Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 26e383f6 authored by Michael Groover's avatar Michael Groover
Browse files

Revert "[automerge] [DO NOT MERGE]Revert "Relax minimum signatur..." 

Revert "[DO NOT MERGE]Revert "Relax minimum signature scheme ver..."

Revert submission 16943318-presubmit-am-bc566b73c1674298b82a1153c03313a1

Reason for revert: This change breaks Better Bug.
Reverted Changes:
I32a2db8c7:[automerge] [DO NOT MERGE]Revert "Relax minimum si...
Ic53d2a361:[DO NOT MERGE]Revert "Relax minimum signature sche...

Change-Id: I847740b01073d4a7adde1e7b80243cd98cf2e722
parent 659d441a

core/java/android/content/pm/PackageParser.java

+4 −2
Original line number Diff line number Diff line
@@ -1401,9 +1401,11 @@ public class PackageParser { 
        }

        SigningDetails verified;

        if (skipVerify) {

            // systemDir APKs are already trusted, save time by not verifying

            // systemDir APKs are already trusted, save time by not verifying; since the signature

            // is not verified and some system apps can have their V2+ signatures stripped allow

            // pulling the certs from the jar signature.

            verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        apkPath, minSignatureScheme);

                        apkPath, SigningDetails.SignatureSchemeVersion.JAR);

        } else {

            verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);

        }

core/java/android/content/pm/parsing/ParsingPackageUtils.java

+4 −2
Original line number Diff line number Diff line
@@ -3038,9 +3038,11 @@ public class ParsingPackageUtils { 
        SigningDetails verified;

        try {

            if (skipVerify) {

                // systemDir APKs are already trusted, save time by not verifying

                // systemDir APKs are already trusted, save time by not verifying; since the

                // signature is not verified and some system apps can have their V2+ signatures

                // stripped allow pulling the certs from the jar signature.

                verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        baseCodePath, minSignatureScheme);

                        baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);

            } else {

                verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);

            }

services/core/java/com/android/server/pm/PackageManagerService.java

+11 −9
Original line number Diff line number Diff line
@@ -15175,8 +15175,9 @@ public class PackageManagerService extends IPackageManager.Stub 
                }

            }













            // Ensure the package is signed with at least the minimum signature scheme version













            // required for its target SDK.













            // If the package is not on a system partition ensure it is signed with at least the













            // minimum signature scheme version required for its target SDK.













            if ((parseFlags & ParsingPackageUtils.PARSE_IS_SYSTEM_DIR) == 0) {















                int minSignatureSchemeVersion =















                        ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(















                                pkg.getTargetSdkVersion());









@@ -15187,6 +15188,7 @@ public class PackageManagerService extends IPackageManager.Stub













                }















            }















        }













    }





























    @GuardedBy("mLock")















    private boolean addBuiltInSharedLibraryLocked(SystemConfig.SharedLibraryEntry entry) {