From 436e264e87dcbcebfd9c123685505ce547744b7f Mon Sep 17 00:00:00 2001 From: dcashman Date: Wed, 20 Aug 2014 12:55:21 -0700 Subject: [PATCH] Add upgrade KeySets check to permission pruning on install. Bug: 16564805 Change-Id: I80393eec3c6e1e861a9ec2ae27fe37027311948d --- .../android/server/pm/PackageManagerService.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 56392347e0409..364737366b2a0 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -10238,8 +10238,18 @@ public class PackageManagerService extends IPackageManager.Stub { if (bp != null) { // If the defining package is signed with our cert, it's okay. This // also includes the "updating the same package" case, of course. - if (compareSignatures(bp.packageSetting.signatures.mSignatures, - pkg.mSignatures) != PackageManager.SIGNATURE_MATCH) { + // "updating same package" could also involve key-rotation. + final boolean sigsOk; + if (!bp.sourcePackage.equals(pkg.packageName) + || !(bp.packageSetting instanceof PackageSetting) + || !bp.packageSetting.keySetData.isUsingUpgradeKeySets() + || ((PackageSetting) bp.packageSetting).sharedUser != null) { + sigsOk = compareSignatures(bp.packageSetting.signatures.mSignatures, + pkg.mSignatures) != PackageManager.SIGNATURE_MATCH; + } else { + sigsOk = checkUpgradeKeySetLP((PackageSetting) bp.packageSetting, pkg); + } + if (!sigsOk) { // If the owning package is the system itself, we log but allow // install to proceed; we fail the install on all other permission // redefinitions.