Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 659d441a authored by Presubmit Automerger Backend's avatar Presubmit Automerger Backend
Browse files

[automerge] [DO NOT MERGE]Revert "Relax minimum signature scheme version for... 

[automerge] [DO NOT MERGE]Revert "Relax minimum signature scheme version for apps on system partition" 2p: 3c36fd5f

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/16943318

Change-Id: I32a2db8c788ce4a25cdfb0871b725959caacd3ad
parents aed366dc 3c36fd5f

core/java/android/content/pm/PackageParser.java

+2 −4
Original line number Diff line number Diff line
@@ -1401,11 +1401,9 @@ public class PackageParser { 
        }

        SigningDetails verified;

        if (skipVerify) {

            // systemDir APKs are already trusted, save time by not verifying; since the signature

            // is not verified and some system apps can have their V2+ signatures stripped allow

            // pulling the certs from the jar signature.

            // systemDir APKs are already trusted, save time by not verifying

            verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        apkPath, SigningDetails.SignatureSchemeVersion.JAR);

                        apkPath, minSignatureScheme);

        } else {

            verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);

        }

core/java/android/content/pm/parsing/ParsingPackageUtils.java

+2 −4
Original line number Diff line number Diff line
@@ -3038,11 +3038,9 @@ public class ParsingPackageUtils { 
        SigningDetails verified;

        try {

            if (skipVerify) {

                // systemDir APKs are already trusted, save time by not verifying; since the

                // signature is not verified and some system apps can have their V2+ signatures

                // stripped allow pulling the certs from the jar signature.

                // systemDir APKs are already trusted, save time by not verifying

                verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);

                        baseCodePath, minSignatureScheme);

            } else {

                verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);

            }

services/core/java/com/android/server/pm/PackageManagerService.java

+9 −11
Original line number Diff line number Diff line
@@ -15175,9 +15175,8 @@ public class PackageManagerService extends IPackageManager.Stub 
                }

            }













            // If the package is not on a system partition ensure it is signed with at least the













            // minimum signature scheme version required for its target SDK.













            if ((parseFlags & ParsingPackageUtils.PARSE_IS_SYSTEM_DIR) == 0) {













            // Ensure the package is signed with at least the minimum signature scheme version













            // required for its target SDK.















            int minSignatureSchemeVersion =















                    ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(















                            pkg.getTargetSdkVersion());









@@ -15188,7 +15187,6 @@ public class PackageManagerService extends IPackageManager.Stub













            }















        }















    }













    }





























    @GuardedBy("mLock")















    private boolean addBuiltInSharedLibraryLocked(SystemConfig.SharedLibraryEntry entry) {