Merge "Move signing data into SigningDetails container"

import android.util.Slog;

import android.util.SparseArray;

import android.util.TypedValue;

import android.util.apk.ApkSignatureSchemeV2Verifier;

import android.util.apk.ApkSignatureVerifier;

import android.view.Gravity;

import java.security.KeyFactory;

import java.security.NoSuchAlgorithmException;

import java.security.PublicKey;

import java.security.cert.Certificate;

import java.security.cert.CertificateEncodingException;

import java.security.cert.CertificateException;

import java.security.spec.EncodedKeySpec;

import java.security.spec.InvalidKeySpecException;

import java.security.spec.X509EncodedKeySpec;

    private static final boolean MULTI_PACKAGE_APK_ENABLED = Build.IS_DEBUGGABLE &&

            SystemProperties.getBoolean(PROPERTY_CHILD_PACKAGES_ENABLED, false);

    public static final int APK_SIGNING_UNKNOWN = 0;

    public static final int APK_SIGNING_V1 = 1;

    public static final int APK_SIGNING_V2 = 2;

    private static final float DEFAULT_PRE_O_MAX_ASPECT_RATIO = 1.86f;

    // TODO: switch outError users to PackageParserException

        public final int revisionCode;

        public final int installLocation;

        public final VerifierInfo[] verifiers;

        public final Signature[] signatures;

        public final Certificate[][] certificates;

        public final SigningDetails signingDetails;

        public final boolean coreApp;

        public final boolean debuggable;

        public final boolean multiArch;

        public final boolean extractNativeLibs;

        public final boolean isolatedSplits;

        public ApkLite(String codePath, String packageName, String splitName, boolean isFeatureSplit,

        public ApkLite(String codePath, String packageName, String splitName,

                boolean isFeatureSplit,

                String configForSplit, String usesSplitName, int versionCode, int versionCodeMajor,

                int revisionCode, int installLocation, List<VerifierInfo> verifiers,

                Signature[] signatures, Certificate[][] certificates, boolean coreApp,

                SigningDetails signingDetails, boolean coreApp,

                boolean debuggable, boolean multiArch, boolean use32bitAbi,

                boolean extractNativeLibs, boolean isolatedSplits) {

            this.codePath = codePath;

            this.versionCodeMajor = versionCodeMajor;

            this.revisionCode = revisionCode;

            this.installLocation = installLocation;

            this.signingDetails = signingDetails;

            this.verifiers = verifiers.toArray(new VerifierInfo[verifiers.size()]);

            this.signatures = signatures;

            this.certificates = certificates;

            this.coreApp = coreApp;

            this.debuggable = debuggable;

            this.multiArch = multiArch;

            }

        }

        if ((flags&PackageManager.GET_SIGNATURES) != 0) {

           int N = (p.mSignatures != null) ? p.mSignatures.length : 0;

           if (N > 0) {

                pi.signatures = new Signature[N];

                System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);

            if (p.mSigningDetails.hasSignatures()) {

                int numberOfSigs = p.mSigningDetails.signatures.length;

                pi.signatures = new Signature[numberOfSigs];

                System.arraycopy(p.mSigningDetails.signatures, 0, pi.signatures, 0, numberOfSigs);

            }

        }

        return pi;

            pkg.setVolumeUuid(volumeUuid);

            pkg.setApplicationVolumeUuid(volumeUuid);

            pkg.setBaseCodePath(apkPath);

            pkg.setSignatures(null);

            pkg.setSigningDetails(SigningDetails.UNKNOWN);

            return pkg;

        return pkg;

    }

    public static int getApkSigningVersion(Package pkg) {

        try {

            if (ApkSignatureSchemeV2Verifier.hasSignature(pkg.baseCodePath)) {

                return APK_SIGNING_V2;

            }

            return APK_SIGNING_V1;

        } catch (IOException e) {

        }

        return APK_SIGNING_UNKNOWN;

    }

    /**

     * Populates the correct packages fields with the given certificates.

     * <p>

     * This is useful when we've already processed the certificates [such as during package

     * installation through an installer session]. We don't re-process the archive and

     * simply populate the correct fields.

