From d3ec926a99694ed258f60f197a85b83b5f0e75f3 Mon Sep 17 00:00:00 2001 From: Tad <tad@spotco.us> Date: Tue, 22 Mar 2016 15:10:47 -0400 Subject: [PATCH] Allow packages to fake their signature Change-Id: Iba3b34256161926886c27ef63271795fd8b93f1a --- core/res/AndroidManifest.xml | 7 +++++++ core/res/res/values/config.xml | 2 ++ core/res/res/values/strings.xml | 5 +++++ .../android/server/pm/PackageManagerService.java | 23 ++++++++++++++++++++-- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 50a4b38..9be1bcb 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1654,6 +1654,13 @@ android:description="@string/permdesc_getPackageSize" android:protectionLevel="normal" /> + <!-- @hide Allows an application to change the package signature as + seen by applications --> + <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE" + android:protectionLevel="dangerous" + android:label="@string/permlab_fakePackageSignature" + android:description="@string/permdesc_fakePackageSignature" /> + <!-- @deprecated No longer useful, see {@link android.content.pm.PackageManager#addPackageToPreferred} for details. --> diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 5cdce93..ac23bb6 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1298,6 +1298,8 @@ <string-array name="config_locationProviderPackageNames" translatable="false"> <!-- The standard AOSP fused location provider --> <item>com.android.location.fused</item> + <!-- The (faked) microg fused location provider --> + <item>com.google.android.gms</item> </string-array> <!-- This string array can be overriden to enable test location providers initially. --> diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 1fef7e7..0924463 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -615,6 +615,11 @@ <!-- Permissions --> + <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> + <string name="permlab_fakePackageSignature">Spoof package signature</string> + <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> + <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only!</string> + <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_statusBar">disable or modify status bar</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index d5c58df..7b68c3e 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -2805,8 +2805,27 @@ public class PackageManagerService extends IPackageManager.Stub { final Set<String> permissions = permissionsState.getPermissions(userId); final PackageUserState state = ps.readUserState(userId); - return PackageParser.generatePackageInfo(p, gids, flags, - ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); + return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, + ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), + permissions); + } + + private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, + Set<String> permissions) { + try { + if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") + && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 + && p.mAppMetaData != null) { + String sig = p.mAppMetaData.getString("fake-signature"); + if (sig != null) { + pi.signatures = new Signature[] {new Signature(sig)}; + } + } + } catch (Throwable t) { + // We should never die because of any failures, this is system code! + Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); + } + return pi; } @Override -- 2.7.4