Loading services/core/java/com/android/server/pm/PackageManagerService.java +27 −13 Original line number Diff line number Diff line Loading @@ -14926,19 +14926,33 @@ public class PackageManagerService extends IPackageManager.Stub // Verify: if target already has an installer package, it must // be signed with the same cert as the caller. if (targetPackageSetting.installerPackageName != null) { PackageSetting setting = mSettings.mPackages.get( targetPackageSetting.installerPackageName); // If the currently set package isn't valid, then it's always // okay to change it. if (setting != null) { String targetInstallerPackageName = targetPackageSetting.installerPackageName; PackageSetting targetInstallerPkgSetting = targetInstallerPackageName == null ? null : mSettings.mPackages.get(targetInstallerPackageName); if (targetInstallerPkgSetting != null) { if (compareSignatures(callerSignature, setting.signatures.mSigningDetails.signatures) targetInstallerPkgSetting.signatures.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) { throw new SecurityException( "Caller does not have same cert as old installer package " + targetPackageSetting.installerPackageName); + targetInstallerPackageName); } } else if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES) != PackageManager.PERMISSION_GRANTED) { // This is probably an attempt to exploit vulnerability b/150857253 of taking // privileged installer permissions when the installer has been uninstalled or // was never set. EventLog.writeEvent(0x534e4554, "150857253", callingUid, ""); // Backport, use raw SDK value if (getUidTargetSdkVersionLockedLPr(callingUid) > 29) { throw new SecurityException("Neither user " + callingUid + " nor current process has " + Manifest.permission.INSTALL_PACKAGES); } else { // If not targeting >29, fail silently for backwards compatibility return; } } Loading
services/core/java/com/android/server/pm/PackageManagerService.java +27 −13 Original line number Diff line number Diff line Loading @@ -14926,19 +14926,33 @@ public class PackageManagerService extends IPackageManager.Stub // Verify: if target already has an installer package, it must // be signed with the same cert as the caller. if (targetPackageSetting.installerPackageName != null) { PackageSetting setting = mSettings.mPackages.get( targetPackageSetting.installerPackageName); // If the currently set package isn't valid, then it's always // okay to change it. if (setting != null) { String targetInstallerPackageName = targetPackageSetting.installerPackageName; PackageSetting targetInstallerPkgSetting = targetInstallerPackageName == null ? null : mSettings.mPackages.get(targetInstallerPackageName); if (targetInstallerPkgSetting != null) { if (compareSignatures(callerSignature, setting.signatures.mSigningDetails.signatures) targetInstallerPkgSetting.signatures.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) { throw new SecurityException( "Caller does not have same cert as old installer package " + targetPackageSetting.installerPackageName); + targetInstallerPackageName); } } else if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES) != PackageManager.PERMISSION_GRANTED) { // This is probably an attempt to exploit vulnerability b/150857253 of taking // privileged installer permissions when the installer has been uninstalled or // was never set. EventLog.writeEvent(0x534e4554, "150857253", callingUid, ""); // Backport, use raw SDK value if (getUidTargetSdkVersionLockedLPr(callingUid) > 29) { throw new SecurityException("Neither user " + callingUid + " nor current process has " + Manifest.permission.INSTALL_PACKAGES); } else { // If not targeting >29, fail silently for backwards compatibility return; } }
