Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cb12be36 authored by SzuWei Lin's avatar SzuWei Lin Committed by Hung-ying Tyan
Browse files

Let shared user checking to be backward-compatible 

The shared user checking becomes strict. If there is an APK in
vendor partition shared UID with a APK in system partition, the
signatures of these 2 APKs must be equal. Otherwise, framework
will throw an exception and cannot boot.

After Android 9, all devices must make sure their APKs passing
the checking.

The patch relaxes the exception for the devices which upgraded
from 9 or earlier version. With this patch, we still can boot the
upgraded devices with old vendor and new GSI. For example,
vendor on 9 and GSI on 10.

Bug: 117135529
Test: boot a walleye device on P with aosp_arm64_ab-userdebug
      (SPL patched) with the patch

Change-Id: I55287210e226ad760b761eb624a1826dc7e31bd8
parent 67502cd6

services/core/java/com/android/server/pm/PackageManagerService.java

+16 −6
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ import static android.content.pm.PackageManager.INSTALL_FAILED_TEST_ONLY; 
import static android.content.pm.PackageManager.INSTALL_FAILED_UPDATE_INCOMPATIBLE;

import static android.content.pm.PackageManager.INSTALL_FAILED_VERSION_DOWNGRADE;

import static android.content.pm.PackageManager.INSTALL_INTERNAL;

import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES;

import static android.content.pm.PackageManager.INSTALL_SUCCEEDED;

import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;

import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK;
@@ -10258,12 +10259,21 @@ public class PackageManagerService extends IPackageManager.Stub 
                        compareSignatures(

                            signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,

                            pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {

                        if (SystemProperties.getInt("ro.product.first_api_level", 0) <= 28) {

                            // Mismatched signatures is an error and silently skipping system

                            // packages will likely break the device in unforeseen ways. However,

                            // we allow the device to boot anyway because, prior to P, vendors were

                            // not expecting the platform to crash in this situation.

                            throw new PackageManagerException(

                                    INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,

                                    "Signature mismatch for shared user: " + pkgSetting.sharedUser);

                        } else {

                            // Treat mismatched signatures on system packages using a shared UID as

                            // fatal for the system overall, rather than just failing to install

                            // whichever package happened to be scanned later.

                        throw new IllegalStateException(

                                "Signature mismatch on system package " + pkg.packageName

                                + " for shared user " + pkgSetting.sharedUser);

                            throw new IllegalStateException("Signature mismatch on system package "

                                + pkg.packageName + " for shared user " + pkgSetting.sharedUser);

                        }

                    }















                    signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails;