Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4732cb7b authored by Bryan Henry's avatar Bryan Henry
Browse files

Make mismatched signatures for system APKs using shared users fatal

The previous behavior here just skipped installing whichever package(s)
happened to be scanned later, which is race-y, and otherwise was silent.
Promote this to blowing up the system instead so it's very obvious that
something is quite broken, and let Rescue Party handle it.

(From review comments on ag/3967497)

Bug: 74501739
Test: Created release-keys build locally but treated one package
(com.android.mtp) as PRESIGNED so it kept dev-keys.

Change-Id: Ibd04ec988afdf4b57087e20795c8fa5ab5d52e37
parent a39ecad2
Loading
Loading
Loading
Loading
+8 −6
Original line number Diff line number Diff line
@@ -10285,9 +10285,12 @@ public class PackageManagerService extends IPackageManager.Stub
                        compareSignatures(
                            signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,
                            pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {
                        throw new PackageManagerException(
                                INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
                                "Signature mismatch for shared user: " + pkgSetting.sharedUser);
                        // Treat mismatched signatures on system packages using a shared UID as
                        // fatal for the system overall, rather than just failing to install
                        // whichever package happened to be scanned later.
                        throw new IllegalStateException(
                                "Signature mismatch on system package " + pkg.packageName
                                + " for shared user " + pkgSetting.sharedUser);
                    }
                    signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails;
@@ -10298,12 +10301,11 @@ public class PackageManagerService extends IPackageManager.Stub
                        + " signature changed; retaining data.";
                reportSettingsProblem(Log.WARN, msg);
            } catch (IllegalArgumentException e) {
                // should never happen: certs matched when checking, but not when comparing
                // old to new for sharedUser
                throw new PackageManagerException(INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
                throw new RuntimeException(
                        "Signing certificates comparison made on incomparable signing details"
                        + " but somehow passed verifySignatures!");
                        + " but somehow passed verifySignatures!", e);
            }
        }