diff options
author | Zoltan Szatmary-Ban <szatmz@google.com> | 2015-07-09 17:30:20 +0100 |
---|---|---|
committer | Zoltan Szatmary-Ban <szatmz@google.com> | 2015-07-09 18:16:27 +0100 |
commit | 307e3d048d6e89bc8419ac5d3f480841c84fc5a2 (patch) | |
tree | a29ae722052733cf3f5597d238895ec74de45a2a /src/com/android/settings/CredentialStorage.java | |
parent | 93b1a5a974f723f5aa463162b1f5aa43338f8c2e (diff) | |
download | packages_apps_Settings-307e3d048d6e89bc8419ac5d3f480841c84fc5a2.zip packages_apps_Settings-307e3d048d6e89bc8419ac5d3f480841c84fc5a2.tar.gz packages_apps_Settings-307e3d048d6e89bc8419ac5d3f480841c84fc5a2.tar.bz2 |
Check signature match between Cert installer and Settings
To prevent an app masquerading as com.android.certinstaller install
malicious certs.
Bug: 22095968
Change-Id: Ia79f326af0f39a23b687cb08981920665669e0a1
Diffstat (limited to 'src/com/android/settings/CredentialStorage.java')
-rw-r--r-- | src/com/android/settings/CredentialStorage.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java index a12369b..18b4ac8 100644 --- a/src/com/android/settings/CredentialStorage.java +++ b/src/com/android/settings/CredentialStorage.java @@ -22,6 +22,7 @@ import android.app.admin.DevicePolicyManager; import android.content.Context; import android.content.DialogInterface; import android.content.Intent; +import android.content.pm.PackageManager; import android.content.pm.UserInfo; import android.content.res.Resources; import android.os.AsyncTask; @@ -417,8 +418,10 @@ public final class CredentialStorage extends Activity { */ private boolean checkCallerIsCertInstallerOrSelfInProfile() { if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) { - // CertInstaller is allowed to install credentials - return true; + // CertInstaller is allowed to install credentials if it has the same signature as + // Settings package. + return getPackageManager().checkSignatures( + getCallingPackage(), getPackageName()) == PackageManager.SIGNATURE_MATCH; } final int launchedFromUserId; |