Add proof-of-rotation information to PackageParser.SigningDetails (77029c5b) · Commits · e / os / android_frameworks_base

core/java/android/content/pm/PackageParser.java

+144 −5

Original line number	Diff line number	Diff line
		@@ -5684,23 +5684,74 @@ public class PackageParser {
		@Nullable
		public final ArraySet<PublicKey> publicKeys;

		/**
		* Collection of {@code Signature} objects, each of which is formed from a former signing
		* certificate of this APK before it was changed by signing certificate rotation.
		*/
		@Nullable
		public final Signature[] pastSigningCertificates;

		/**
		* Flags for the {@code pastSigningCertificates} collection, which indicate the capabilities
		* the including APK wishes to grant to its past signing certificates.
		*/
		@Nullable
		public final int[] pastSigningCertificatesFlags;

		/** A representation of unknown signing details. Use instead of null. */
		public static final SigningDetails UNKNOWN =
		new SigningDetails(null, SignatureSchemeVersion.UNKNOWN, null);
		new SigningDetails(null, SignatureSchemeVersion.UNKNOWN, null, null, null);

		@VisibleForTesting
		public SigningDetails(Signature[] signatures,
		@SignatureSchemeVersion int signatureSchemeVersion,
		ArraySet<PublicKey> keys) {
		ArraySet<PublicKey> keys, Signature[] pastSigningCertificates,
		int[] pastSigningCertificatesFlags) {
		this.signatures = signatures;
		this.signatureSchemeVersion = signatureSchemeVersion;
		this.publicKeys = keys;
		this.pastSigningCertificates = pastSigningCertificates;
		this.pastSigningCertificatesFlags = pastSigningCertificatesFlags;
		}

		public SigningDetails(Signature[] signatures,
		@SignatureSchemeVersion int signatureSchemeVersion,
		Signature[] pastSigningCertificates, int[] pastSigningCertificatesFlags)
		throws CertificateException {
		this(signatures, signatureSchemeVersion, toSigningKeys(signatures),
		pastSigningCertificates, pastSigningCertificatesFlags);
		}

		public SigningDetails(Signature[] signatures,
		@SignatureSchemeVersion int signatureSchemeVersion)
		throws CertificateException {
		this(signatures, signatureSchemeVersion, toSigningKeys(signatures));
		this(signatures, signatureSchemeVersion,
		null, null);
		}

		public SigningDetails(SigningDetails orig) {
		if (orig != null) {
		if (orig.signatures != null) {
		this.signatures = orig.signatures.clone();
		} else {
		this.signatures = null;
		}
		this.signatureSchemeVersion = orig.signatureSchemeVersion;
		this.publicKeys = new ArraySet<>(orig.publicKeys);
		if (orig.pastSigningCertificates != null) {
		this.pastSigningCertificates = orig.pastSigningCertificates.clone();
		this.pastSigningCertificatesFlags = orig.pastSigningCertificatesFlags.clone();
		} else {
		this.pastSigningCertificates = null;
		this.pastSigningCertificatesFlags = null;
		}
		} else {
		this.signatures = null;
		this.signatureSchemeVersion = SignatureSchemeVersion.UNKNOWN;
		this.publicKeys = null;
		this.pastSigningCertificates = null;
		this.pastSigningCertificatesFlags = null;
		}
		}

		/** Returns true if the signing details have one or more signatures. */
		@@ -5728,6 +5779,8 @@ public class PackageParser {
		dest.writeTypedArray(this.signatures, flags);
		dest.writeInt(this.signatureSchemeVersion);
		dest.writeArraySet(this.publicKeys);
		dest.writeTypedArray(this.pastSigningCertificates, flags);
		dest.writeIntArray(this.pastSigningCertificatesFlags);
		}

		protected SigningDetails(Parcel in) {
		@@ -5735,6 +5788,8 @@ public class PackageParser {
		this.signatures = in.createTypedArray(Signature.CREATOR);
		this.signatureSchemeVersion = in.readInt();
		this.publicKeys = (ArraySet<PublicKey>) in.readArraySet(boot);
		this.pastSigningCertificates = in.createTypedArray(Signature.CREATOR);
		this.pastSigningCertificatesFlags = in.createIntArray();
		}

