Merge "Restore V2+ signature requirement for system apps" into tm-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2022-04-28 20:56:41 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2022-04-28 20:56:41 +0000
commit: a347b6c2e6b37cca22a8e7bab24f956d9ca6955d (patch)
tree: 93c881cb39d29da1230066420d23a68dc77c5886
parent: 964c0704c5c584a9948e734fe6f4a28a4701b02b (diff)
parent: 7cb3a32293ef72498a1b44b11a64341c11d941b8 (diff)
4 files changed, 14 insertions, 20 deletions
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 4d4a57db84be..44dc28d2b0fa 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -1414,11 +1414,9 @@ public class PackageParser {
         final ParseTypeImpl input = ParseTypeImpl.forDefaultParsing();
         final ParseResult<android.content.pm.SigningDetails> result;
         if (skipVerify) {
-            // systemDir APKs are already trusted, save time by not verifying; since the signature
-            // is not verified and some system apps can have their V2+ signatures stripped allow
-            // pulling the certs from the jar signature.
+            // systemDir APKs are already trusted, save time by not verifying
             result = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(
-                    input, apkPath, SigningDetails.SignatureSchemeVersion.JAR);
+                    input, apkPath, minSignatureScheme);
         } else {
             result = ApkSignatureVerifier.verify(input, apkPath, minSignatureScheme);
         }
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index 2d8d4f588192..57a1fe04b690 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -4187,8 +4187,8 @@ final class InstallPackageHelper {
                 assertOverlayIsValid(pkg, parseFlags, scanFlags);
             }
 
-            // If the package is not on a system partition ensure it is signed with at least the
-            // minimum signature scheme version required for its target SDK.
+            // Ensure the package is signed with at least the minimum signature scheme version
+            // required for its target SDK.
             ScanPackageUtils.assertMinSignatureSchemeIsValid(pkg, parseFlags);
         }
     }
diff --git a/services/core/java/com/android/server/pm/ScanPackageUtils.java b/services/core/java/com/android/server/pm/ScanPackageUtils.java
index 4e8313bf1891..0dc188b75d5e 100644
--- a/services/core/java/com/android/server/pm/ScanPackageUtils.java
+++ b/services/core/java/com/android/server/pm/ScanPackageUtils.java
@@ -690,16 +690,14 @@ final class ScanPackageUtils {
 
     public static void assertMinSignatureSchemeIsValid(AndroidPackage pkg,
             @ParsingPackageUtils.ParseFlags int parseFlags) throws PackageManagerException {
-        if ((parseFlags & ParsingPackageUtils.PARSE_IS_SYSTEM_DIR) == 0) {
-            int minSignatureSchemeVersion =
-                    ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
-                            pkg.getTargetSdkVersion());
-            if (pkg.getSigningDetails().getSignatureSchemeVersion()
-                    < minSignatureSchemeVersion) {
-                throw new PackageManagerException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
-                        "No signature found in package of version " + minSignatureSchemeVersion
-                                + " or newer for package " + pkg.getPackageName());
-            }
+        int minSignatureSchemeVersion =
+                ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(
+                        pkg.getTargetSdkVersion());
+        if (pkg.getSigningDetails().getSignatureSchemeVersion()
+                < minSignatureSchemeVersion) {
+            throw new PackageManagerException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
+                    "No signature found in package of version " + minSignatureSchemeVersion
+                            + " or newer for package " + pkg.getPackageName());
         }
     }
 
diff --git a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java
index 9897c42e4cec..e1ff9ead6740 100644
--- a/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java
+++ b/services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageUtils.java
@@ -3105,11 +3105,9 @@ public class ParsingPackageUtils {
         }
         final ParseResult<SigningDetails> verified;
         if (skipVerify) {
-            // systemDir APKs are already trusted, save time by not verifying; since the
-            // signature is not verified and some system apps can have their V2+ signatures
-            // stripped allow pulling the certs from the jar signature.
+            // systemDir APKs are already trusted, save time by not verifying
             verified = ApkSignatureVerifier.unsafeGetCertsWithoutVerification(input, baseCodePath,
-                    SigningDetails.SignatureSchemeVersion.JAR);
+                    minSignatureScheme);
         } else {
             verified = ApkSignatureVerifier.verify(input, baseCodePath, minSignatureScheme);
         }
author	TreeHugger Robot <treehugger-gerrit@google.com>	2022-04-28 20:56:41 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2022-04-28 20:56:41 +0000
commit	a347b6c2e6b37cca22a8e7bab24f956d9ca6955d (patch)
tree	93c881cb39d29da1230066420d23a68dc77c5886
parent	964c0704c5c584a9948e734fe6f4a28a4701b02b (diff)
parent	7cb3a32293ef72498a1b44b11a64341c11d941b8 (diff)