From d3ec926a99694ed258f60f197a85b83b5f0e75f3 Mon Sep 17 00:00:00 2001 From: Tad Date: Tue, 22 Mar 2016 15:10:47 -0400 Subject: [PATCH] Allow packages to fake their signature Change-Id: Iba3b34256161926886c27ef63271795fd8b93f1a --- core/res/AndroidManifest.xml | 7 +++++++ core/res/res/values/config.xml | 2 ++ core/res/res/values/strings.xml | 5 +++++ .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 50a4b38..9be1bcb 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1654,6 +1654,13 @@ android:description="@string/permdesc_getPackageSize" android:protectionLevel="normal" /> + + + diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 5cdce93..ac23bb6 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1298,6 +1298,8 @@ com.android.location.fused + + com.google.android.gms diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 1fef7e7..0924463 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -615,6 +615,11 @@ + + Spoof package signature + + Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! + disable or modify status bar diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index d5c58df..7b68c3e 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -2805,8 +2805,27 @@ public class PackageManagerService extends IPackageManager.Stub { final Set permissions = permissionsState.getPermissions(userId); final PackageUserState state = ps.readUserState(userId); - return PackageParser.generatePackageInfo(p, gids, flags, - ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); + return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, + ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), + permissions); + } + + private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, + Set permissions) { + try { + if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") + && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 + && p.mAppMetaData != null) { + String sig = p.mAppMetaData.getString("fake-signature"); + if (sig != null) { + pi.signatures = new Signature[] {new Signature(sig)}; + } + } + } catch (Throwable t) { + // We should never die because of any failures, this is system code! + Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); + } + return pi; } @Override -- 2.7.4