     */

    public static void populateCertificates(Package pkg, Certificate[][] certificates)

            throws PackageParserException {

        pkg.mCertificates = null;

        pkg.mSignatures = null;

        pkg.mSigningKeys = null;

        pkg.mCertificates = certificates;

        try {

            pkg.mSignatures = ApkSignatureVerifier.convertToSignatures(certificates);

        } catch (CertificateEncodingException e) {

            // certificates weren't encoded properly; something went wrong

            throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,

                    "Failed to collect certificates from " + pkg.baseCodePath, e);

        }

        pkg.mSigningKeys = new ArraySet<>(certificates.length);

        for (int i = 0; i < certificates.length; i++) {

            Certificate[] signerCerts = certificates[i];

            Certificate signerCert = signerCerts[0];

            pkg.mSigningKeys.add(signerCert.getPublicKey());

        }

        // add signatures to child packages

        final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0;

        for (int i = 0; i < childCount; i++) {

            Package childPkg = pkg.childPackages.get(i);

            childPkg.mCertificates = pkg.mCertificates;

            childPkg.mSignatures = pkg.mSignatures;

            childPkg.mSigningKeys = pkg.mSigningKeys;

    /** Parses the public keys from the set of signatures. */

    public static ArraySet<PublicKey> toSigningKeys(Signature[] signatures)

            throws CertificateException {

        ArraySet<PublicKey> keys = new ArraySet<>(signatures.length);

        for (int i = 0; i < signatures.length; i++) {

            keys.add(signatures[i].getPublicKey());

        }

        return keys;

    }

    /**

     * Collect certificates from all the APKs described in the given package,

     * populating {@link Package#mSignatures}. Also asserts that all APK

     * populating {@link Package#mSigningDetails}. Also asserts that all APK

     * contents are signed correctly and consistently.

     */

    public static void collectCertificates(Package pkg, @ParseFlags int parseFlags)

        final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0;

        for (int i = 0; i < childCount; i++) {

            Package childPkg = pkg.childPackages.get(i);

            childPkg.mCertificates = pkg.mCertificates;

            childPkg.mSignatures = pkg.mSignatures;

            childPkg.mSigningKeys = pkg.mSigningKeys;

            childPkg.mSigningDetails = pkg.mSigningDetails;

        }

    }

    private static void collectCertificatesInternal(Package pkg, @ParseFlags int parseFlags)

            throws PackageParserException {

        pkg.mCertificates = null;

        pkg.mSignatures = null;

        pkg.mSigningKeys = null;

        pkg.mSigningDetails = SigningDetails.UNKNOWN;

        Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates");

        try {

            throws PackageParserException {

        final String apkPath = apkFile.getAbsolutePath();

        int minSignatureScheme = ApkSignatureVerifier.VERSION_JAR_SIGNATURE_SCHEME;

        int minSignatureScheme = SigningDetails.SignatureSchemeVersion.JAR;

        if (pkg.applicationInfo.isStaticSharedLibrary()) {

            // must use v2 signing scheme

            minSignatureScheme = ApkSignatureVerifier.VERSION_APK_SIGNATURE_SCHEME_V2;

            minSignatureScheme = SigningDetails.SignatureSchemeVersion.SIGNING_BLOCK_V2;

        }

        ApkSignatureVerifier.Result verified;

        SigningDetails verified;

        if ((parseFlags & PARSE_IS_SYSTEM_DIR) != 0) {

            // systemDir APKs are already trusted, save time by not verifying

            verified = ApkSignatureVerifier.plsCertsNoVerifyOnlyCerts(

            verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);

        }

        if (verified.signatureSchemeVersion

                < ApkSignatureVerifier.VERSION_APK_SIGNATURE_SCHEME_V2) {

                < SigningDetails.SignatureSchemeVersion.SIGNING_BLOCK_V2) {

            // TODO (b/68860689): move this logic to packagemanagerserivce

            if ((parseFlags & PARSE_IS_EPHEMERAL) != 0) {

                throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,

        // Verify that entries are signed consistently with the first pkg

        // we encountered. Note that for splits, certificates may have

        // already been populated during an earlier parse of a base APK.

