nehemiah-zb/lineage_patches_unified
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lineage_patches_unified/patches_treble/frameworks_base/0006-Allow-APKs-of-a-certain-signature-to-install-work-li.patch
Andy CrossGate Yan b6248125ef Changes for July 2024
2024-07-21 17:16:11 +08:00

94 lines
7.5 KiB
Diff
Raw Permalink Blame History

From 262cf4f5ed67cd8343ccb912bc8d265ea331af3e Mon Sep 17 00:00:00 2001
From: Andy CrossGate Yan <GeForce8800Ultra@gmail.com>
Date: Sun, 7 Jul 2024 21:55:42 +0800
Subject: [PATCH 6/6] Allow APKs of a certain signature to install/work like
platform-signed
Intended usecase - one authoritative set of signed IMS APKs for any GSI, regardless of their signature
Change-Id: Ia1a13edec8eb8ecf0ea25fffaee4aeff9c75a5e1
---
.../android/server/pm/PackageManagerServiceUtils.java | 11 +++++++++++
.../core/java/com/android/server/pm/SELinuxMMAC.java | 5 +++++
.../java/com/android/server/pm/ScanPackageUtils.java | 5 ++++-
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
index d7e0fca87059..675be60ea412 100644
--- a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
+++ b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
@@ -221,6 +221,8 @@ public class PackageManagerServiceUtils {
*/
private static final boolean FORCE_PACKAGE_PARSED_CACHE_ENABLED = false;
+ private static final Signature PHH_SIGNATURE = new Signature("308205fb308203e3a00302010202144cd9cede3ae98180d0c500b979c371be9189d42d300d06092a864886f70d01010b050030818b310b3009060355040613024652310f300d06035504080c064672616e6365310e300c06035504070c05506172697331143012060355040a0c0b547265626c6544726f696431143012060355040b0c0b547265626c6544726f69643114301206035504030c0b547265626c6544726f69643119301706092a864886f70d010901160a706868407068682e6d653020170d3234303731333136313435375a180f32303531313132393136313435375a30818b310b3009060355040613024652310f300d06035504080c064672616e6365310e300c06035504070c05506172697331143012060355040a0c0b547265626c6544726f696431143012060355040b0c0b547265626c6544726f69643114301206035504030c0b547265626c6544726f69643119301706092a864886f70d010901160a706868407068682e6d6530820222300d06092a864886f70d01010105000382020f003082020a0282020100ea313fa144409b3f52c489fb1401f98c0e2c1f66933c67e4f4b3ec1757b33b72d996de4f60fb6316aaab04b1c973e27833f8dca1bd109cb74525c48fda9a2d0f3fe2ff943e69042290f41f36c996b3c3c327a9cc6398ec3b4da7bd4a281005d10b6d022f4d871c113051b685d9e2059b68ffb00c174c2516cfa3c64d3d1e51f7f100fde5bf4a7af00f2c8bbb258f066fa1c4a077ee32ba1a3f56edec8f1e05b609aadb6dbe63487275812b8447881ada997d1ddf278008246565e97f1665943b6cbc6f4fe2f2982894d3b2dfec0eb5bc2f91e6d6d7497aef732b90c82531d7065bbacf234a73d53111cb8f2d117c67c9e873c326117410b9ea7a18d12811db8e2d0b183c37b53b5a4d066b7b5e2a6741748c7082f7fb0d7d8b21ad0c93ded88c71844f54fd25255f9a6eb7a7910475a1a2264110f5e0f267df671ea42d76a3381a632dde6c7f63f5e15d8d573b7f926e3106ead126d1ef0c0b22d909a6bfd6f3c444803d782a9aec3e4695016b055e180ccc1b7c24b532c226839d1ad1a5d7fe51f6e9e43460b8d706ca3d484b5994fb68fe212dbc2662935d0effb52ff018a9c760086b5ad5b7cd6549543677742cbf2f6bf409b2f70abb0ec6e042d30768eac5b61e1038f8b9c8dd4e801357cc7bfa2bfaebcbe59dc27331b5f388642d829a20893be0384bedab4287b881ef7a9a27765ba6910036a70128d8606f194acf070203010001a3533051301d0603551d0e04160414124752cf65d60fd9a632855450ae4124ebe78e3c301f0603551d23041830168014124752cf65d60fd9a632855450ae4124ebe78e3c300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038202010045d310fab3cf34fda5c59a651853fe47ba759195db454b18727692fd54613fef6401ed31aff26a2579362fd6c0ae563b3c32472bafb919eb3e0a1173b0a3a9b0c475bf10db328d157eead62af2615b2b5bfa84cf51a3af38222ba737e5e47c5cdad3d2c