Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7cb3a322 authored Mar 25, 2022 by Michael Groover

Restore V2+ signature requirement for system apps

In Android R, the platform began enforcing a requirement that apps
targeting this release or later must be signed with at least the V2
signature scheme. Initially, this requirement was applied to system
apps, but due to the build system stripping V2+ signatures due to
compressed dex and library files, the requirement had to be relaxed
for system apps; since then, the system apps have been updated with
uncompressed dex and library files to prevent the signature stripping
by the build system. This commit restores the requirement that
system apps targeting SDK version 30+ must be signed with at least
the V2 signature scheme.

Bug: 215046612
Test: Manually verified fix properly identified system app without
       V2+ signature
Change-Id: I5b482931a99ea8c2308d516912317ff0828153e2

parent 27e35ec6

core/java/android/content/pm/PackageParser.java

+2 −4

Original line number	Diff line number	Diff line
		@@ -1414,11 +1414,9 @@ public class PackageParser {
		final ParseTypeImpl input = ParseTypeImpl.forDefaultParsing();
		final ParseResult<android.content.pm.SigningDetails> result;
		if (skipVerify) {
		// systemDir APKs are already trusted, save time by not verifying; since the signature
		// is not verified and some system apps can have their V2+ signatures stripped allow
		// pulling the certs from the jar signature.
		// systemDir APKs are already trusted, save time by not verifying
		result = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
		input, apkPath, SigningDetails.SignatureSchemeVersion.JAR);
		input, apkPath, minSignatureScheme);
		} else {
		result = ApkSignatureVerifier.verify(input, apkPath, minSignatureScheme);
		}

services/core/java/com/android/server/pm/InstallPackageHelper.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -4190,8 +4190,8 @@ final class InstallPackageHelper {
		assertOverlayIsValid(pkg, parseFlags, scanFlags);
		}

		// If the package is not on a system partition ensure it is signed with at least the
		// minimum signature scheme version required for its target SDK.
		// Ensure the package is signed with at least the minimum signature scheme version
		// required for its target SDK.
		ScanPackageUtils.assertMinSignatureSchemeIsValid(pkg, parseFlags);
		}
		}

services/core/java/com/android/server/pm/ScanPackageUtils.java

+8 −10

Original line number	Diff line number	Diff line
		@@ -690,7 +690,6 @@ final class ScanPackageUtils {

		public static void assertMinSignatureSchemeIsValid(AndroidPackage pkg,
		@ParsingPackageUtils.ParseFlags int parseFlags) throws PackageManagerException {
		if ((parseFlags & ParsingPackageUtils.PARSE_IS_SYSTEM_DIR) == 0) {
		int minSignatureSchemeVersion =
		ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
		pkg.getTargetSdkVersion());
		@@ -701,7 +700,6 @@ final class ScanPackageUtils {
		+ " or newer for package " + pkg.getPackageName());
		}
		}
		}

		/**
		* Returns the "real" name of the package.

services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java

+2 −4

Original line number	Diff line number	Diff line
		@@ -3069,11 +3069,9 @@ public class ParsingPackageUtils {
		}
		final ParseResult<SigningDetails> verified;
		if (skipVerify) {
		// systemDir APKs are already trusted, save time by not verifying; since the
		// signature is not verified and some system apps can have their V2+ signatures
		// stripped allow pulling the certs from the jar signature.
		// systemDir APKs are already trusted, save time by not verifying
		verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(input, baseCodePath,
		SigningDetails.SignatureSchemeVersion.JAR);
		minSignatureScheme);
		} else {
		verified = ApkSignatureVerifier.verify(input, baseCodePath, minSignatureScheme);
		}