Loading core/java/android/content/pm/PackageManagerInternal.java +12 −0 Original line number Diff line number Diff line Loading @@ -616,4 +616,16 @@ public abstract class PackageManagerInternal { */ public abstract boolean isDataRestoreSafe(@NonNull Signature restoringFromSig, @NonNull String packageName); /** * Returns true if the the signing information for {@code clientUid} is sufficient to gain * access gated by {@code capability}. This can happen if the two UIDs have the same signing * information, if the signing information {@code clientUid} indicates that it has the signing * certificate for {@code serverUid} in its signing history (if it was previously signed by it), * or if the signing certificate for {@code clientUid} is in ths signing history for {@code * serverUid} and with the {@code capability} specified. */ public abstract boolean hasSignatureCapability(int serverUid, int clientUid, @PackageParser.SigningDetails.CertCapabilities int capability); } core/java/android/content/pm/PackageParser.java +3 −0 Original line number Diff line number Diff line Loading @@ -5706,6 +5706,9 @@ public class PackageParser { /** allow pkg to update to one signed by this certificate */ int ROLLBACK = 8; /** allow pkg to continue to have auth access gated by this cert */ int AUTH = 16; } /** Loading services/core/java/com/android/server/accounts/AccountManagerService.java +16 −7 Original line number Diff line number Diff line Loading @@ -58,6 +58,8 @@ import android.content.pm.IPackageManager; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.PackageManagerInternal; import android.content.pm.PackageParser; import android.content.pm.RegisteredServicesCache; import android.content.pm.RegisteredServicesCacheListener; import android.content.pm.ResolveInfo; Loading Loading @@ -4737,9 +4739,11 @@ public class AccountManagerService } ActivityInfo targetActivityInfo = resolveInfo.activityInfo; int targetUid = targetActivityInfo.applicationInfo.uid; PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class); if (!isExportedSystemActivity(targetActivityInfo) && (PackageManager.SIGNATURE_MATCH != pm.checkSignatures(authUid, targetUid))) { && !pmi.hasSignatureCapability( targetUid, authUid, PackageParser.SigningDetails.CertCapabilities.AUTH)) { String pkgName = targetActivityInfo.packageName; String activityName = targetActivityInfo.name; String tmpl = "KEY_INTENT resolved to an Activity (%s) in a package (%s) that " Loading Loading @@ -5476,15 +5480,17 @@ public class AccountManagerService } finally { Binder.restoreCallingIdentity(identityToken); } // Check for signature match with Authenticator. // Check for signature match with Authenticator.LocalServices.getService(PackageManagerInternal.class); PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class); for (RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> serviceInfo : serviceInfos) { if (accountType.equals(serviceInfo.type.type)) { if (serviceInfo.uid == callingUid) { return SIGNATURE_CHECK_UID_MATCH; } final int sigChk = mPackageManager.checkSignatures(serviceInfo.uid, callingUid); if (sigChk == PackageManager.SIGNATURE_MATCH) { if (pmi.hasSignatureCapability( serviceInfo.uid, callingUid, PackageParser.SigningDetails.CertCapabilities.AUTH)) { return SIGNATURE_CHECK_MATCH; } } Loading Loading @@ -5520,10 +5526,13 @@ public class AccountManagerService } finally { Binder.restoreCallingIdentity(identityToken); } PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class); for (RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> serviceInfo : serviceInfos) { if (isOtherwisePermitted || (mPackageManager.checkSignatures(serviceInfo.uid, callingUid) == PackageManager.SIGNATURE_MATCH)) { if (isOtherwisePermitted || pmi.hasSignatureCapability( serviceInfo.uid, callingUid, PackageParser.SigningDetails.CertCapabilities.AUTH)) { managedAccountTypes.add(serviceInfo.type.type); } } Loading services/core/java/com/android/server/pm/PackageManagerService.java +25 −0 Original line number Diff line number Diff line Loading @@ -23596,6 +23596,16 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); SigningDetails.CertCapabilities.INSTALLED_DATA); } @Override public boolean hasSignatureCapability(int serverUid, int clientUid, @SigningDetails.CertCapabilities int capability) { SigningDetails serverSigningDetails = getSigningDetails(serverUid); SigningDetails clientSigningDetails = getSigningDetails(clientUid); return serverSigningDetails.checkCapability(clientSigningDetails, capability) || clientSigningDetails.hasAncestorOrSelf(serverSigningDetails); } private SigningDetails getSigningDetails(@NonNull String packageName) { synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); Loading @@ -23606,6 +23616,21 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); } } private SigningDetails getSigningDetails(int uid) { synchronized (mPackages) { final Object obj = mSettings.getUserIdLPr(uid); if (obj != null) { if (obj instanceof SharedUserSetting) { return ((SharedUserSetting) obj).signatures.mSigningDetails; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.signatures.mSigningDetails; } } return SigningDetails.UNKNOWN; } } @Override public int getPermissionFlagsTEMP(String permName, String packageName, int userId) { return PackageManagerService.this.getPermissionFlags(permName, packageName, userId); Loading
