Check signatures of privileged persistent apps for granting defailt permissions

bug:22391058 Change-Id: I56d060f0435fadf87a8cf255ea887dd5b3903821
author: Svet Ganov <svetoslavganov@google.com> 2015-07-10 18:25:48 -0700
committer: Svet Ganov <svetoslavganov@google.com> 2015-07-10 18:28:52 -0700
commit: 824d453246d65db43fd7bc24df6fa3d536d2b54a (patch)
tree: 6c4aaa472db373f3c68c42db2c7da321e353b02e /services
parent: 6795a2aeafa6df8a5e8e3045d29991d33c8db33f (diff)
download: frameworks_base-824d453246d65db43fd7bc24df6fa3d536d2b54a.zip
frameworks_base-824d453246d65db43fd7bc24df6fa3d536d2b54a.tar.gz
frameworks_base-824d453246d65db43fd7bc24df6fa3d536d2b54a.tar.bz2
1 files changed, 12 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 8e3334f..bf372c8 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -174,7 +174,7 @@ final class DefaultPermissionGrantPolicy {
 
         synchronized (mService.mPackages) {
             for (PackageParser.Package pkg : mService.mPackages.values()) {
-                if (!isSysComponentOrPersistentPrivApp(pkg)
+                if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
                         || !doesPackageSupportRuntimePermissions(pkg)) {
                     continue;
                 }
@@ -682,7 +682,7 @@ final class DefaultPermissionGrantPolicy {
     private PackageParser.Package getSystemPackageLPr(String packageName) {
         PackageParser.Package pkg = getPackageLPr(packageName);
         if (pkg != null && pkg.isSystemApp()) {
-            return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null;
+            return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
         }
         return null;
     }
@@ -731,11 +731,16 @@ final class DefaultPermissionGrantPolicy {
         }
     }
 
-    private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) {
-        return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID
-                || ((pkg.applicationInfo.privateFlags
-                & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0
-                && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0);
+    private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
+        if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
+            return true;
+        }
+        if ((pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) == 0
+                || (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
+            return false;
+        }
+        return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures,
+                pkg.mSignatures) == PackageManager.SIGNATURE_MATCH;
     }
 
     private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
author	Svet Ganov <svetoslavganov@google.com>	2015-07-10 18:25:48 -0700
committer	Svet Ganov <svetoslavganov@google.com>	2015-07-10 18:28:52 -0700
commit	824d453246d65db43fd7bc24df6fa3d536d2b54a (patch)
tree	6c4aaa472db373f3c68c42db2c7da321e353b02e /services
parent	6795a2aeafa6df8a5e8e3045d29991d33c8db33f (diff)
download	frameworks_base-824d453246d65db43fd7bc24df6fa3d536d2b54a.zip frameworks_base-824d453246d65db43fd7bc24df6fa3d536d2b54a.tar.gz frameworks_base-824d453246d65db43fd7bc24df6fa3d536d2b54a.tar.bz2