Merge "Add a flag to always do the cert signature check" (262b57ba) · Commits · e / os / android_frameworks_base

cmds/am/src/com/android/commands/am/Am.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -189,6 +189,8 @@ public class Am extends BaseCommand {
		instrument.abi = nextArgRequired();
		} else if (opt.equals("--no-restart")) {
		instrument.noRestart = true;
		} else if (opt.equals("--always-check-signature")) {
		instrument.alwaysCheckSignature = true;
		} else {
		System.err.println("Error: Unknown option: " + opt);
		return;

cmds/am/src/com/android/commands/am/Instrument.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		package com.android.commands.am;

		import static android.app.ActivityManager.INSTR_FLAG_ALWAYS_CHECK_SIGNATURE;
		import static android.app.ActivityManager.INSTR_FLAG_DISABLE_HIDDEN_API_CHECKS;
		import static android.app.ActivityManager.INSTR_FLAG_DISABLE_ISOLATED_STORAGE;
		import static android.app.ActivityManager.INSTR_FLAG_DISABLE_TEST_API_CHECKS;
		@@ -95,6 +96,7 @@ public class Instrument {
		public Bundle args = new Bundle();
		// Required
		public String componentNameArg;
		public boolean alwaysCheckSignature = false;

		/**
		* Construct the instrument command runner.
		@@ -519,6 +521,9 @@ public class Instrument {
		if (noRestart) {
		flags \|= INSTR_FLAG_NO_RESTART;
		}
		if (alwaysCheckSignature) {
		flags \|= INSTR_FLAG_ALWAYS_CHECK_SIGNATURE;
		}
		if (!mAm.startInstrumentation(cn, profileFile, flags, args, watcher, connection, userId,
		abi)) {
		throw new AndroidException("INSTRUMENTATION_FAILED: " + cn.flattenToString());

core/java/android/app/ActivityManager.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -179,6 +179,12 @@ public class ActivityManager {
		* @hide
		*/
		public static final int INSTR_FLAG_NO_RESTART = 1 << 3;
		/**
		* Force the check that instrumentation and the target package are signed with the same
		* certificate even if {@link Build#IS_DEBUGGABLE} is {@code true}.
		* @hide
		*/
		public static final int INSTR_FLAG_ALWAYS_CHECK_SIGNATURE = 1 << 4;

		static final class UidObserver extends IUidObserver.Stub {
		final OnUidImportanceListener mListener;

services/core/java/com/android/server/am/ActivityManagerService.java

+10 −5

Original line number	Diff line number	Diff line
		@@ -24,6 +24,7 @@ import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
		import static android.Manifest.permission.MANAGE_ACTIVITY_TASKS;
		import static android.Manifest.permission.START_ACTIVITIES_FROM_BACKGROUND;
		import static android.Manifest.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND;
		import static android.app.ActivityManager.INSTR_FLAG_ALWAYS_CHECK_SIGNATURE;
		import static android.app.ActivityManager.INSTR_FLAG_DISABLE_HIDDEN_API_CHECKS;
		import static android.app.ActivityManager.INSTR_FLAG_DISABLE_ISOLATED_STORAGE;
		import static android.app.ActivityManager.INSTR_FLAG_DISABLE_TEST_API_CHECKS;
		@@ -14343,14 +14344,18 @@ public class ActivityManagerService extends IActivityManager.Stub
		return false;
		}

		if (!Build.IS_DEBUGGABLE) {
		int match = mContext.getPackageManager().checkSignatures(
		ii.targetPackage, ii.packageName);
		if (match < 0 && match != PackageManager.SIGNATURE_FIRST_NOT_SIGNED) {
		if (Build.IS_DEBUGGABLE && (flags & INSTR_FLAG_ALWAYS_CHECK_SIGNATURE) == 0) {
		Slog.w(TAG, "Instrumentation test " + ii.packageName
		+ " doesn't have a signature matching the target " + ii.targetPackage
		+ ", which would not be allowed on the production Android builds");
		} else {
		String msg = "Permission Denial: starting instrumentation "
		+ className + " from pid="
		+ Binder.getCallingPid()
		+ ", uid=" + Binder.getCallingPid()
		+ ", uid=" + Binder.getCallingUid()
		+ " not allowed because package " + ii.packageName
		+ " does not have a signature matching the target "
		+ ii.targetPackage;