		public static final Creator<SigningDetails> CREATOR = new Creator<SigningDetails>() {
		@@ -5761,8 +5816,23 @@ public class PackageParser {

		if (signatureSchemeVersion != that.signatureSchemeVersion) return false;
		if (!Signature.areExactMatch(signatures, that.signatures)) return false;
		return publicKeys != null ? publicKeys.equals(that.publicKeys)
		: that.publicKeys == null;
		if (publicKeys != null) {
		if (!publicKeys.equals((that.publicKeys))) {
		return false;
		}
		} else if (that.publicKeys != null) {
		return false;
		}

		// can't use Signature.areExactMatch() because order matters with the past signing certs
		if (!Arrays.equals(pastSigningCertificates, that.pastSigningCertificates)) {
		return false;
		}
		if (!Arrays.equals(pastSigningCertificatesFlags, that.pastSigningCertificatesFlags)) {
		return false;
		}

		return true;
		}

		@Override
		@@ -5770,8 +5840,77 @@ public class PackageParser {
		int result = +Arrays.hashCode(signatures);
		result = 31 * result + signatureSchemeVersion;
		result = 31 * result + (publicKeys != null ? publicKeys.hashCode() : 0);
		result = 31 * result + Arrays.hashCode(pastSigningCertificates);
		result = 31 * result + Arrays.hashCode(pastSigningCertificatesFlags);
		return result;
		}

		/**
		* Builder of {@code SigningDetails} instances.
		*/
		public static class Builder {
		private Signature[] mSignatures;
		private int mSignatureSchemeVersion = SignatureSchemeVersion.UNKNOWN;
		private Signature[] mPastSigningCertificates;
		private int[] mPastSigningCertificatesFlags;

		public Builder() {
		}

		/** get signing certificates used to sign the current APK */
		public Builder setSignatures(Signature[] signatures) {
		mSignatures = signatures;
		return this;
		}

		/** set the signature scheme version used to sign the APK */
		public Builder setSignatureSchemeVersion(int signatureSchemeVersion) {
		mSignatureSchemeVersion = signatureSchemeVersion;
		return this;
		}

		/** set the signing certificates by which the APK proved it can be authenticated */
		public Builder setPastSigningCertificates(Signature[] pastSigningCertificates) {
		mPastSigningCertificates = pastSigningCertificates;
		return this;
		}

		/** set the flags for the {@code pastSigningCertificates} */
		public Builder setPastSigningCertificatesFlags(int[] pastSigningCertificatesFlags) {
		mPastSigningCertificatesFlags = pastSigningCertificatesFlags;
		return this;
		}

		private void checkInvariants() {
		// must have signatures and scheme version set
		if (mSignatures == null) {
		throw new IllegalStateException("SigningDetails requires the current signing"
		+ " certificates.");
		}

		// pastSigningCerts and flags must match up
		boolean pastMismatch = false;
		if (mPastSigningCertificates != null && mPastSigningCertificatesFlags != null) {
		if (mPastSigningCertificates.length != mPastSigningCertificatesFlags.length) {
		pastMismatch = true;
		}
		} else if (!(mPastSigningCertificates == null
		&& mPastSigningCertificatesFlags == null)) {
		pastMismatch = true;
		}
		if (pastMismatch) {
		throw new IllegalStateException("SigningDetails must have a one to one mapping "
		+ "between pastSigningCertificates and pastSigningCertificatesFlags");
		}
		}
		/** build a {@code SigningDetails} object */
		public SigningDetails build()
		throws CertificateException {
		checkInvariants();
		return new SigningDetails(mSignatures, mSignatureSchemeVersion,
		mPastSigningCertificates, mPastSigningCertificatesFlags);
		}
		}
		}

