Merge "Check signatures of privileged persistent apps for granting defailt permissions" into mnc-dev

author: Svet Ganov <svetoslavganov@google.com> 2015-07-14 00:58:32 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-07-14 00:58:38 +0000
commit: fc2bc7f170ba564bc439fd22dd5a779d96670ffd (patch)
tree: 246b043b76f411cb61a9ab47bb8af6abe4399b3a /services/core/java
parent: 288ecf98f14c9eff639b0a3de074d5b4a06eccec (diff)
parent: 824d453246d65db43fd7bc24df6fa3d536d2b54a (diff)
download: frameworks_base-fc2bc7f170ba564bc439fd22dd5a779d96670ffd.zip
frameworks_base-fc2bc7f170ba564bc439fd22dd5a779d96670ffd.tar.gz
frameworks_base-fc2bc7f170ba564bc439fd22dd5a779d96670ffd.tar.bz2
1 files changed, 12 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index ce4d42e..e3c6037 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -175,7 +175,7 @@ final class DefaultPermissionGrantPolicy {
 
         synchronized (mService.mPackages) {
             for (PackageParser.Package pkg : mService.mPackages.values()) {
-                if (!isSysComponentOrPersistentPrivApp(pkg)
+                if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
                         || !doesPackageSupportRuntimePermissions(pkg)) {
                     continue;
                 }
@@ -683,7 +683,7 @@ final class DefaultPermissionGrantPolicy {
     private PackageParser.Package getSystemPackageLPr(String packageName) {
         PackageParser.Package pkg = getPackageLPr(packageName);
         if (pkg != null && pkg.isSystemApp()) {
-            return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null;
+            return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
         }
         return null;
     }
@@ -732,11 +732,16 @@ final class DefaultPermissionGrantPolicy {
         }
     }
 
-    private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) {
-        return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID
-                || ((pkg.applicationInfo.privateFlags
-                & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0
-                && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0);
+    private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
+        if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
+            return true;
+        }
+        if ((pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) == 0
+                || (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
+            return false;
+        }
+        return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures,
+                pkg.mSignatures) == PackageManager.SIGNATURE_MATCH;
     }
 
     private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
author	Svet Ganov <svetoslavganov@google.com>	2015-07-14 00:58:32 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-07-14 00:58:38 +0000
commit	fc2bc7f170ba564bc439fd22dd5a779d96670ffd (patch)
tree	246b043b76f411cb61a9ab47bb8af6abe4399b3a /services/core/java
parent	288ecf98f14c9eff639b0a3de074d5b4a06eccec (diff)
parent	824d453246d65db43fd7bc24df6fa3d536d2b54a (diff)
download	frameworks_base-fc2bc7f170ba564bc439fd22dd5a779d96670ffd.zip frameworks_base-fc2bc7f170ba564bc439fd22dd5a779d96670ffd.tar.gz frameworks_base-fc2bc7f170ba564bc439fd22dd5a779d96670ffd.tar.bz2