mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-13 00:19:27 -05:00
58923f2ef9
Signed-off-by: Tavi <tavi@divested.dev>
224 lines
13 KiB
Diff
224 lines
13 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Tavi <tavi@divested.dev>
|
|
Date: Thu, 5 Dec 2024 13:59:39 -0500
|
|
Subject: [PATCH] Revert "Allow signature spoofing for microG
|
|
Companion/Services"
|
|
|
|
This reverts commit 6b793fa98a40dd6c2d6eb02988161ed123439428.
|
|
|
|
Change-Id: I63acd724cfcdeba12bc2abfedd382d21842bba77
|
|
---
|
|
.../com/android/server/pm/AppsFilterImpl.java | 2 -
|
|
.../com/android/server/pm/ComputerEngine.java | 57 -------------------
|
|
services/core/jni/Android.bp | 7 ---
|
|
.../com_android_server_pm_ComputerEngine.cpp | 38 -------------
|
|
services/core/jni/onload.cpp | 2 -
|
|
5 files changed, 106 deletions(-)
|
|
delete mode 100644 services/core/jni/com_android_server_pm_ComputerEngine.cpp
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/AppsFilterImpl.java b/services/core/java/com/android/server/pm/AppsFilterImpl.java
|
|
index 57263da936d6..cc4c2b5bf893 100644
|
|
--- a/services/core/java/com/android/server/pm/AppsFilterImpl.java
|
|
+++ b/services/core/java/com/android/server/pm/AppsFilterImpl.java
|
|
@@ -36,7 +36,6 @@ import static com.android.server.pm.AppsFilterUtils.canQueryAsUpdateOwner;
|
|
import static com.android.server.pm.AppsFilterUtils.canQueryViaComponents;
|
|
import static com.android.server.pm.AppsFilterUtils.canQueryViaPackage;
|
|
import static com.android.server.pm.AppsFilterUtils.canQueryViaUsesLibrary;
|
|
-import static com.android.server.pm.ComputerEngine.isMicrogSigned;
|
|
|
|
import android.annotation.NonNull;
|
|
import android.annotation.Nullable;
|
|
@@ -600,7 +599,6 @@ public final class AppsFilterImpl extends AppsFilterLocked implements Watchable,
|
|
newIsForceQueryable = mForceQueryable.contains(newPkgSetting.getAppId())
|
|
/* shared user that is already force queryable */
|
|
|| newPkgSetting.isForceQueryableOverride() /* adb override */
|
|
- || (newPkg.isForceQueryable() && isMicrogSigned(newPkg))
|
|
|| (newPkgSetting.isSystem() && (mSystemAppsQueryable
|
|
|| newPkg.isForceQueryable()
|
|
|| ArrayUtils.contains(mForceQueryableByDevicePackageNames,
|
|
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
|
|
index 774033e0fb15..06b16becd3fe 100644
|
|
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
|
|
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
|
|
@@ -102,7 +102,6 @@ import android.content.pm.UserPackage;
|
|
import android.content.pm.VersionedPackage;
|
|
import android.os.Binder;
|
|
import android.os.Build;
|
|
-import android.os.Bundle;
|
|
import android.os.IBinder;
|
|
import android.os.ParcelableException;
|
|
import android.os.PatternMatcher;
|
|
@@ -175,7 +174,6 @@ import java.util.Collections;
|
|
import java.util.Comparator;
|
|
import java.util.List;
|
|
import java.util.Objects;
|
|
-import java.util.Optional;
|
|
import java.util.Set;
|
|
import java.util.UUID;
|
|
|
|
@@ -425,10 +423,6 @@ public class ComputerEngine implements Computer {
|
|
private final PackageManagerInternal.ExternalSourcesPolicy mExternalSourcesPolicy;
|
|
private final CrossProfileIntentResolverEngine mCrossProfileIntentResolverEngine;
|
|
|
|
- // Signatures used by microG
|
|
- private static final Signature MICROG_FAKE_SIGNATURE = new Signature("308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a");
|
|