		/**

core/java/android/util/apk/ApkSignatureVerifier.java

+34 −10

Original line number	Diff line number	Diff line
		@@ -80,10 +80,22 @@ public class ApkSignatureVerifier {
		ApkSignatureSchemeV3Verifier.verify(apkPath);
		Certificate[][] signerCerts = new Certificate[][] { vSigner.certs };
		Signature[] signerSigs = convertToSignatures(signerCerts);
		return new PackageParser.SigningDetails(signerSigs,
		SignatureSchemeVersion.SIGNING_BLOCK_V3);
		Signature[] pastSignerSigs = null;
		int[] pastSignerSigsFlags = null;
		if (vSigner.por != null) {
		// populate proof-of-rotation information
		pastSignerSigs = new Signature[vSigner.por.certs.size()];
		pastSignerSigsFlags = new int[vSigner.por.flagsList.size()];
		for (int i = 0; i < pastSignerSigs.length; i++) {
		pastSignerSigs[i] = new Signature(vSigner.por.certs.get(i).getEncoded());
		pastSignerSigsFlags[i] = vSigner.por.flagsList.get(i);
		}
		}
		return new PackageParser.SigningDetails(
		signerSigs, SignatureSchemeVersion.SIGNING_BLOCK_V3,
		pastSignerSigs, pastSignerSigsFlags);
		} catch (SignatureNotFoundException e) {
		// not signed with v2, try older if allowed
		// not signed with v3, try older if allowed
		if (minSignatureSchemeVersion >= SignatureSchemeVersion.SIGNING_BLOCK_V3) {
		throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
		"No APK Signature Scheme v3 signature in package " + apkPath, e);
		@@ -92,7 +104,7 @@ public class ApkSignatureVerifier {
		// APK Signature Scheme v2 signature found but did not verify
		throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
		"Failed to collect certificates from " + apkPath
		+ " using APK Signature Scheme v2", e);
		+ " using APK Signature Scheme v3", e);
		} finally {
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
		}
		@@ -304,25 +316,37 @@ public class ApkSignatureVerifier {
		}

		// first try v3
		Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "verifyV3");
		Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "certsOnlyV3");
		try {
		ApkSignatureSchemeV3Verifier.VerifiedSigner vSigner =
		ApkSignatureSchemeV3Verifier.plsCertsNoVerifyOnlyCerts(apkPath);
		Certificate[][] signerCerts = new Certificate[][] { vSigner.certs };
		Signature[] signerSigs = convertToSignatures(signerCerts);
		return new PackageParser.SigningDetails(signerSigs,
		SignatureSchemeVersion.SIGNING_BLOCK_V3);
		Signature[] pastSignerSigs = null;
		int[] pastSignerSigsFlags = null;
		if (vSigner.por != null) {
		// populate proof-of-rotation information
		pastSignerSigs = new Signature[vSigner.por.certs.size()];
		pastSignerSigsFlags = new int[vSigner.por.flagsList.size()];
		for (int i = 0; i < pastSignerSigs.length; i++) {
		pastSignerSigs[i] = new Signature(vSigner.por.certs.get(i).getEncoded());
		pastSignerSigsFlags[i] = vSigner.por.flagsList.get(i);
		}
		}
		return new PackageParser.SigningDetails(
		signerSigs, SignatureSchemeVersion.SIGNING_BLOCK_V3,
		pastSignerSigs, pastSignerSigsFlags);
		} catch (SignatureNotFoundException e) {
		// not signed with v2, try older if allowed
		// not signed with v3, try older if allowed
		if (minSignatureSchemeVersion >= SignatureSchemeVersion.SIGNING_BLOCK_V3) {
		throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
		"No APK Signature Scheme v3 signature in package " + apkPath, e);
		}
		} catch (Exception e) {
		// APK Signature Scheme v2 signature found but did not verify
		// APK Signature Scheme v3 signature found but did not verify
		throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
		"Failed to collect certificates from " + apkPath
		+ " using APK Signature Scheme v2", e);
		+ " using APK Signature Scheme v3", e);
		} finally {
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
		}

services/core/java/com/android/server/pm/PackageManagerService.java

+33 −30

Original line number	Diff line number	Diff line
		@@ -5391,13 +5391,13 @@ Slog.e("TODD",
		if (isCallerInstantApp) {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		s1 = ((SharedUserSetting)obj).signatures.mSignatures;
		s1 = ((SharedUserSetting)obj).signatures.mSigningDetails.signatures;
		} else if (obj instanceof PackageSetting) {
		final PackageSetting ps = (PackageSetting) obj;
		if (filterAppAccessLPr(ps, callingUid, callingUserId)) {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		s1 = ps.signatures.mSignatures;
		s1 = ps.signatures.mSigningDetails.signatures;
		} else {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		@@ -5410,13 +5410,13 @@ Slog.e("TODD",
		if (isCallerInstantApp) {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		s2 = ((SharedUserSetting)obj).signatures.mSignatures;
		s2 = ((SharedUserSetting)obj).signatures.mSigningDetails.signatures;
		} else if (obj instanceof PackageSetting) {
		final PackageSetting ps = (PackageSetting) obj;
		if (filterAppAccessLPr(ps, callingUid, callingUserId)) {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		s2 = ps.signatures.mSignatures;
		s2 = ps.signatures.mSigningDetails.signatures;
		} else {
		return PackageManager.SIGNATURE_UNKNOWN_PACKAGE;
		}
		@@ -8203,19 +8203,15 @@ Slog.e("TODD",
		&& ps.timeStamp == lastModifiedTime
		&& !isCompatSignatureUpdateNeeded(pkg)
		&& !isRecoverSignatureUpdateNeeded(pkg)) {
		if (ps.signatures.mSignatures != null
		&& ps.signatures.mSignatures.length != 0
		&& ps.signatures.mSignatureSchemeVersion != SignatureSchemeVersion.UNKNOWN) {
		if (ps.signatures.mSigningDetails.signatures != null
		&& ps.signatures.mSigningDetails.signatures.length != 0
		&& ps.signatures.mSigningDetails.signatureSchemeVersion
		!= SignatureSchemeVersion.UNKNOWN) {
		// Optimization: reuse the existing cached signing data
		// if the package appears to be unchanged.
		try {
		pkg.mSigningDetails = new PackageParser.SigningDetails(ps.signatures.mSignatures,
		ps.signatures.mSignatureSchemeVersion);
		pkg.mSigningDetails =
		new PackageParser.SigningDetails(ps.signatures.mSigningDetails);
		return;
		} catch (CertificateException e) {
		Slog.e(TAG, "Attempt to read public keys from persisted signatures failed for "
		+ ps.name, e);
		}
		}

