Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2dd6c622 authored by Ethan Chen's avatar Ethan Chen Committed by Sam Mortimer
Browse files

PackageManager: Add configuration to specify vendor platform signatures 

Devices with split system/vendor images may want to use the OEM's vendor
image. In that case, the OEM's platform signature is not actually the
same as the platform signature used to sign the Lineage system image.
Allow devices to specify an OEM platform signature which will also be
recognized as the system's platform signature.

Change-Id: Ida9bb25a32234af9d9507a214eae6a4672320d2b
parent 69bc2560

services/core/java/com/android/server/pm/PackageManagerService.java

+35 −4
Original line number Diff line number Diff line
@@ -1412,6 +1412,8 @@ public class PackageManagerService extends IPackageManager.Stub 
    private final PackageUsage mPackageUsage = new PackageUsage();

    private final CompilerStats mCompilerStats = new CompilerStats();













    private final Signature[] mVendorPlatformSignatures;



























    class PackageHandler extends Handler {





























        PackageHandler(Looper looper) {










@@ -2384,6 +2386,14 @@ public class PackageManagerService extends IPackageManager.Stub













        }















    }



























    private static Signature[] createSignatures(String[] hexBytes) {













        Signature[] sigs = new Signature[hexBytes.length];













        for (int i = 0; i < sigs.length; i++) {













            sigs[i] = new Signature(hexBytes[i]);













        }













        return sigs;













    }



























    public PackageManagerService(Context context, Installer installer,















            boolean factoryTest, boolean onlyCore) {















        LockGuard.installLock(mPackages, LockGuard.INDEX_PACKAGES);









@@ -2397,6 +2407,9 @@ public class PackageManagerService extends IPackageManager.Stub



























        mContext = context;



























        mVendorPlatformSignatures = createSignatures(context.getResources().getStringArray(













                    org.lineageos.platform.internal.R.array.config_vendorPlatformSignatures));



























        mFactoryTest = factoryTest;















        mOnlyCore = onlyCore;















        mMetrics = new DisplayMetrics();










@@ -9121,6 +9134,19 @@ public class PackageManagerService extends IPackageManager.Stub













        try {















            Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates");















            PackageParser.collectCertificates(pkg, skipVerify);













            if (compareSignatures(pkg.mSigningDetails.signatures,













                  mVendorPlatformSignatures) == PackageManager.SIGNATURE_MATCH) {













                // Overwrite package signature with our platform signature













                // if the signature is the vendor's platform signature













                if (mPlatformPackage != null) {













                    pkg.mSigningDetails = mPlatformPackage.mSigningDetails;













                    pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(













                        pkg,













                        pkg.isPrivileged(),













                        pkg.applicationInfo.targetSandboxVersion,













                        pkg.applicationInfo.targetSdkVersion);













                }













            }















        } catch (PackageParserException e) {















            throw PackageManagerException.from(e);















        } finally {










@@ -9383,7 +9409,8 @@ public class PackageManagerService extends IPackageManager.Stub













                            disabledPkgSetting /* pkgSetting */, null /* disabledPkgSetting */,















                            null /* originalPkgSetting */, null, parseFlags, scanFlags,















                            (pkg == mPlatformPackage), user);













                    applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage);













                    applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage,













                            mVendorPlatformSignatures);















                    final ScanResult scanResult = scanPackageOnlyLI(request, mFactoryTest, -1L);















                    if (scanResult.existingSettingCopied && scanResult.request.pkgSetting != null) {















                        scanResult.request.pkgSetting.updateFrom(scanResult.pkgSetting);










@@ -10958,7 +10985,7 @@ public class PackageManagerService extends IPackageManager.Stub



























        scanFlags = adjustScanFlags(scanFlags, pkgSetting, disabledPkgSetting, user, pkg);















        synchronized (mPackages) {













            applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage);













            applyPolicy(pkg, parseFlags, scanFlags, mPlatformPackage, mVendorPlatformSignatures);















            assertPackageIsValid(pkg, parseFlags, scanFlags);





























            SharedUserSetting sharedUserSetting = null;










@@ -11582,7 +11609,8 @@ public class PackageManagerService extends IPackageManager.Stub













     * ideally be static, but, it requires locks to read system state.















     */















    private static void applyPolicy(PackageParser.Package pkg, final @ParseFlags int parseFlags,













            final @ScanFlags int scanFlags, PackageParser.Package platformPkg) {













            final @ScanFlags int scanFlags, PackageParser.Package platformPkg,













            Signature[] vendorPlatformSignatures) {















        if ((scanFlags & SCAN_AS_SYSTEM) != 0) {















            pkg.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM;















            if (pkg.applicationInfo.isDirectBootAware()) {










@@ -11678,8 +11706,11 @@ public class PackageManagerService extends IPackageManager.Stub



























        // Check if the package is signed with the same key as the platform package.















        if (PLATFORM_PACKAGE_NAME.equals(pkg.packageName) ||













                (platformPkg != null && compareSignatures(













                (platformPkg != null && (compareSignatures(















                        platformPkg.mSigningDetails.signatures,













                        pkg.mSigningDetails.signatures) == PackageManager.SIGNATURE_MATCH) ||













                 compareSignatures(













                        vendorPlatformSignatures,















                        pkg.mSigningDetails.signatures) == PackageManager.SIGNATURE_MATCH)) {















            pkg.applicationInfo.privateFlags |=















                ApplicationInfo.PRIVATE_FLAG_SIGNED_WITH_PLATFORM_KEY;