Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Relax minimum signature scheme version for apps on system partition" into rvc-dev

Browse Source
This commit is contained in:
Michael Groover
2020-06-18 16:13:30 +00:00
committed by Android (Google) Code Review
parent 9040427ff8 b71e398935
commit 67cb3a610d
3 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/java/android/content/pm/PackageParser.java
View File

@@ -1377,9 +1377,11 @@ public class PackageParser {
}
SigningDetails verified;
if (skipVerify) {
// systemDir APKs are already trusted, save time by not verifying
// systemDir APKs are already trusted, save time by not verifying; since the signature
// is not verified and some system apps can have their V2+ signatures stripped allow
// pulling the certs from the jar signature.
verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
apkPath, minSignatureScheme);
apkPath, SigningDetails.SignatureSchemeVersion.JAR);
} else {
verified = ApkSignatureVerifier.verify(apkPath, minSignatureScheme);
}

6
core/java/android/content/pm/parsing/ParsingPackageUtils.java
View File

@@ -2748,9 +2748,11 @@ public class ParsingPackageUtils {
SigningDetails verified;
try {
if (skipVerify) {
// systemDir APKs are already trusted, save time by not verifying
// systemDir APKs are already trusted, save time by not verifying; since the
// signature is not verified and some system apps can have their V2+ signatures
// stripped allow pulling the certs from the jar signature.
verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
baseCodePath, minSignatureScheme);
baseCodePath, SigningDetails.SignatureSchemeVersion.JAR);
} else {
verified = ApkSignatureVerifier.verify(baseCodePath, minSignatureScheme);
}

20
services/core/java/com/android/server/pm/PackageManagerService.java
View File

@@ -12148,15 +12148,17 @@ public class PackageManagerService extends IPackageManager.Stub
}
}
// Ensure the package is signed with at least the minimum signature scheme version
// required for its target SDK.
int minSignatureSchemeVersion =
ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
pkg.getTargetSdkVersion());
if (pkg.getSigningDetails().signatureSchemeVersion < minSignatureSchemeVersion) {
throw new PackageManagerException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
"No signature found in package of version " + minSignatureSchemeVersion
+ " or newer for package " + pkg.getPackageName());
// If the package is not on a system partition ensure it is signed with at least the
// minimum signature scheme version required for its target SDK.
if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) {
int minSignatureSchemeVersion =
ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
pkg.getTargetSdkVersion());
if (pkg.getSigningDetails().signatureSchemeVersion < minSignatureSchemeVersion) {
throw new PackageManagerException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
"No signature found in package of version " + minSignatureSchemeVersion
+ " or newer for package " + pkg.getPackageName());
}
}
}
}