- private static final Signature MICROG_REAL_SIGNATURE = new Signature("308202ed308201d5a003020102020426ffa009300d06092a864886f70d01010b05003027310b300906035504061302444531183016060355040a130f4e4f47415050532050726f6a656374301e170d3132313030363132303533325a170d3337303933303132303533325a3027310b300906035504061302444531183016060355040a130f4e4f47415050532050726f6a65637430820122300d06092a864886f70d01010105000382010f003082010a02820101009a8d2a5336b0eaaad89ce447828c7753b157459b79e3215dc962ca48f58c2cd7650df67d2dd7bda0880c682791f32b35c504e43e77b43c3e4e541f86e35a8293a54fb46e6b16af54d3a4eda458f1a7c8bc1b7479861ca7043337180e40079d9cdccb7e051ada9b6c88c9ec635541e2ebf0842521c3024c826f6fd6db6fd117c74e859d5af4db04448965ab5469b71ce719939a06ef30580f50febf96c474a7d265bb63f86a822ff7b643de6b76e966a18553c2858416cf3309dd24278374bdd82b4404ef6f7f122cec93859351fc6e5ea947e3ceb9d67374fe970e593e5cd05c905e1d24f5a5484f4aadef766e498adf64f7cf04bddd602ae8137b6eea40722d0203010001a321301f301d0603551d0e04160414110b7aa9ebc840b20399f69a431f4dba6ac42a64300d06092a864886f70d01010b0500038201010007c32ad893349cf86952fb5a49cfdc9b13f5e3c800aece77b2e7e0e9c83e34052f140f357ec7e6f4b432dc1ed542218a14835acd2df2deea7efd3fd5e8f1c34e1fb39ec6a427c6e6f4178b609b369040ac1f8844b789f3694dc640de06e44b247afed11637173f36f5886170fafd74954049858c6096308fc93c1bc4dd5685fa7a1f982a422f2a3b36baa8c9500474cf2af91c39cbec1bc898d10194d368aa5e91f1137ec115087c31962d8f76cd120d28c249cf76f4c70f5baa08c70a7234ce4123be080cee789477401965cfe537b924ef36747e8caca62dfefdd1a6288dcb1c4fd2aaa6131a7ad254e9742022cfd597d2ca5c660ce9e41ff537e5a4041e37");
|
|
-
|
|
// PackageManagerService attributes that are primitives are referenced through the
|
|
// pms object directly. Primitives are the only attributes so referenced.
|
|
protected final PackageManagerService mService;
|
|
@@ -1471,53 +1465,6 @@ public class ComputerEngine implements Computer {
|
|
return result;
|
|
}
|
|
|
|
- private static native boolean isDebuggable();
|
|
-
|
|
- public static boolean isMicrogSigned(AndroidPackage p) {
|
|
- if (!isDebuggable()) {
|
|
- return false;
|
|
- }
|
|
-
|
|
- // Allowlist the following apps:
|
|
- // * com.android.vending - microG Companion
|
|
- // * com.google.android.gms - microG Services
|
|
- if (!p.getPackageName().equals("com.android.vending") &&
|
|
- !p.getPackageName().equals("com.google.android.gms")) {
|
|
- return false;
|
|
- }
|
|
-
|
|
- Signature[] signatures = p.getSigningDetails().getSignatures();
|
|
- if (signatures == null) {
|
|
- return false;
|
|
- }
|
|
-
|
|
- return Signature.areExactMatch(signatures, new Signature[]{MICROG_REAL_SIGNATURE});
|
|
- }
|
|
-
|
|
- private static Optional<Signature> generateFakeSignature(AndroidPackage p) {
|
|
- if (!isMicrogSigned(p)) {
|
|
- return Optional.empty();
|
|
- }
|
|
-
|
|
- Bundle metadata = p.getMetaData();
|
|
- if (metadata == null) {
|
|
- return Optional.empty();
|
|
- }
|
|
-
|
|
- String fakeSignatureStr = metadata.getString("fake-signature");
|
|
- if (TextUtils.isEmpty(fakeSignatureStr)) {
|
|
- return Optional.empty();
|
|
- }
|
|
-
|
|
- // Only MICROG_FAKE_SIGNATURE can be faked
|
|
- Signature fakeSignature = new Signature(fakeSignatureStr);
|
|
- if (!fakeSignature.equals(MICROG_FAKE_SIGNATURE)) {
|
|
- return Optional.empty();
|
|
- }
|
|
-
|
|
- return Optional.of(fakeSignature);
|
|
- }
|
|
-
|
|
public final PackageInfo generatePackageInfo(PackageStateInternal ps,
|
|
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
|
|
if (!mUserManager.exists(userId)) return null;
|
|
@@ -1574,10 +1521,6 @@ public class ComputerEngine implements Computer {
|
|
}
|
|
}
|
|
|
|
- generateFakeSignature(p).ifPresent(fakeSignature -> {
|
|
- packageInfo.signatures = new Signature[]{fakeSignature};
|
|
- });
|
|
-
|
|
return packageInfo;
|
|
} else if ((flags & (MATCH_UNINSTALLED_PACKAGES | MATCH_ARCHIVED_PACKAGES)) != 0
|
|
&& PackageUserStateUtils.isAvailable(state, flags)) {
|
|
diff --git a/services/core/jni/Android.bp b/services/core/jni/Android.bp
|
|
index e078c6e34912..3607dddc66d5 100644
