify) {

                // systemDir APKs are already trusted, save time by not verifying

                // systemDir APKs are already trusted, save time by not verifying; since the

                // signature is not verified and some system apps can have their V2+ signatures

                // stripped allow pulling the certs from the jar signature.

                verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        baseCodePath, minSignatureScheme);

                        baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);

            } else {

                verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);

            }

services/core/java/com/android/server/pm/PackageManagerService.java

+11 −9
Original line number Diff line number Diff line
@@ -12148,8 +12148,9 @@ public class PackageManagerService extends IPackageManager.Stub 
                }

            }













            // Ensure the package is signed with at least the minimum signature scheme version













            // required for its target SDK.













            // If the package is not on a system partition ensure it is signed with at least the













            // minimum signature scheme version required for its target SDK.













            if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) {















                int minSignatureSchemeVersion =















                        ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(















                                pkg.getTargetSdkVersion());









@@ -12160,6 +12161,7 @@ public class PackageManagerService extends IPackageManager.Stub













                }















            }















        }













    }





























    @GuardedBy("mLock")















    private boolean addBuiltInSharedLibraryLocked(String path, String name) {