Revert "Allow shared users to rotate signing certs in an OTA"

This reverts commit ffd979d6b90a2780e8d625f7c65e5a8680ceb6ba. Reason for revert: Replacing with go/oag/673735 Bug: 74501739 Test: N/A Change-Id: I9e87b0f815081a196218744653542a29939c82bb
author: Bryan Henry <bryanhenry@google.com> 2018-04-26 18:24:01 -0700
committer: Bryan Henry <bryanhenry@google.com> 2018-04-26 18:48:02 -0700
commit: b37e1cd82fcaa7058e9fdf34749fcd19a7e2b2b4 (patch)
tree: 5c4e0c1d5a785635aea7e28e7d9bc0617fbbbf75
parent: 3577f6dfcac4e1a2b542f8fbe5d68e13dc076088 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index bb1f5c02f864..74aabc20a730 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -10198,10 +10198,20 @@ public class PackageManagerService extends IPackageManager.Stub
                 // The signature has changed, but this package is in the system
                 // image...  let's recover!
                 pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
-                // If the system app is part of a shared user we allow that shared user to change
-                // signatures as well in part as part of an OTA.
+                // However...  if this package is part of a shared user, but it
+                // doesn't match the signature of the shared user, let's fail.
+                // What this means is that you can't change the signatures
+                // associated with an overall shared user, which doesn't seem all
+                // that unreasonable.
                 if (signatureCheckPs.sharedUser != null) {
-                    signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails;
+                    if (compareSignatures(
+                            signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,
+                            pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {
+                        throw new PackageManagerException(
+                                INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
+                                "Signature mismatch for shared user: "
+                                        + pkgSetting.sharedUser);
+                    }
                 }
                 // File a report about this.
                 String msg = "System package " + pkg.packageName
author	Bryan Henry <bryanhenry@google.com>	2018-04-26 18:24:01 -0700
committer	Bryan Henry <bryanhenry@google.com>	2018-04-26 18:48:02 -0700
commit	b37e1cd82fcaa7058e9fdf34749fcd19a7e2b2b4 (patch)
tree	5c4e0c1d5a785635aea7e28e7d9bc0617fbbbf75
parent	3577f6dfcac4e1a2b542f8fbe5d68e13dc076088 (diff)