        if (pkg.mCertificates == null) {

            pkg.mCertificates = verified.certs;

            pkg.mSignatures = verified.sigs;

            pkg.mSigningKeys = new ArraySet<>(verified.certs.length);

            for (int i = 0; i < verified.certs.length; i++) {

                Certificate[] signerCerts = verified.certs[i];

                Certificate signerCert = signerCerts[0];

                pkg.mSigningKeys.add(signerCert.getPublicKey());

            }

        if (pkg.mSigningDetails == SigningDetails.UNKNOWN) {

            pkg.mSigningDetails = verified;

        } else {

            if (!Signature.areExactMatch(pkg.mSignatures, verified.sigs)) {

            if (!Signature.areExactMatch(pkg.mSigningDetails.signatures, verified.signatures)) {

                throw new PackageParserException(

                        INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,

                        apkPath + " has mismatched certificates");

            parser = assets.openXmlResourceParser(cookie, ANDROID_MANIFEST_FILENAME);

            final Signature[] signatures;

            final Certificate[][] certificates;

            final SigningDetails signingDetails;

            if ((flags & PARSE_COLLECT_CERTIFICATES) != 0) {

                // TODO: factor signature related items out of Package object

                final Package tempPkg = new Package((String) null);

                } finally {

                    Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);

                }

                signatures = tempPkg.mSignatures;

                certificates = tempPkg.mCertificates;

                signingDetails = tempPkg.mSigningDetails;

            } else {

                signatures = null;

                certificates = null;

                signingDetails = SigningDetails.UNKNOWN;

            }

            final AttributeSet attrs = parser;

            return parseApkLite(apkPath, parser, attrs, signatures, certificates);

            return parseApkLite(apkPath, parser, attrs, signingDetails);

        } catch (XmlPullParserException | IOException | RuntimeException e) {

            Slog.w(TAG, "Failed to parse " + apkPath, e);

    }

    private static ApkLite parseApkLite(String codePath, XmlPullParser parser, AttributeSet attrs,

            Signature[] signatures, Certificate[][] certificates)

            SigningDetails signingDetails)

            throws IOException, XmlPullParserException, PackageParserException {

        final Pair<String, String> packageSplit = parsePackageSplitNames(parser, attrs);

        return new ApkLite(codePath, packageSplit.first, packageSplit.second, isFeatureSplit,

                configForSplit, usesSplitName, versionCode, versionCodeMajor, revisionCode,

                installLocation, verifiers, signatures, certificates, coreApp, debuggable,

                installLocation, verifiers, signingDetails, coreApp, debuggable,

                multiArch, use32bitAbi, extractNativeLibs, isolatedSplits);

    }

        return true;

    }

    /** A container for signing-related data of an application package. */

    public static final class SigningDetails implements Parcelable {

        @IntDef({SigningDetails.SignatureSchemeVersion.UNKNOWN,

                SigningDetails.SignatureSchemeVersion.JAR,

                SigningDetails.SignatureSchemeVersion.SIGNING_BLOCK_V2,

                SigningDetails.SignatureSchemeVersion.SIGNING_BLOCK_V3})

        public @interface SignatureSchemeVersion {

            int UNKNOWN = 0;

            int JAR = 1;

            int SIGNING_BLOCK_V2 = 2;

            int SIGNING_BLOCK_V3 = 3;

        }

        @Nullable

        public final Signature[] signatures;

        @SignatureSchemeVersion

        public final int signatureSchemeVersion;

        @Nullable

        public final ArraySet<PublicKey> publicKeys;

        /** A representation of unknown signing details. Use instead of null. */

        public static final SigningDetails UNKNOWN =

                new SigningDetails(null, SignatureSchemeVersion.UNKNOWN, null);

        @VisibleForTesting

        public SigningDetails(Signature[] signatures,

                @SignatureSchemeVersion int signatureSchemeVersion,

                ArraySet<PublicKey> keys) {

            this.signatures = signatures;

            this.signatureSchemeVersion = signatureSchemeVersion;

            this.publicKeys = keys;

        }

        public SigningDetails(Signature[] signatures,

                @SignatureSchemeVersion int signatureSchemeVersion)

                throws CertificateException {

            this(signatures, signatureSchemeVersion, toSigningKeys(signatures));

        }

        /** Returns true if the signing details have one or more signatures. */

        public boolean hasSignatures() {

            return signatures != null && signatures.length > 0;

        }

        /** Returns true if the signatures in this and other match exactly. */

        public boolean signaturesMatchExactly(SigningDetails other) {

            return Signature.areExactMatch(this.signatures, other.signatures);

        }

        @Override

        public int describeContents() {

            return 0;

        }

        @Override

        public void writeToParcel(Parcel dest, int flags) {

            boolean isUnknown = UNKNOWN == this;

            dest.writeBoolean(isUnknown);

            if (isUnknown) {

                return;

            }

            dest.writeTypedArray(this.signatures, flags);

            dest.writeInt(this.signatureSchemeVersion);

            dest.writeArraySet(this.publicKeys);

        }

        protected SigningDetails(Parcel in) {

            final ClassLoader boot = Object.class.getClassLoader();

            this.signatures = in.createTypedArray(Signature.CREATOR);

            this.signatureSchemeVersion = in.readInt();

            this.publicKeys = (ArraySet<PublicKey>) in.readArraySet(boot);

        }

        public static final Creator<SigningDetails> CREATOR = new Creator<SigningDetails>() {

            @Override

            public SigningDetails createFromParcel(Parcel source) {

                if (source.readBoolean()) {

                    return UNKNOWN;

                }

                return new SigningDetails(source);

            }

            @Override

            public SigningDetails[] newArray(int size) {

                return new SigningDetails[size];

            }

        };

        @Override

        public boolean equals(Object o) {

            if (this == o) return true;

            if (!(o instanceof SigningDetails)) return false;

            SigningDetails that = (SigningDetails) o;

            if (signatureSchemeVersion != that.signatureSchemeVersion) return false;

            if (!Signature.areExactMatch(signatures, that.signatures)) return false;

            return publicKeys != null ? publicKeys.equals(that.publicKeys)

                    : that.publicKeys == null;

        }

        @Override

        public int hashCode() {

            int result = +Arrays.hashCode(signatures);

            result = 31 * result + signatureSchemeVersion;

            result = 31 * result + (publicKeys != null ? publicKeys.hashCode() : 0);

            return result;

        }

    }

    /**

     * Representation of a full package parsed from APK files on disk. A package

     * consists of a single base APK, and zero or more split APKs.

        public int mSharedUserLabel;

        // Signatures that were read from the package.

        public Signature[] mSignatures;

        public Certificate[][] mCertificates;

        @NonNull public SigningDetails mSigningDetails = SigningDetails.UNKNOWN;

        // For use by package manager service for quick lookup of

        // preferred up order.

        /**

         * Data used to feed the KeySetManagerService

         */

        public ArraySet<PublicKey> mSigningKeys;

        public ArraySet<String> mUpgradeKeySets;

        public ArrayMap<String, ArraySet<PublicKey>> mKeySetMapping;

            }

        }

        public void setSignatures(Signature[] signatures) {

            this.mSignatures = signatures;

        /** Sets signing details on the package and any of its children. */

        public void setSigningDetails(@NonNull SigningDetails signingDetails) {

            mSigningDetails = signingDetails;

            if (childPackages != null) {

                final int packageCount = childPackages.size();

                for (int i = 0; i < packageCount; i++) {

                    childPackages.get(i).mSignatures = signatures;

                    childPackages.get(i).mSigningDetails = signingDetails;

                }

            }

        }

            }

            mSharedUserLabel = dest.readInt();

            mSignatures = (Signature[]) dest.readParcelableArray(boot, Signature.class);

            mCertificates = (Certificate[][]) dest.readSerializable();

            mSigningDetails = dest.readParcelable(boot);

            mPreferredOrder = dest.readInt();

            mTrustedOverlay = (dest.readInt() == 1);

            mCompileSdkVersion = dest.readInt();

            mCompileSdkVersionCodename = dest.readString();

            mSigningKeys = (ArraySet<PublicKey>) dest.readArraySet(boot);

            mUpgradeKeySets = (ArraySet<String>) dest.readArraySet(boot);

            mKeySetMapping = readKeySetMapping(dest);

            dest.writeString(mSharedUserId);

            dest.writeInt(mSharedUserLabel);

            dest.writeParcelableArray(mSignatures, flags);

