Add new API to compare certs of two UIDs. (766cbfe4) · Commits · e / os / android_frameworks_base

api/current.xml

+30 −0

Original line number	Diff line number	Diff line
		@@ -37880,6 +37880,21 @@
		<parameter name="pkg2" type="java.lang.String">
		</parameter>
		</method>
		<method name="checkSignatures"
		return="int"
		abstract="true"
		native="false"
		synchronized="false"
		static="false"
		final="false"
		deprecated="not deprecated"
		visibility="public"
		>
		<parameter name="uid1" type="int">
		</parameter>
		<parameter name="uid2" type="int">
		</parameter>
		</method>
		<method name="clearPackagePreferredActivities"
		return="void"
		abstract="true"
		@@ -121998,6 +122013,21 @@
		<parameter name="pkg2" type="java.lang.String">
		</parameter>
		</method>
		<method name="checkSignatures"
		return="int"
		abstract="false"
		native="false"
		synchronized="false"
		static="false"
		final="false"
		deprecated="not deprecated"
		visibility="public"
		>
		<parameter name="uid1" type="int">
		</parameter>
		<parameter name="uid2" type="int">
		</parameter>
		</method>
		<method name="clearPackagePreferredActivities"
		return="void"
		abstract="false"

core/java/android/app/ApplicationContext.java

+9 −0

Original line number	Diff line number	Diff line
		@@ -1663,6 +1663,15 @@ class ApplicationContext extends Context {
		}
		}

		@Override
		public int checkSignatures(int uid1, int uid2) {
		try {
		return mPM.checkUidSignatures(uid1, uid2);
		} catch (RemoteException e) {
		throw new RuntimeException("Package manager has died", e);
		}
		}

		@Override
		public String[] getPackagesForUid(int uid) {
		try {

core/java/android/content/pm/IPackageManager.aidl

+2 −0

Original line number	Diff line number	Diff line
		@@ -75,6 +75,8 @@ interface IPackageManager {

		int checkSignatures(String pkg1, String pkg2);

		int checkUidSignatures(int uid1, int uid2);

		String[] getPackagesForUid(int uid);

		String getNameForUid(int uid);

core/java/android/content/pm/PackageManager.java

+29 −0

Original line number	Diff line number	Diff line
		@@ -865,6 +865,7 @@ public abstract class PackageManager {
		* {@link #SIGNATURE_SECOND_NOT_SIGNED}, {@link #SIGNATURE_NO_MATCH},
		* or {@link #SIGNATURE_UNKNOWN_PACKAGE}.
		*
		* @see #checkSignatures(int, int)
		* @see #SIGNATURE_MATCH
		* @see #SIGNATURE_NEITHER_SIGNED
		* @see #SIGNATURE_FIRST_NOT_SIGNED
		@@ -874,6 +875,34 @@ public abstract class PackageManager {
		*/
		public abstract int checkSignatures(String pkg1, String pkg2);

		/**
		* Like {@link #checkSignatures(String, String)}, but takes UIDs of
		* the two packages to be checked. This can be useful, for example,
		* when doing the check in an IPC, where the UID is the only identity
		* available. It is functionally identical to determining the package
		* associated with the UIDs and checking their signatures.
		*
		* @param pkg1 First UID whose signature will be compared.
		* @param pkg2 Second UID whose signature will be compared.
		* @return Returns an integer indicating whether there is a matching
		* signature: the value is >= 0 if there is a match (or neither package
		* is signed), or < 0 if there is not a match. The match result can be
		* further distinguished with the success (>= 0) constants
		* {@link #SIGNATURE_MATCH}, {@link #SIGNATURE_NEITHER_SIGNED}; or
		* failure (< 0) constants {@link #SIGNATURE_FIRST_NOT_SIGNED},
		* {@link #SIGNATURE_SECOND_NOT_SIGNED}, {@link #SIGNATURE_NO_MATCH},
		* or {@link #SIGNATURE_UNKNOWN_PACKAGE}.
		*
		* @see #checkSignatures(int, int)
		* @see #SIGNATURE_MATCH
		* @see #SIGNATURE_NEITHER_SIGNED
		* @see #SIGNATURE_FIRST_NOT_SIGNED
		* @see #SIGNATURE_SECOND_NOT_SIGNED
		* @see #SIGNATURE_NO_MATCH
		* @see #SIGNATURE_UNKNOWN_PACKAGE
		*/
		public abstract int checkSignatures(int uid1, int uid2);

