Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dd244b19 authored Mar 05, 2022 by Michael Groover Committed by Android (Google) Code Review Mar 05, 2022

Merge changes from topic "presubmit-am-bc566b73c1674298b82a1153c03313a1" into sc-v2-dev-plus-aosp

* changes:
  [automerge] [DO NOT MERGE]Revert "Relax minimum signature scheme version for apps on system partition" 2p: 3c36fd5f
  [DO NOT MERGE]Revert "Relax minimum signature scheme version for apps on system partition"

parents 3208bd64 659d441a

core/java/android/content/pm/PackageParser.java

+2 −4

Original line number	Original line	Diff line number	Diff line
	@@ -1401,11 +1401,9 @@ public class PackageParser {
	}		}
	SigningDetails verified;		SigningDetails verified;
	if (skipVerify) {		if (skipVerify) {
	// systemDir APKs are already trusted, save time by not verifying; since the signature		// systemDir APKs are already trusted, save time by not verifying
	// is not verified and some system apps can have their V2+ signatures stripped allow
	// pulling the certs from the jar signature.
	verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(		verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
	apkPath, SigningDetails.SignatureSchemeVersion.JAR);		apkPath, minSignatureScheme);
	} else {		} else {
	verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);		verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);
	}		}

core/java/android/content/pm/parsing/ParsingPackageUtils.java

+2 −4

Original line number	Original line	Diff line number	Diff line
	@@ -3038,11 +3038,9 @@ public class ParsingPackageUtils {
	SigningDetails verified;		SigningDetails verified;
	try {		try {
	if (skipVerify) {		if (skipVerify) {
	// systemDir APKs are already trusted, save time by not verifying; since the		// systemDir APKs are already trusted, save time by not verifying
	// signature is not verified and some system apps can have their V2+ signatures
	// stripped allow pulling the certs from the jar signature.
	verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(		verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
	baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);		baseCodePath, minSignatureScheme);
	} else {		} else {
	verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);		verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);
	}		}

services/core/java/com/android/server/pm/PackageManagerService.java

+9 −11

Original line number	Original line	Diff line number	Diff line
	@@ -15176,9 +15176,8 @@ public class PackageManagerService extends IPackageManager.Stub
	}		}
	}		}

	// If the package is not on a system partition ensure it is signed with at least the		// Ensure the package is signed with at least the minimum signature scheme version
	// minimum signature scheme version required for its target SDK.		// required for its target SDK.
	if ((parseFlags & ParsingPackageUtils.PARSE_IS_SYSTEM_DIR) == 0) {
	int minSignatureSchemeVersion =		int minSignatureSchemeVersion =
	ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(		ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
	pkg.getTargetSdkVersion());		pkg.getTargetSdkVersion());
	@@ -15189,7 +15188,6 @@ public class PackageManagerService extends IPackageManager.Stub
	}		}
	}		}
	}		}
	}

	@GuardedBy("mLock")		@GuardedBy("mLock")
	private boolean addBuiltInSharedLibraryLocked(SystemConfig.SharedLibraryEntry entry) {		private boolean addBuiltInSharedLibraryLocked(SystemConfig.SharedLibraryEntry entry) {