Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f63a1a95 authored Mar 08, 2022 by Presubmit Automerger Backend

[automerge] Revert "[DO NOT MERGE]Revert "Relax minimum signature scheme ver..." 2p: 01c3d11b

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/17110028

Bug: 223079119
Change-Id: I57d4e8a542f4bc509c00246a0ec81e9de5ea3fb8

parents a4873fa8 01c3d11b

core/java/android/content/pm/PackageParser.java

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -1401,9 +1401,11 @@ public class PackageParser {
	}		}
	SigningDetails verified;		SigningDetails verified;
	if (skipVerify) {		if (skipVerify) {
	// systemDir APKs are already trusted, save time by not verifying		// systemDir APKs are already trusted, save time by not verifying; since the signature
			// is not verified and some system apps can have their V2+ signatures stripped allow
			// pulling the certs from the jar signature.
	verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(		verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
	apkPath, minSignatureScheme);		apkPath, SigningDetails.SignatureSchemeVersion.JAR);
	} else {		} else {
	verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);		verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);
	}		}

core/java/android/content/pm/parsing/ParsingPackageUtils.java

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -3038,9 +3038,11 @@ public class ParsingPackageUtils {
	SigningDetails verified;		SigningDetails verified;
	try {		try {
	if (skipVerify) {		if (skipVerify) {
	// systemDir APKs are already trusted, save time by not verifying		// systemDir APKs are already trusted, save time by not verifying; since the
			// signature is not verified and some system apps can have their V2+ signatures
			// stripped allow pulling the certs from the jar signature.
	verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(		verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
	baseCodePath, minSignatureScheme);		baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);
	} else {		} else {
	verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);		verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);
	}		}

services/core/java/com/android/server/pm/PackageManagerService.java

+11 −9

Original line number	Original line	Diff line number	Diff line
	@@ -15176,8 +15176,9 @@ public class PackageManagerService extends IPackageManager.Stub
	}		}
	}		}

	// Ensure the package is signed with at least the minimum signature scheme version		// If the package is not on a system partition ensure it is signed with at least the
	// required for its target SDK.		// minimum signature scheme version required for its target SDK.
			if ((parseFlags & ParsingPackageUtils.PARSE_IS_SYSTEM_DIR) == 0) {
	int minSignatureSchemeVersion =		int minSignatureSchemeVersion =
	ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(		ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
	pkg.getTargetSdkVersion());		pkg.getTargetSdkVersion());
	@@ -15188,6 +15189,7 @@ public class PackageManagerService extends IPackageManager.Stub
	}		}
	}		}
	}		}
			}

	@GuardedBy("mLock")		@GuardedBy("mLock")
	private boolean addBuiltInSharedLibraryLocked(SystemConfig.SharedLibraryEntry entry) {		private boolean addBuiltInSharedLibraryLocked(SystemConfig.SharedLibraryEntry entry) {