		Slog.w(TAG, "PackageSetting for " + ps.name
		@@ -8543,7 +8539,8 @@ Slog.e("TODD",
		if (scanSystemPartition && !isSystemPkgUpdated && pkgAlreadyExists
		&& !pkgSetting.isSystem()) {
		// if the signatures don't match, wipe the installed application and its data
		if (compareSignatures(pkgSetting.signatures.mSignatures, pkg.mSigningDetails.signatures)
		if (compareSignatures(pkgSetting.signatures.mSigningDetails.signatures,
		pkg.mSigningDetails.signatures)
		!= PackageManager.SIGNATURE_MATCH) {
		logCriticalInfo(Log.WARN,
		"System package signature mismatch;"
		@@ -9906,14 +9903,14 @@ Slog.e("TODD",
		if (ksms.checkUpgradeKeySetLocked(signatureCheckPs, pkg)) {
		// We just determined the app is signed correctly, so bring
		// over the latest parsed certs.
		pkgSetting.signatures.mSignatures = pkg.mSigningDetails.signatures;
		pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
		} else {
		if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) {
		throw new PackageManagerException(INSTALL_FAILED_UPDATE_INCOMPATIBLE,
		"Package " + pkg.packageName + " upgrade keys do not match the "
		+ "previously installed version");
		} else {
		pkgSetting.signatures.mSignatures = pkg.mSigningDetails.signatures;
		pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
		String msg = "System package " + pkg.packageName
		+ " signature changed; retaining data.";
		reportSettingsProblem(Log.WARN, msg);
		@@ -9933,21 +9930,22 @@ Slog.e("TODD",
		}
		// We just determined the app is signed correctly, so bring
		// over the latest parsed certs.
		pkgSetting.signatures.mSignatures = pkg.mSigningDetails.signatures;
		pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
		} catch (PackageManagerException e) {
		if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) {
		throw e;
		}
		// The signature has changed, but this package is in the system
		// image... let's recover!
		pkgSetting.signatures.mSignatures = pkg.mSigningDetails.signatures;
		pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
		// However... if this package is part of a shared user, but it
		// doesn't match the signature of the shared user, let's fail.
		// What this means is that you can't change the signatures
		// associated with an overall shared user, which doesn't seem all
		// that unreasonable.
		if (signatureCheckPs.sharedUser != null) {
		if (compareSignatures(signatureCheckPs.sharedUser.signatures.mSignatures,
		if (compareSignatures(
		signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,
		pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {
		throw new PackageManagerException(
		INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
		@@ -10774,9 +10772,12 @@ Slog.e("TODD",
		if (sharedUserSetting != null && sharedUserSetting.isPrivileged()) {
		// Exempt SharedUsers signed with the platform key.
		PackageSetting platformPkgSetting = mSettings.mPackages.get("android");
		if ((platformPkgSetting.signatures.mSignatures != null) &&
		(compareSignatures(platformPkgSetting.signatures.mSignatures,
		pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH)) {
		if ((platformPkgSetting.signatures.mSigningDetails
		!= PackageParser.SigningDetails.UNKNOWN)
		&& (compareSignatures(
		platformPkgSetting.signatures.mSigningDetails.signatures,
		pkg.mSigningDetails.signatures)
		!= PackageManager.SIGNATURE_MATCH)) {
		throw new PackageManagerException("Apps that share a user with a " +
		"privileged app must themselves be marked as privileged. " +
		pkg.packageName + " shares privileged user " +
		@@ -14218,9 +14219,10 @@ Slog.e("TODD",
		Object obj = mSettings.getUserIdLPr(callingUid);
		if (obj != null) {
		if (obj instanceof SharedUserSetting) {
		callerSignature = ((SharedUserSetting)obj).signatures.mSignatures;
		callerSignature =
		((SharedUserSetting)obj).signatures.mSigningDetails.signatures;
		} else if (obj instanceof PackageSetting) {
		callerSignature = ((PackageSetting)obj).signatures.mSignatures;
		callerSignature = ((PackageSetting)obj).signatures.mSigningDetails.signatures;
		} else {
		throw new SecurityException("Bad object " + obj + " for uid " + callingUid);
		}
		@@ -14232,7 +14234,7 @@ Slog.e("TODD",
		// not signed with the same cert as the caller.
		if (installerPackageSetting != null) {
		if (compareSignatures(callerSignature,
		installerPackageSetting.signatures.mSignatures)
		installerPackageSetting.signatures.mSigningDetails.signatures)
		!= PackageManager.SIGNATURE_MATCH) {
		throw new SecurityException(
		"Caller does not have same cert as new installer package "
		@@ -14249,7 +14251,7 @@ Slog.e("TODD",
		// okay to change it.
		if (setting != null) {
		if (compareSignatures(callerSignature,
		setting.signatures.mSignatures)
		setting.signatures.mSigningDetails.signatures)
		!= PackageManager.SIGNATURE_MATCH) {
		throw new SecurityException(
		"Caller does not have same cert as old installer package "
		@@ -16757,7 +16759,8 @@ Slog.e("TODD",
		sourcePackageSetting, scanFlags))) {
		sigsOk = ksms.checkUpgradeKeySetLocked(sourcePackageSetting, pkg);
		} else {
		sigsOk = compareSignatures(sourcePackageSetting.signatures.mSignatures,
		sigsOk = compareSignatures(
		sourcePackageSetting.signatures.mSigningDetails.signatures,
		pkg.mSigningDetails.signatures) == PackageManager.SIGNATURE_MATCH;
		}
		if (!sigsOk) {

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+15 −11

File changed.

Preview size limit exceeded, changes collapsed.

services/core/java/com/android/server/pm/PackageSettingBase.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -233,7 +233,7 @@ public abstract class PackageSettingBase extends SettingBase {
		}

		public Signature[] getSignatures() {
		return signatures.mSignatures;
		return signatures.mSigningDetails.signatures;
		}

		/**