11.0: More work

Patches/LineageOS-11.0/android_frameworks_base/0001-Signature_Spoofing.patch

@@ -0,0 +1,66 @@
+diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
+index e6da288..66684d3 100644
+--- a/core/java/android/content/pm/PackageParser.java
++++ b/core/java/android/content/pm/PackageParser.java
+@@ -447,10 +447,23 @@ public class PackageParser {
+             }
+         }
+         if ((flags&PackageManager.GET_SIGNATURES) != 0) {
+-           int N = (p.mSignatures != null) ? p.mSignatures.length : 0;
+-           if (N > 0) {
+-                pi.signatures = new Signature[N];
+-                System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);
++            boolean handledFakeSignature = false;
++            try {
++                if (p.requestedPermissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") && p.mAppMetaData != null
++                        && p.mAppMetaData.get("fake-signature") instanceof String) {
++                    pi.signatures = new Signature[] {new Signature(p.mAppMetaData.getString("fake-signature"))};
++                    handledFakeSignature = true;
++                }
++            } catch (Throwable t) {
++                // We should never die because of any failures, this is system code!
++                Log.w("PackageParser.FAKE_PACKAGE_SIGNATURE", t);
++            }
++            if (!handledFakeSignature) {
++                int N = (p.mSignatures != null) ? p.mSignatures.length : 0;
++                if (N > 0) {
++                    pi.signatures = new Signature[N];
++                    System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);
++                }
+             }
+         }
+         return pi;
+diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
+index 558a475..4e7aa65 100644
+--- a/core/res/AndroidManifest.xml
++++ b/core/res/AndroidManifest.xml
+@@ -1562,6 +1562,13 @@
+         android:label="@string/permlab_getPackageSize"
+         android:description="@string/permdesc_getPackageSize" />
+ 
++    <!-- Allows an application to change the package signature as seen by applications -->
++    <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
++                android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
++                android:protectionLevel="dangerous"
++                android:label="@string/permlab_fakePackageSignature"
++                android:description="@string/permdesc_fakePackageSignature" />
++
+     <!-- @deprecated No longer useful, see
+          {@link android.content.pm.PackageManager#addPackageToPreferred}
+          for details. -->
+diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
+index 790e166..8e66470 100644
+--- a/core/res/res/values/strings.xml
++++ b/core/res/res/values/strings.xml
+@@ -1135,6 +1135,11 @@
+     <string name="permdesc_getPackageSize">Allows the app to retrieve its code, data, and cache sizes</string>
+ 
+     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permlab_fakePackageSignature">mimic package signature</string>
++    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permdesc_fakePackageSignature">Allows the app to use mimic another app\'s package signature.</string>
++
++    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+     <string name="permlab_installPackages">directly install apps</string>
+     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+     <string name="permdesc_installPackages">Allows the app to install new or updated