core/java/android/content/pm/PackageManagerInternal.java +12 −0 Original line number Diff line number Diff line Loading @@ -616,4 +616,16 @@ public abstract class PackageManagerInternal { */ public abstract boolean isDataRestoreSafe(@NonNull Signature restoringFromSig, @NonNull String packageName); /** * Returns true if the the signing information for {@code clientUid} is sufficient to gain * access gated by {@code capability}. This can happen if the two UIDs have the same signing * information, if the signing information {@code clientUid} indicates that it has the signing * certificate for {@code serverUid} in its signing history (if it was previously signed by it), * or if the signing certificate for {@code clientUid} is in ths signing history for {@code * serverUid} and with the {@code capability} specified. */ public abstract boolean hasSignatureCapability(int serverUid, int clientUid, @PackageParser.SigningDetails.CertCapabilities int capability); }
core/java/android/content/pm/PackageParser.java +3 −0 Original line number Diff line number Diff line Loading @@ -5706,6 +5706,9 @@ public class PackageParser { /** allow pkg to update to one signed by this certificate */ int ROLLBACK = 8; /** allow pkg to continue to have auth access gated by this cert */ int AUTH = 16; } /** Loading
services/core/java/com/android/server/accounts/AccountManagerService.java +16 −7 Original line number Diff line number Diff line Loading @@ -58,6 +58,8 @@ import android.content.pm.IPackageManager; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.PackageManagerInternal; import android.content.pm.PackageParser; import android.content.pm.RegisteredServicesCache; import android.content.pm.RegisteredServicesCacheListener; import android.content.pm.ResolveInfo; Loading Loading @@ -4737,9 +4739,11 @@ public class AccountManagerService } ActivityInfo targetActivityInfo = resolveInfo.activityInfo; int targetUid = targetActivityInfo.applicationInfo.uid; PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class); if (!isExportedSystemActivity(targetActivityInfo) && (PackageManager.SIGNATURE_MATCH != pm.checkSignatures(authUid, targetUid))) { && !pmi.hasSignatureCapability( targetUid, authUid, PackageParser.SigningDetails.CertCapabilities.AUTH)) { String pkgName = targetActivityInfo.packageName; String activityName = targetActivityInfo.name; String tmpl = "KEY_INTENT resolved to an Activity (%s) in a package (%s) that " Loading Loading @@ -5476,15 +5480,17 @@ public class AccountManagerService } finally { Binder.restoreCallingIdentity(identityToken); } // Check for signature match with Authenticator. // Check for signature match with Authenticator.LocalServices.getService(PackageManagerInternal.class); PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class); for (RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> serviceInfo : serviceInfos) { if (accountType.equals(serviceInfo.type.type)) { if (serviceInfo.uid == callingUid) { return SIGNATURE_CHECK_UID_MATCH; } final int sigChk = mPackageManager.checkSignatures(serviceInfo.uid, callingUid); if (sigChk == PackageManager.SIGNATURE_MATCH) { if (pmi.hasSignatureCapability( serviceInfo.uid, callingUid, PackageParser.SigningDetails.CertCapabilities.AUTH)) { return SIGNATURE_CHECK_MATCH; } } Loading Loading @@ -5520,10 +5526,13 @@ public class AccountManagerService } finally { Binder.restoreCallingIdentity(identityToken); } PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class); for (RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> serviceInfo : serviceInfos) { if (isOtherwisePermitted || (mPackageManager.checkSignatures(serviceInfo.uid, callingUid) == PackageManager.SIGNATURE_MATCH)) { if (isOtherwisePermitted || pmi.hasSignatureCapability( serviceInfo.uid, callingUid, PackageParser.SigningDetails.CertCapabilities.AUTH)) { managedAccountTypes.add(serviceInfo.type.type); } } Loading
services/core/java/com/android/server/pm/PackageManagerService.java +25 −0 Original line number Diff line number Diff line Loading @@ -23596,6 +23596,16 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); SigningDetails.CertCapabilities.INSTALLED_DATA); } @Override public boolean hasSignatureCapability(int serverUid, int clientUid, @SigningDetails.CertCapabilities int capability) { SigningDetails serverSigningDetails = getSigningDetails(serverUid); SigningDetails clientSigningDetails = getSigningDetails(clientUid); return serverSigningDetails.checkCapability(clientSigningDetails, capability) || clientSigningDetails.hasAncestorOrSelf(serverSigningDetails); } private SigningDetails getSigningDetails(@NonNull String packageName) { synchronized (mPackages) { PackageParser.Package p = mPackages.get(packageName); Loading @@ -23606,6 +23616,21 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); } } private SigningDetails getSigningDetails(int uid) { synchronized (mPackages) { final Object obj = mSettings.getUserIdLPr(uid); if (obj != null) { if (obj instanceof SharedUserSetting) { return ((SharedUserSetting) obj).signatures.mSigningDetails; } else if (obj instanceof PackageSetting) { final PackageSetting ps = (PackageSetting) obj; return ps.signatures.mSigningDetails; } } return SigningDetails.UNKNOWN; } } @Override public int getPermissionFlagsTEMP(String permName, String packageName, int userId) { return PackageManagerService.this.getPermissionFlags(permName, packageName, userId);
