From 51586d5e44e2d95bd8d235a55fc7734b3ed26b08 Mon Sep 17 00:00:00 2001 From: Cheonho Park Date: Wed, 31 Jul 2019 14:19:41 +0900 Subject: Allow signing key rotation Support GET_SIGNING_CERTIFICATES and handle certificates at SigningInfo Bug: 138416125 Test: Manual with USIM ARA-M and Test app signed with key rotation Change-Id: Ie6a32e93b248dab502ea71d54e4bfa84ee1e01e2 --- .../java/android/telephony/SubscriptionInfo.java | 3 ++- .../java/android/telephony/SubscriptionManager.java | 3 ++- telephony/java/android/telephony/UiccAccessRule.java | 20 ++++++++++++++++---- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/telephony/java/android/telephony/SubscriptionInfo.java b/telephony/java/android/telephony/SubscriptionInfo.java index 1e6cd474d13b..dfcd6e95ff61 100644 --- a/telephony/java/android/telephony/SubscriptionInfo.java +++ b/telephony/java/android/telephony/SubscriptionInfo.java @@ -572,7 +572,8 @@ public class SubscriptionInfo implements Parcelable { PackageManager packageManager = context.getPackageManager(); PackageInfo packageInfo; try { - packageInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES); + packageInfo = packageManager.getPackageInfo(packageName, + PackageManager.GET_SIGNING_CERTIFICATES); } catch (PackageManager.NameNotFoundException e) { throw new IllegalArgumentException("Unknown package: " + packageName, e); } diff --git a/telephony/java/android/telephony/SubscriptionManager.java b/telephony/java/android/telephony/SubscriptionManager.java index 2822fccdb398..f52723a1bf99 100644 --- a/telephony/java/android/telephony/SubscriptionManager.java +++ b/telephony/java/android/telephony/SubscriptionManager.java @@ -2607,7 +2607,8 @@ public class SubscriptionManager { PackageManager packageManager = mContext.getPackageManager(); PackageInfo packageInfo; try { - packageInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES); + packageInfo = packageManager.getPackageInfo(packageName, + PackageManager.GET_SIGNING_CERTIFICATES); } catch (PackageManager.NameNotFoundException e) { throw new IllegalArgumentException("Unknown package: " + packageName, e); } diff --git a/telephony/java/android/telephony/UiccAccessRule.java b/telephony/java/android/telephony/UiccAccessRule.java index 37a4491141a0..cb3c3847f08d 100644 --- a/telephony/java/android/telephony/UiccAccessRule.java +++ b/telephony/java/android/telephony/UiccAccessRule.java @@ -19,6 +19,7 @@ import android.annotation.Nullable; import android.annotation.SystemApi; import android.content.pm.PackageInfo; import android.content.pm.Signature; +import android.content.pm.SigningInfo; import android.os.Parcel; import android.os.Parcelable; import android.text.TextUtils; @@ -168,17 +169,28 @@ public final class UiccAccessRule implements Parcelable { * * @param packageInfo package info fetched from * {@link android.content.pm.PackageManager#getPackageInfo}. - * {@link android.content.pm.PackageManager#GET_SIGNATURES} must have been passed in. + * {@link android.content.pm.PackageManager#GET_SIGNING_CERTIFICATES} must have been + * passed in. * @return either {@link TelephonyManager#CARRIER_PRIVILEGE_STATUS_HAS_ACCESS} or * {@link TelephonyManager#CARRIER_PRIVILEGE_STATUS_NO_ACCESS}. */ public int getCarrierPrivilegeStatus(PackageInfo packageInfo) { - if (packageInfo.signatures == null || packageInfo.signatures.length == 0) { + Signature[] signatures = packageInfo.signatures; + SigningInfo sInfo = packageInfo.signingInfo; + + if (sInfo != null) { + signatures = sInfo.getSigningCertificateHistory(); + if (sInfo.hasMultipleSigners()) { + signatures = sInfo.getApkContentsSigners(); + } + } + + if (signatures == null || signatures.length == 0) { throw new IllegalArgumentException( - "Must use GET_SIGNATURES when looking up package info"); + "Must use GET_SIGNING_CERTIFICATES when looking up package info"); } - for (Signature sig : packageInfo.signatures) { + for (Signature sig : signatures) { int accessStatus = getCarrierPrivilegeStatus(sig, packageInfo.packageName); if (accessStatus != TelephonyManager.CARRIER_PRIVILEGE_STATUS_NO_ACCESS) { return accessStatus; -- cgit v1.2.3-59-g8ed1b