8505796fa8b205e5fe39f2ff2516c961972c279c9197e913c2e6cc5951fe69bd8cbc09a9ee1664ce7a784b17ce721b8b61fa7a79c7919bed3de48b386eec4b5a1dd0bc4cde32ada097c2cb0fe13fc772d38740235866b0b304e79071a292ba77a8fb5532545df2452a11d53e7365851a515a9640c691d6d2570fee2d9b97cb1d52213411b3a29a16a5eb789000e2e2e2a4a33d38fc93d32c2511c57e6c420c29b5d1346904d9346537290bbefd7566c2ff3245db663ab5e21e721cbac1adada3e84defbc9758dbd1340cbd9b2a8e98542057eb517938462a5401825e31d640d57f881305d8474a9372db8459293fc9a2ccace877517bbedb759eb6eea45b5fcd5ea149d531ddf6a1ccf5f7dbe4d139a308af94049f717c09ff022a5ba0a2fbd35c4ce18671dfce2eccf292ac48b073d8e85a158ceac6f9253a1e6607b743fc2f557f55a1366716eda5653e9cb272e611c77e7949310ca3f294f1689efdfde087512a53bdf460029b9f0adb8fb7fada5e1443bdfdc8c8c29914b7856aa995c8cbf1866ac7d6c65e2d4c7c6738d7a8cb56d7ba9230ba9bc056d02e48f41");
+
/**
* Returns the registered PackageManagerLocal instance, or else throws an unchecked error.
*/
@@ -306,6 +308,11 @@ public class PackageManagerServiceUtils {
return maxModifiedTime;
}
+ protected static boolean doesSignatureMatchPHH(SigningDetails signingDetails) {
+ return signingDetails.getSignatures() != null
+ && Signature.areExactMatch(signingDetails, new Signature[]{PHH_SIGNATURE});
+ }
+
private static File getSettingsProblemFile() {
File dataDir = Environment.getDataDirectory();
File systemDir = new File(dataDir, "system");
@@ -579,6 +586,10 @@ public class PackageManagerServiceUtils {
boolean compareCompat, boolean compareRecover, boolean isRollback)
throws PackageManagerException {
final String packageName = pkgSetting.getPackageName();
+ if (doesSignatureMatchPHH(parsedSignatures)) {
+ Slog.w(TAG, "Package " + packageName + " has PHH signature, skipping subsequent checks");
+ return false;
+ }
boolean compatMatch = false;
if (pkgSetting.getSigningDetails().getSignatures() != null) {
// For an already existing package, make sure the parsed signatures from the package
diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java
index e667bfe36d18..e08a6ba24807 100644
--- a/services/core/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java
@@ -448,6 +448,11 @@ public final class SELinuxMMAC {
}
}
+ if (pkg.getSigningDetails() != SigningDetails.UNKNOWN &&
+ PackageManagerServiceUtils.doesSignatureMatchPHH(pkg.getSigningDetails())) {
+ seInfo = "platform";
+ }
+
if (seInfo == null) {
seInfo = DEFAULT_SEINFO;
}
diff --git a/services/core/java/com/android/server/pm/ScanPackageUtils.java b/services/core/java/com/android/server/pm/ScanPackageUtils.java
index 2e67b2f41520..20a614235e6e 100644
--- a/services/core/java/com/android/server/pm/ScanPackageUtils.java
+++ b/services/core/java/com/android/server/pm/ScanPackageUtils.java
@@ -47,6 +47,7 @@ import static com.android.server.pm.PackageManagerService.TAG;
import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;
import static com.android.server.pm.PackageManagerServiceUtils.compressedFileExists;
import static com.android.server.pm.PackageManagerServiceUtils.deriveAbiOverride;
+import static com.android.server.pm.PackageManagerServiceUtils.doesSignatureMatchPHH;
import static com.android.server.pm.PackageManagerServiceUtils.getLastModifiedTime;
import android.annotation.NonNull;
@@ -918,7 +919,9 @@ final class ScanPackageUtils {
|| (platformPkg != null && compareSignatures(
platformPkg.getSigningDetails(),
parsedPackage.getSigningDetails()
- ) == PackageManager.SIGNATURE_MATCH))
+ ) == PackageManager.SIGNATURE_MATCH)
+ || doesSignatureMatchPHH(
+ parsedPackage.getSigningDetails()))
);
if (!isSystemApp) {
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink