Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 436e264e authored by dcashman's avatar dcashman
Browse files

Add upgrade KeySets check to permission pruning on install. 

Bug: 16564805
Change-Id: I80393eec3c6e1e861a9ec2ae27fe37027311948d
parent 5ec176dc

services/core/java/com/android/server/pm/PackageManagerService.java

+12 −2
Original line number Diff line number Diff line
@@ -10238,8 +10238,18 @@ public class PackageManagerService extends IPackageManager.Stub { 
                if (bp != null) {

                    // If the defining package is signed with our cert, it's okay.  This

                    // also includes the "updating the same package" case, of course.

                    if (compareSignatures(bp.packageSetting.signatures.mSignatures,

                            pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) {

                    // "updating same package" could also involve key-rotation.

                    final boolean sigsOk;

                    if (!bp.sourcePackage.equals(pkg.packageName)

                            || !(bp.packageSetting instanceof PackageSetting)

                            || !bp.packageSetting.keySetData.isUsingUpgradeKeySets()

                            || ((PackageSetting) bp.packageSetting).sharedUser != null) {

                        sigsOk = compareSignatures(bp.packageSetting.signatures.mSignatures,

                                pkg.mSignatures) != PackageManager.SIGNATURE_MATCH;

                    } else {

                        sigsOk = checkUpgradeKeySetLP((PackageSetting) bp.packageSetting, pkg);

                    }

                    if (!sigsOk) {

                        // If the owning package is the system itself, we log but allow

                        // install to proceed; we fail the install on all other permission

                        // redefinitions.