Merge "Fix security bug: collect certs for non-systemDir apks."

2017-12-15 16:12:51 +00:00
parent f5ba933e9c 63addbd363
commit 4bb2d57bf1
1 changed files with 2 additions and 2 deletions
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -1559,7 +1559,7 @@ public class PackageParser {
            throws PackageParserException {
        final String apkPath = apkFile.getAbsolutePath();

-        boolean untrusted = (parseFlags & PARSE_IS_SYSTEM_DIR) == 0;
+        boolean systemDir = (parseFlags & PARSE_IS_SYSTEM_DIR) != 0;
        int minSignatureScheme = ApkSignatureVerifier.VERSION_JAR_SIGNATURE_SCHEME;
        if ((parseFlags & PARSE_IS_EPHEMERAL) != 0 || pkg.applicationInfo.isStaticSharedLibrary()) {
            // must use v2 signing scheme
@@ -1567,7 +1567,7 @@ public class PackageParser {
        }
        try {
            ApkSignatureVerifier.Result verified =
-                    ApkSignatureVerifier.verify(apkPath, minSignatureScheme, untrusted);
+                    ApkSignatureVerifier.verify(apkPath, minSignatureScheme, systemDir);
            if (pkg.mCertificates == null) {
                pkg.mCertificates = verified.certs;
                pkg.mSignatures = verified.sigs;