            dest.writeSerializable(mCertificates);

            dest.writeParcelable(mSigningDetails, flags);

            dest.writeInt(mPreferredOrder);

            dest.writeInt(mTrustedOverlay ? 1 : 0);

            dest.writeInt(mCompileSdkVersion);

            dest.writeString(mCompileSdkVersionCodename);

            dest.writeArraySet(mSigningKeys);

            dest.writeArraySet(mUpgradeKeySets);

            writeKeySetMapping(dest, mKeySetMapping);

            dest.writeString(cpuAbiOverride);

import com.android.internal.os.SomeArgs;

import com.android.internal.util.ArrayUtils;

import com.android.internal.util.XmlUtils;

import com.android.server.pm.permission.BasePermission;

import libcore.io.IoUtils;

import org.xmlpull.v1.XmlPullParser;

            // into account but also allow the value from the old computation to avoid

            // data loss.

            final String[] signaturesSha256Digests = PackageUtils.computeSignaturesSha256Digests(

                    pkg.mSignatures);

                    pkg.mSigningDetails.signatures);

            final String signaturesSha256Digest = PackageUtils.computeSignaturesSha256Digest(

                    signaturesSha256Digests);

            }

            // For backwards compatibility we accept match based on first signature

            if (pkg.mSignatures.length > 1 && currentCookieFile.equals(computeInstantCookieFile(

            if (pkg.mSigningDetails.signatures.length > 1 && currentCookieFile.equals(computeInstantCookieFile(

                    pkg.packageName, signaturesSha256Digests[0], userId))) {

                return;

            }

            // We prefer the modern computation procedure where all certs are taken

            // into account and delete the file derived via the legacy hash computation.

            File newCookieFile = computeInstantCookieFile(pkg.packageName,

                    PackageUtils.computeSignaturesSha256Digest(pkg.mSignatures), userId);

            if (pkg.mSignatures.length > 0) {

                    PackageUtils.computeSignaturesSha256Digest(pkg.mSigningDetails.signatures), userId);

            if (!pkg.mSigningDetails.hasSignatures()) {

                Slog.wtf(LOG_TAG, "Parsed Instant App contains no valid signatures!");

            }

            File oldCookieFile = peekInstantCookieFile(pkg.packageName, userId);

            if (oldCookieFile != null && !newCookieFile.equals(oldCookieFile)) {

                oldCookieFile.delete();

            }

            }

            cancelPendingPersistLPw(pkg, userId);

            addPendingPersistCookieLPw(userId, pkg, cookie, newCookieFile);

            sendMessageDelayed(obtainMessage(userId, pkg),

            throw new PackageManagerException(INSTALL_FAILED_INVALID_APK,

                    "Passed invalid package to keyset validation.");

        }

        ArraySet<PublicKey> signingKeys = pkg.mSigningKeys;

        ArraySet<PublicKey> signingKeys = pkg.mSigningDetails.publicKeys;

        if (signingKeys == null || !(signingKeys.size() > 0) || signingKeys.contains(null)) {

            throw new PackageManagerException(INSTALL_FAILED_INVALID_APK,

                    "Package has invalid signing-key-set.");

        PackageSetting ps = mPackages.get(pkg.packageName);

        Preconditions.checkNotNull(ps, "pkg: " + pkg.packageName

                    + "does not have a corresponding entry in mPackages.");

        addSigningKeySetToPackageLPw(ps, pkg.mSigningKeys);

        addSigningKeySetToPackageLPw(ps, pkg.mSigningDetails.publicKeys);

        if (pkg.mKeySetMapping != null) {

            addDefinedKeySetsToPackageLPw(ps, pkg.mKeySetMapping);

            if (pkg.mUpgradeKeySets != null) {

        long[] upgradeKeySets = oldPS.keySetData.getUpgradeKeySets();

        for (int i = 0; i < upgradeKeySets.length; i++) {

            Set<PublicKey> upgradeSet = getPublicKeysFromKeySetLPr(upgradeKeySets[i]);

            if (upgradeSet != null && newPkg.mSigningKeys.containsAll(upgradeSet)) {

            if (upgradeSet != null && newPkg.mSigningDetails.publicKeys.containsAll(upgradeSet)) {

                return true;

            }

        }