From b37e1cd82fcaa7058e9fdf34749fcd19a7e2b2b4 Mon Sep 17 00:00:00 2001
From: Bryan Henry <bryanhenry@google.com>
Date: Thu, 26 Apr 2018 18:24:01 -0700
Subject: Revert "Allow shared users to rotate signing certs in an OTA"

This reverts commit ffd979d6b90a2780e8d625f7c65e5a8680ceb6ba.

Reason for revert: Replacing with go/oag/673735
Bug: 74501739
Test: N/A

Change-Id: I9e87b0f815081a196218744653542a29939c82bb
---
 .../com/android/server/pm/PackageManagerService.java     | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index bb1f5c02f864..74aabc20a730 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -10198,10 +10198,20 @@ public class PackageManagerService extends IPackageManager.Stub
                 // The signature has changed, but this package is in the system
                 // image...  let's recover!
                 pkgSetting.signatures.mSigningDetails = pkg.mSigningDetails;
-                // If the system app is part of a shared user we allow that shared user to change
-                // signatures as well in part as part of an OTA.
+                // However...  if this package is part of a shared user, but it
+                // doesn't match the signature of the shared user, let's fail.
+                // What this means is that you can't change the signatures
+                // associated with an overall shared user, which doesn't seem all
+                // that unreasonable.
                 if (signatureCheckPs.sharedUser != null) {
-                    signatureCheckPs.sharedUser.signatures.mSigningDetails = pkg.mSigningDetails;
+                    if (compareSignatures(
+                            signatureCheckPs.sharedUser.signatures.mSigningDetails.signatures,
+                            pkg.mSigningDetails.signatures) != PackageManager.SIGNATURE_MATCH) {
+                        throw new PackageManagerException(
+                                INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
+                                "Signature mismatch for shared user: "
+                                        + pkgSetting.sharedUser);
+                    }
                 }
                 // File a report about this.
                 String msg = "System package " + pkg.packageName
-- 
cgit v1.2.3-59-g8ed1b