Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6f490e2e authored by Ricardo Cerqueira's avatar Ricardo Cerqueira Committed by Steve Kondik
Browse files

PackageManager: Restrict system packages to protected storage 

Don't allow packages signed with the platform key to be
installed into user (or app) controlled storage

Change-Id: I7390b3bdf5289411f7a335c69635bed9f74bbfb3

PackageManager: Limit the platform-key protection to test-keys builds

This block (change I7390b3bdf5289411f7a335c69635bed9f74bbfb3) is intended
to protect the system from abuse of well-known keys. That's not the case
if the system is signed with dev or release keys.

Change-Id: Ifb66f775dd28c577447634ae177442732a18b592
parent 75276c24

services/core/java/com/android/server/pm/PackageManagerService.java

+14 −0
Original line number Original line Diff line number Diff line
@@ -6617,6 +6617,20 @@ public class PackageManagerService extends IPackageManager.Stub { 
            }

            }

        }

        }




















        if (Build.TAGS.equals("test-keys") &&














                !pkg.applicationInfo.sourceDir.startsWith(Environment.getRootDirectory().getPath()) &&














                !pkg.applicationInfo.sourceDir.startsWith("/vendor")) {














            Object obj = mSettings.getUserIdLPr(1000);














            Signature[] s1 = null;














            if (obj instanceof SharedUserSetting) {














                s1 = ((SharedUserSetting)obj).signatures.mSignatures;














            }














            if ((compareSignatures(pkg.mSignatures, s1) == PackageManager.SIGNATURE_MATCH)) {














                throw new PackageManagerException(INSTALL_FAILED_INVALID_INSTALL_LOCATION,














                        "Cannot install platform packages to user storage!");














            }














        }
























        // Initialize package source and resource directories







        // Initialize package source and resource directories











        File destCodeFile = new File(pkg.applicationInfo.getCodePath());







        File destCodeFile = new File(pkg.applicationInfo.getCodePath());











        File destResourceFile = new File(pkg.applicationInfo.getResourcePath());







        File destResourceFile = new File(pkg.applicationInfo.getResourcePath());