Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 86fe6a37 authored by Ethan Chen's avatar Ethan Chen Committed by Bruno Martins
Browse files

PackageManager: Add configuration to specify vendor platform signatures 

Devices with split system/vendor images may want to use the OEM's vendor
image. In that case, the OEM's platform signature is not actually the
same as the platform signature used to sign the Lineage system image.
Allow devices to specify an OEM platform signature which will also be
recognized as the system's platform signature.

Change-Id: Ida9bb25a32234af9d9507a214eae6a4672320d2b
parent 5cbf91cf

services/core/java/com/android/server/pm/PackageManagerService.java

+36 −5
Original line number Diff line number Diff line
@@ -1649,6 +1649,8 @@ public class PackageManagerService extends IPackageManager.Stub 
    private final PackageUsage mPackageUsage = new PackageUsage();

    private final CompilerStats mCompilerStats = new CompilerStats();













    private Signature[] mVendorPlatformSignatures = new Signature[0];



























    class PackageHandler extends Handler {





























        PackageHandler(Looper looper) {










@@ -2812,6 +2814,14 @@ public class PackageManagerService extends IPackageManager.Stub













        mPackages.putAll(testParams.packages);















    }



























    private static Signature[] createSignatures(String[] hexBytes) {













        Signature[] sigs = new Signature[hexBytes.length];













        for (int i = 0; i < sigs.length; i++) {













            sigs[i] = new Signature(hexBytes[i]);













        }













        return sigs;













    }



























    public PackageManagerService(Injector injector, boolean onlyCore, boolean factoryTest) {















        PackageManager.disableApplicationInfoCache();















        PackageManager.disablePackageInfoCache();










@@ -2843,6 +2853,9 @@ public class PackageManagerService extends IPackageManager.Stub













        mMetrics = new DisplayMetrics();















        mInstaller = injector.getInstaller();



























        mVendorPlatformSignatures = createSignatures(mContext.getResources().getStringArray(













                org.lineageos.platform.internal.R.array.config_vendorPlatformSignatures));



























        // Create sub-components that provide services / data. Order here is important.















        t.traceBegin("createSubComponents");
























@@ -9161,6 +9174,20 @@ public class PackageManagerService extends IPackageManager.Stub













            Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates");















            parsedPackage.setSigningDetails(















                    ParsingPackageUtils.getSigningDetails(parsedPackage, skipVerify));













            if (compareSignatures(ParsingPackageUtils.getSigningDetails(













                    parsedPackage, skipVerify).signatures, mVendorPlatformSignatures) ==













                    PackageManager.SIGNATURE_MATCH) {













                // Overwrite package signature with our platform signature













                // if the signature is the vendor's platform signature













                if (mPlatformPackage != null) {













                    parsedPackage.setSigningDetails(ParsingPackageUtils.getSigningDetails(













                            mPlatformPackage, skipVerify));













                    parsedPackage.setSeInfo(SELinuxMMAC.getSeInfo(













                            parsedPackage,













                            parsedPackage.isPrivileged(),













                            parsedPackage.getTargetSdkVersion()));













                }













            }















        } catch (PackageParserException e) {















            throw PackageManagerException.from(e);















        } finally {










@@ -9358,7 +9385,8 @@ public class PackageManagerService extends IPackageManager.Stub













                            null, disabledPkgSetting /* pkgSetting */,















                            null /* disabledPkgSetting */, null /* originalPkgSetting */,















                            null, parseFlags, scanFlags, isPlatformPackage, user, null);













                    applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, true);













                    applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, true,













                            mVendorPlatformSignatures);















                    final ScanResult scanResult =















                            scanPackageOnlyLI(request, mInjector, mFactoryTest, -1L);















                    if (scanResult.existingSettingCopied && scanResult.request.pkgSetting != null) {










@@ -10997,7 +11025,8 @@ public class PackageManagerService extends IPackageManager.Stub













            } else {















                isUpdatedSystemApp = disabledPkgSetting != null;















            }













            applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, isUpdatedSystemApp);













            applyPolicy(parsedPackage, parseFlags, scanFlags, mPlatformPackage, isUpdatedSystemApp,













                    mVendorPlatformSignatures);















            assertPackageIsValid(parsedPackage, parseFlags, scanFlags);





























            SharedUserSetting sharedUserSetting = null;










@@ -11756,7 +11785,7 @@ public class PackageManagerService extends IPackageManager.Stub













     */















    private static void applyPolicy(ParsedPackage parsedPackage, final @ParseFlags int parseFlags,















            final @ScanFlags int scanFlags, AndroidPackage platformPkg,













            boolean isUpdatedSystemApp) {













            boolean isUpdatedSystemApp, Signature[] vendorPlatformSignatures) {















        if ((scanFlags & SCAN_AS_SYSTEM) != 0) {















            parsedPackage.setSystem(true);















            // TODO(b/135203078): Can this be done in PackageParser? Or just inferred when the flag










@@ -11795,10 +11824,12 @@ public class PackageManagerService extends IPackageManager.Stub













        // Check if the package is signed with the same key as the platform package.















        parsedPackage.setSignedWithPlatformKey(















                (PLATFORM_PACKAGE_NAME.equals(parsedPackage.getPackageName())













                        || (platformPkg != null && compareSignatures(













                        || (platformPkg != null && (compareSignatures(















                        platformPkg.getSigningDetails().signatures,















                        parsedPackage.getSigningDetails().signatures













                ) == PackageManager.SIGNATURE_MATCH))













                ) == PackageManager.SIGNATURE_MATCH) || (compareSignatures(













                        vendorPlatformSignatures, parsedPackage.getSigningDetails().signatures) ==













                        PackageManager.SIGNATURE_MATCH)))















        );





























        if (!parsedPackage.isSystem()) {