From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 3 Jul 2023 12:00:12 -0400 Subject: [PATCH] Hardened signature spoofing - Must be enabled by user - Must match microG package ID - Must meet minimum respective targetSdk and versionCode - Must match official microG build signing key - Only spoofs the Google package signature This is an effective merge + tweak of two existing patches, credits: Dylanger Daly https://github.com/dylangerdaly/platform_frameworks_base/commit/b58aa11631fadab3309a1d9268118bd9f2c2a79f Chirayu Desai of CalyxOS https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/76485abb36dc01b65506b010d0458e96e0116369 Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4 --- .../android/content/pm/PackageParser.java | 32 +++++++++++++++ core/res/res/values/config.xml | 2 + .../server/pm/PackageManagerService.java | 39 ++++++++++++++++++- 3 files changed, 71 insertions(+), 2 deletions(-) diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java index 8f5df4672dc0..c326ed2eb09c 100644 --- a/core/java/android/content/pm/PackageParser.java +++ b/core/java/android/content/pm/PackageParser.java @@ -6569,6 +6569,38 @@ public class PackageParser { return false; } + /** + * Return the Cerificate's Digest + */ + public @Nullable String getSha256Certificate() { + return getSha256CertificateInternal(); + } + + private @Nullable String getSha256CertificateInternal() { + String digest; + if (this == UNKNOWN) { + return null; + } + if (hasPastSigningCertificates()) { + + // check all past certs, except for the last one, which automatically gets all + // capabilities, since it is the same as the current signature, and is checked below + for (int i = 0; i < pastSigningCertificates.length - 1; i++) { + digest = PackageUtils.computeSha256Digest( + pastSigningCertificates[i].toByteArray()); + return digest; + } + } + + // not in previous certs signing history, just check the current signer + if (signatures.length == 1) { + digest = + PackageUtils.computeSha256Digest(signatures[0].toByteArray()); + return digest; + } + return null; + } + /** Returns true if the signatures in this and other match exactly. */ public boolean signaturesMatchExactly(SigningDetails other) { return Signature.areExactMatch(this.signatures, other.signatures); diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 35af82fb39a2..403680089a8d 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1804,6 +1804,8 @@ com.android.location.fused +