From 37658734891a14991c74563d9d86e5430d7ce672 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= Date: Mon, 4 Mar 2019 03:26:03 -0500 Subject: [PATCH] Add permission to allow an APK to fake a signature. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is needed by GmsCore (https://microg.org/) to pretend the existence of the official Play Services to applications calling Google APIs. Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f Signed-off-by: Bernhard Rosenkränzer --- core/res/AndroidManifest.xml | 7 ++++++ core/res/res/values/config.xml | 2 ++ core/res/res/values/strings.xml | 4 ++++ .../server/pm/PackageManagerService.java | 23 +++++++++++++++++-- 4 files changed, 34 insertions(+), 2 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 34d26f0da90..08f95ec1fdf 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2357,6 +2357,13 @@ android:description="@string/permdesc_getPackageSize" android:protectionLevel="normal" /> + + + diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index cf9bd122baf..2047c336acd 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1682,6 +1682,8 @@ com.android.location.fused + + com.google.android.gms diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index f6600462ea7..bad13100a79 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -785,6 +785,10 @@ + + Spoof package signature + + Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! disable or modify status bar diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 9b50a1545a5..58dc3fe926f 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -4001,8 +4001,9 @@ public class PackageManagerService extends IPackageManager.Stub final Set permissions = ArrayUtils.isEmpty(p.requestedPermissions) ? Collections.emptySet() : permissionsState.getPermissions(userId); - PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, - ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); + PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, + ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), + permissions); if (packageInfo == null) { return null; @@ -4038,6 +4039,24 @@ public class PackageManagerService extends IPackageManager.Stub } } + private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, + Set permissions) { + try { + if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") + && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 + && p.mAppMetaData != null) { + String sig = p.mAppMetaData.getString("fake-signature"); + if (sig != null) { + pi.signatures = new Signature[] {new Signature(sig)}; + } + } + } catch (Throwable t) { + // We should never die because of any failures, this is system code! + Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); + } + return pi; + } + @Override public void checkPackageStartable(String packageName, int userId) { final int callingUid = Binder.getCallingUid(); -- 2.20.1