Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7593599c authored by Michael Groover's avatar Michael Groover Committed by Automerger Merge Worker
Browse files

Merge "Use key rotation aware check when sharedUID signatures change on OTA"... 

Merge "Use key rotation aware check when sharedUID signatures change on OTA" into tm-dev am: d931f19f

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/18381775



Change-Id: I0e7b559afb5e0551a83b90b08bc5589d1162d635
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 8063d3ad d931f19f

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+25 −7
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.server.pm; 
import static android.content.pm.PackageManager.INSTALL_FAILED_SHARED_USER_INCOMPATIBLE;

import static android.content.pm.PackageManager.INSTALL_FAILED_UPDATE_INCOMPATIBLE;

import static android.content.pm.PackageManager.INSTALL_FAILED_VERSION_DOWNGRADE;

import static android.content.pm.SigningDetails.CertCapabilities.SHARED_USER_ID;

import static android.system.OsConstants.O_CREAT;

import static android.system.OsConstants.O_RDWR;
@@ -565,13 +566,8 @@ public class PackageManagerServiceUtils { 
            // the older ones.  We check to see if either the new package is signed by an older cert

            // with which the current sharedUser is ok, or if it is signed by a newer one, and is ok

            // with being sharedUser with the existing signing cert.

            boolean match =

                    parsedSignatures.checkCapability(

                            sharedUserSetting.getSigningDetails(),

                            SigningDetails.CertCapabilities.SHARED_USER_ID)

                    || sharedUserSetting.getSigningDetails().checkCapability(

                            parsedSignatures,

                            SigningDetails.CertCapabilities.SHARED_USER_ID);

            boolean match = canJoinSharedUserId(parsedSignatures,

                    sharedUserSetting.getSigningDetails());

            // Special case: if the sharedUserId capability check failed it could be due to this

            // being the only package in the sharedUserId so far and the lineage being updated to

            // deny the sharedUserId capability of the previous key in the lineage.
@@ -645,6 +641,28 @@ public class PackageManagerServiceUtils { 
        return compatMatch;

    }



    /**

     * Returns whether the package with {@code packageSigningDetails} can join the sharedUserId

     * with {@code sharedUserSigningDetails}.

     * <p>

     * A sharedUserId maintains a shared {@link SigningDetails} containing the full lineage and

     * capabilities for each package in the sharedUserId. A package can join the sharedUserId if

     * its current signer is the same as the shared signer, or if the current signer of either

     * is in the signing lineage of the other with the {@link

     * SigningDetails.CertCapabilities#SHARED_USER_ID} capability granted to that previous signer

     * in the lineage.

     *

     * @param packageSigningDetails the {@code SigningDetails} of the package seeking to join the

     *                             sharedUserId

     * @param sharedUserSigningDetails the {@code SigningDetails} of the sharedUserId

     * @return true if the package seeking to join the sharedUserId meets the requirements

     */

    public static boolean canJoinSharedUserId(@NonNull SigningDetails packageSigningDetails,

            @NonNull SigningDetails sharedUserSigningDetails) {

        return packageSigningDetails.checkCapability(sharedUserSigningDetails, SHARED_USER_ID)

                || sharedUserSigningDetails.checkCapability(packageSigningDetails, SHARED_USER_ID);

    }



    /**

     * Extract native libraries to a target path

     */

services/core/java/com/android/server/pm/ReconcilePackageUtils.java

+3 −7
Original line number Diff line number Diff line
@@ -22,11 +22,9 @@ import static android.content.pm.SigningDetails.CapabilityMergeRule.MERGE_RESTRI 


import static com.android.server.pm.PackageManagerService.SCAN_BOOTING;

import static com.android.server.pm.PackageManagerService.SCAN_DONT_KILL_APP;

import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;



import android.content.pm.PackageManager;

import android.content.pm.SharedLibraryInfo;

import android.content.pm.Signature;

import android.content.pm.SigningDetails;

import android.os.SystemProperties;

import android.util.ArrayMap;
@@ -212,12 +210,10 @@ final class ReconcilePackageUtils { 
                    // the signatures on the first package scanned for the shared user (i.e. if the

                    // signaturesChanged state hasn't been initialized yet in SharedUserSetting).

                    if (sharedUserSetting != null) {

                        final Signature[] sharedUserSignatures = sharedUserSetting

                                .signatures.mSigningDetails.getSignatures();

                        if (sharedUserSetting.signaturesChanged != null

                                && compareSignatures(sharedUserSignatures,

                                parsedPackage.getSigningDetails().getSignatures())

                                != PackageManager.SIGNATURE_MATCH) {

                                && !PackageManagerServiceUtils.canJoinSharedUserId(

                                parsedPackage.getSigningDetails(),

                                sharedUserSetting.getSigningDetails())) {

                            if (SystemProperties.getInt("ro.product.first_api_level", 0) <= 29) {

                                // Mismatched signatures is an error and silently skipping system

                                // packages will likely break the device in unforeseen ways.