commit 4e9d677b35b9656c22c922c9abca4107ab95c9b4 Author: Bernhard Rosenkränzer Date: Tue Aug 29 00:34:27 2017 +0200 Add permission to allow an APK to fake a signature. This is needed by GmsCore (https://microg.org/) to pretend the existence of the official Play Services to applications calling Google APIs. Forward-ported from https://github.com/microg/android_packages_apps_GmsCore/blob/master/patches/android_frameworks_base-N.patch Change-Id: I603fd09200432f7e1bf997072188cdfa6da1594f Signed-off-by: Bernhard Rosenkränzer diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 794d4f8b78b..b3189077256 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2075,6 +2075,13 @@ android:description="@string/permdesc_getPackageSize" android:protectionLevel="normal" /> + + + diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 3613acf44aa..d1636c862c5 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1385,6 +1385,8 @@ com.android.location.fused + + com.google.android.gms diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 3eebe7eb68d..7405386cd49 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -764,6 +764,10 @@ + + Spoof package signature + + Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only! disable or modify status bar diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index f36b762c5e9..048a057d39c 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -3571,8 +3571,9 @@ public class PackageManagerService extends IPackageManager.Stub flags |= MATCH_ANY_USER; } - PackageInfo packageInfo = PackageParser.generatePackageInfo(p, gids, flags, - ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId); + PackageInfo packageInfo = mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags, + ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId), + permissions); if (packageInfo == null) { return null; @@ -3584,6 +3585,24 @@ public class PackageManagerService extends IPackageManager.Stub return packageInfo; } + private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi, + Set permissions) { + try { + if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") + && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1 + && p.mAppMetaData != null) { + String sig = p.mAppMetaData.getString("fake-signature"); + if (sig != null) { + pi.signatures = new Signature[] {new Signature(sig)}; + } + } + } catch (Throwable t) { + // We should never die because of any failures, this is system code! + Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t); + } + return pi; + } + @Override public void checkPackageStartable(String packageName, int userId) { final int callingUid = Binder.getCallingUid();