From 44cda6f5e47c33e91980ae35c8bc6d88e4d3763c Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 24 Nov 2016 13:01:30 -0500 Subject: [PATCH] Allow packages to spoof their signature Change-Id: I9acf48c7607804890d0d0fa7fe30bb36779cb40d --- core/res/AndroidManifest.xml | 7 +++++++ core/res/res/values/config.xml | 2 ++ core/res/res/values/strings.xml | 5 +++++ .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index b624305..43eec1f 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1926,6 +1926,13 @@ android:description="@string/permdesc_getPackageSize" android:protectionLevel="normal" /> + + + diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 4a95f6e..702e02a 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1383,6 +1383,8 @@ com.android.location.fused + + com.google.android.gms diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 345d377..26814f1 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -660,6 +660,11 @@ + + Spoof package signature + + Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only! + disable or modify status bar diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index d450288..9194e69 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -3141,8 +3141,27 @@ public class PackageManagerService extends IPackageManager.Stub { ? Collections.emptySet() : permissionsState.getPermissions(userId); final PackageUserState state = ps.readUserState(userId); - return PackageParser.generatePackageInfo(p, gids, flags, - ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); + return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, + ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), + permissions); + } + + private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, + Set permissions) { + try { + if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") + && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 + && p.mAppMetaData != null) { + String sig = p.mAppMetaData.getString("fake-signature"); + if (sig != null) { + pi.signatures = new Signature[] {new Signature(sig)}; + } + } + } catch (Throwable t) { + // We should never die because of any failures, this is system code! + Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); + } + return pi; } @Override -- 2.9.3