Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a61dae35 authored by Michael Groover's avatar Michael Groover Committed by Automerger Merge Worker
Browse files

Merge "Relax minimum signature scheme version for apps on system partition"... 

Merge "Relax minimum signature scheme version for apps on system partition" into rvc-dev am: 67cb3a61

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11885723

Change-Id: Ia6bca552833917bdc84e7a445e070074d39d7d1d
parents f1e19f11 67cb3a61

core/java/android/content/pm/PackageParser.java

+4 −2
Original line number Diff line number Diff line
@@ -1377,9 +1377,11 @@ public class PackageParser { 
        }

        SigningDetails verified;

        if (skipVerify) {

            // systemDir APKs are already trusted, save time by not verifying

            // systemDir APKs are already trusted, save time by not verifying; since the signature

            // is not verified and some system apps can have their V2+ signatures stripped allow

            // pulling the certs from the jar signature.

            verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        apkPath, minSignatureScheme);

                        apkPath, SigningDetails.SignatureSchemeVersion.JAR);

        } else {

            verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);

        }

core/java/android/content/pm/parsing/ParsingPackageUtils.java

+4 −2
Original line number Diff line number Diff line
@@ -2748,9 +2748,11 @@ public class ParsingPackageUtils { 
        SigningDetails verified;

        try {

            if (skipVerify) {

                // systemDir APKs are already trusted, save time by not verifying

                // systemDir APKs are already trusted, save time by not verifying; since the

                // signature is not verified and some system apps can have their V2+ signatures

                // stripped allow pulling the certs from the jar signature.

                verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(

                        baseCodePath, minSignatureScheme);

                        baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);

            } else {

                verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);

            }

services/core/java/com/android/server/pm/PackageManagerService.java

+11 −9
Original line number Diff line number Diff line
@@ -12148,8 +12148,9 @@ public class PackageManagerService extends IPackageManager.Stub 
                }

            }













            // Ensure the package is signed with at least the minimum signature scheme version













            // required for its target SDK.













            // If the package is not on a system partition ensure it is signed with at least the













            // minimum signature scheme version required for its target SDK.













            if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) {















                int minSignatureSchemeVersion =















                        ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(















                                pkg.getTargetSdkVersion());









@@ -12160,6 +12161,7 @@ public class PackageManagerService extends IPackageManager.Stub













                }















            }















        }













    }





























    @GuardedBy("mLock")















    private boolean addBuiltInSharedLibraryLocked(String path, String name) {