|
|
--- a/services/core/jni/Android.bp
|
|
+++ b/services/core/jni/Android.bp
|
|
@@ -73,7 +73,6 @@ cc_library_static {
|
|
"com_android_server_vibrator_VibratorManagerService.cpp",
|
|
"com_android_server_pdb_PersistentDataBlockService.cpp",
|
|
"com_android_server_am_LowMemDetector.cpp",
|
|
- "com_android_server_pm_ComputerEngine.cpp",
|
|
"com_android_server_pm_PackageManagerShellCommandDataLoader.cpp",
|
|
"com_android_server_sensor_SensorService.cpp",
|
|
"com_android_server_wm_TaskFpsCallbackController.cpp",
|
|
@@ -96,12 +95,6 @@ cc_library_static {
|
|
header_libs: [
|
|
"bionic_libc_platform_headers",
|
|
],
|
|
-
|
|
- product_variables: {
|
|
- debuggable: {
|
|
- cflags: ["-DANDROID_DEBUGGABLE"],
|
|
- }
|
|
- },
|
|
}
|
|
|
|
cc_defaults {
|
|
diff --git a/services/core/jni/com_android_server_pm_ComputerEngine.cpp b/services/core/jni/com_android_server_pm_ComputerEngine.cpp
|
|
deleted file mode 100644
|
|
index bbe298097a2a..000000000000
|
|
--- a/services/core/jni/com_android_server_pm_ComputerEngine.cpp
|
|
+++ /dev/null
|
|
@@ -1,38 +0,0 @@
|
|
-/*
|
|
- * Copyright (C) 2024 The LineageOS Project
|
|
- *
|
|
- * Licensed under the Apache License, Version 2.0 (the "License");
|
|
- * you may not use this file except in compliance with the License.
|
|
- * You may obtain a copy of the License at
|
|
- *
|
|
- * http://www.apache.org/licenses/LICENSE-2.0
|
|
- *
|
|
- * Unless required by applicable law or agreed to in writing, software
|
|
- * distributed under the License is distributed on an "AS IS" BASIS,
|
|
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
- * See the License for the specific language governing permissions and
|
|
- * limitations under the License.
|
|
- */
|
|
-
|
|
-#include <nativehelper/JNIHelp.h>
|
|
-
|
|
-namespace android {
|
|
-
|
|
-static bool isDebuggable(JNIEnv* env) {
|
|
-#ifdef ANDROID_DEBUGGABLE
|
|
- return true;
|
|
-#else
|
|
- return false;
|
|
-#endif
|
|
-}
|
|
-
|
|
-static const JNINativeMethod method_table[] = {
|
|
- {"isDebuggable", "()Z", (void*)isDebuggable},
|
|
-};
|
|
-
|
|
-int register_android_server_com_android_server_pm_ComputerEngine(JNIEnv* env) {
|
|
- return jniRegisterNativeMethods(env, "com/android/server/pm/ComputerEngine",
|
|
- method_table, NELEM(method_table));
|
|
-}
|
|
-
|
|
-} // namespace android
|
|
diff --git a/services/core/jni/onload.cpp b/services/core/jni/onload.cpp
|
|
index 30bc8c5403a6..0936888b24a0 100644
|
|
--- a/services/core/jni/onload.cpp
|
|
+++ b/services/core/jni/onload.cpp
|
|
@@ -58,7 +58,6 @@ int register_android_server_am_LowMemDetector(JNIEnv* env);
|
|
int register_android_server_utils_AnrTimer(JNIEnv *env);
|
|
int register_com_android_server_soundtrigger_middleware_AudioSessionProviderImpl(JNIEnv* env);
|
|
int register_com_android_server_soundtrigger_middleware_ExternalCaptureStateTracker(JNIEnv* env);
|
|
-int register_android_server_com_android_server_pm_ComputerEngine(JNIEnv* env);
|
|
int register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(JNIEnv* env);
|
|
int register_android_server_AdbDebuggingManager(JNIEnv* env);
|
|
int register_android_server_FaceService(JNIEnv* env);
|
|
@@ -122,7 +121,6 @@ extern "C" jint JNI_OnLoad(JavaVM* vm, void* /* reserved */)
|
|
register_android_server_utils_AnrTimer(env);
|
|
register_com_android_server_soundtrigger_middleware_AudioSessionProviderImpl(env);
|
|
register_com_android_server_soundtrigger_middleware_ExternalCaptureStateTracker(env);
|
|
- register_android_server_com_android_server_pm_ComputerEngine(env);
|
|
register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(env);
|
|
register_android_server_AdbDebuggingManager(env);
|
|
register_android_server_FaceService(env);
|