Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ffd979d6 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Allow shared users to rotate signing certs in an OTA 

As part of an OTA we allow system applications to change their signing
certificates however in order to fully support rotating signing certs in
an OTA we must also be able to rotate the sytem shared users to new
signatures.

Bug: 74501739
Test: rotate keys and adb sideloaded update, device now boots
Change-Id: Ic04f1d3dbbe1da6ee723addc9be048f92440dda0
parent 6abf6254

services/core/java/com/android/server/pm/PackageManagerService.java

+3 −13
Original line number Diff line number Diff line
@@ -10180,20 +10180,10 @@ public class PackageManagerService extends IPackageManager.Stub 
                // The signature has changed, but this package is in the system

                // image...  let's recover!

                pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;

                // However...  if this package is part of a shared user, but it

                // doesn't match the signature of the shared user, let's fail.

                // What this means is that you can't change the signatures

                // associated with an overall shared user, which doesn't seem all

                // that unreasonable.

                // If the system app is part of a shared user we allow that shared user to change

                // signatures as well in part as part of an OTA.

                if (signatureCheckPs.sharedUser != null) {

                    if (compareSignatures(

                            signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,

                            pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {

                        throw new PackageManagerException(

                                INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,

                                "Signature mismatch for shared user: "

                                        + pkgSetting.sharedUser);

                    }

                    signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails;

                }

                // File a report about this.

                String msg = "System package " + pkg.packageName