		/**
		* Retrieve the names of all packages that are associated with a particular
		* user id. In most cases, this will be a single package name, the package

services/java/com/android/server/PackageManagerService.java

+44 −11

Original line number	Diff line number	Diff line
		@@ -1138,25 +1138,57 @@ class PackageManagerService extends IPackageManager.Stub {
		\|\| p2 == null \|\| p2.mExtras == null) {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		return checkSignaturesLP(p1, p2);
		return checkSignaturesLP(p1.mSignatures, p2.mSignatures);
		}
		}

		int checkSignaturesLP(PackageParser.Package p1, PackageParser.Package p2) {
		if (p1.mSignatures == null) {
		return p2.mSignatures == null
		public int checkUidSignatures(int uid1, int uid2) {
		synchronized (mPackages) {
		Signature[] s1;
		Signature[] s2;
		Object obj = mSettings.getUserIdLP(uid1);
		if (obj != null) {
		if (obj instanceof SharedUserSetting) {
		s1 = ((SharedUserSetting)obj).signatures.mSignatures;
		} else if (obj instanceof PackageSetting) {
		s1 = ((PackageSetting)obj).signatures.mSignatures;
		} else {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		} else {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		obj = mSettings.getUserIdLP(uid2);
		if (obj != null) {
		if (obj instanceof SharedUserSetting) {
		s2 = ((SharedUserSetting)obj).signatures.mSignatures;
		} else if (obj instanceof PackageSetting) {
		s2 = ((PackageSetting)obj).signatures.mSignatures;
		} else {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		} else {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		return checkSignaturesLP(s1, s2);
		}
		}

		int checkSignaturesLP(Signature[] s1, Signature[] s2) {
		if (s1 == null) {
		return s2 == null
		? PackageManager.SIGNATURE_NEITHER_SIGNED
		: PackageManager.SIGNATURE_FIRST_NOT_SIGNED;
		}
		if (p2.mSignatures == null) {
		if (s2 == null) {
		return PackageManager.SIGNATURE_SECOND_NOT_SIGNED;
		}
		final int N1 = p1.mSignatures.length;
		final int N2 = p2.mSignatures.length;
		final int N1 = s1.length;
		final int N2 = s2.length;
		for (int i=0; i<N1; i++) {
		boolean match = false;
		for (int j=0; j<N2; j++) {
		if (p1.mSignatures[i].equals(p2.mSignatures[j])) {
		if (s1[i].equals(s2[j])) {
		match = true;
		break;
		}
		@@ -2907,9 +2939,9 @@ class PackageManagerService extends IPackageManager.Stub {
		allowed = true;
		} else if (p.info.protectionLevel == PermissionInfo.PROTECTION_SIGNATURE
		\|\| p.info.protectionLevel == PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM) {
		allowed = (checkSignaturesLP(p.owner, pkg)
		allowed = (checkSignaturesLP(p.owner.mSignatures, pkg.mSignatures)
		== PackageManager.SIGNATURE_MATCH)
		\|\| (checkSignaturesLP(mPlatformPackage, pkg)
		\|\| (checkSignaturesLP(mPlatformPackage.mSignatures, pkg.mSignatures)
		== PackageManager.SIGNATURE_MATCH);
		if (p.info.protectionLevel == PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM) {
		if ((pkg.applicationInfo.flags&ApplicationInfo.FLAG_SYSTEM) != 0) {
		@@ -3556,7 +3588,8 @@ class PackageManagerService extends IPackageManager.Stub {
		// First find the old package info and check signatures
		synchronized(mPackages) {
		oldPackage = mPackages.get(pkgName);
		if(checkSignaturesLP(pkg, oldPackage) != PackageManager.SIGNATURE_MATCH) {
		if(checkSignaturesLP(pkg.mSignatures, oldPackage.mSignatures)
		!= PackageManager.SIGNATURE_MATCH) {
		res.returnCode = PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES;
		return;
		}