mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-22 22:19:21 -05:00
a96f74ca28
Runtime tested: 17.1, 18.1, 20.0 Compile tested: 19.1 Signed-off-by: Tad <tad@spotco.us>
138 lines
8.9 KiB
Diff
138 lines
8.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Tad <tad@spotco.us>
|
|
Date: Mon, 3 Jul 2023 12:00:12 -0400
|
|
Subject: [PATCH] Hardened signature spoofing
|
|
|
|
- Must be enabled by user
|
|
- Must match microG package ID
|
|
- Must meet minimum respective targetSdk and versionCode
|
|
- Must match official microG build signing key
|
|
- Only spoofs the Google package signature
|
|
|
|
This is an effective merge + tweak of two existing patches, credits:
|
|
Dylanger Daly
|
|
https://github.com/dylangerdaly/platform_frameworks_base/commit/b58aa11631fadab3309a1d9268118bd9f2c2a79f
|
|
Chirayu Desai of CalyxOS
|
|
https://gitlab.com/CalyxOS/platform_frameworks_base/-/commit/76485abb36dc01b65506b010d0458e96e0116369
|
|
|
|
Change-Id: I64a252aac9bb196a11ed7b4b5d8c7e59a3413bd4
|
|
---
|
|
.../android/content/pm/PackageParser.java | 32 +++++++++++++++
|
|
core/res/res/values/config.xml | 2 +
|
|
.../server/pm/PackageManagerService.java | 39 ++++++++++++++++++-
|
|
3 files changed, 71 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
|
index 8f5df4672dc0..c326ed2eb09c 100644
|
|
--- a/core/java/android/content/pm/PackageParser.java
|
|
+++ b/core/java/android/content/pm/PackageParser.java
|
|
@@ -6569,6 +6569,38 @@ public class PackageParser {
|
|
return false;
|
|
}
|
|
|
|
+ /**
|
|
+ * Return the Cerificate's Digest
|
|
+ */
|
|
+ public @Nullable String getSha256Certificate() {
|
|
+ return getSha256CertificateInternal();
|
|
+ }
|
|
+
|
|
+ private @Nullable String getSha256CertificateInternal() {
|
|
+ String digest;
|
|
+ if (this == UNKNOWN) {
|
|
+ return null;
|
|
+ }
|
|
+ if (hasPastSigningCertificates()) {
|
|
+
|
|
+ // check all past certs, except for the last one, which automatically gets all
|
|
+ // capabilities, since it is the same as the current signature, and is checked below
|
|
+ for (int i = 0; i < pastSigningCertificates.length - 1; i++) {
|
|
+ digest = PackageUtils.computeSha256Digest(
|
|
+ pastSigningCertificates[i].toByteArray());
|
|
+ return digest;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ // not in previous certs signing history, just check the current signer
|
|
+ if (signatures.length == 1) {
|
|
+ digest =
|
|
+ PackageUtils.computeSha256Digest(signatures[0].toByteArray());
|
|
+ return digest;
|
|
+ }
|
|
+ return null;
|
|
+ }
|
|
+
|
|
/** Returns true if the signatures in this and other match exactly. */
|
|
public boolean signaturesMatchExactly(SigningDetails other) {
|
|
return Signature.areExactMatch(this.signatures, other.signatures);
|
|
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
|
|
index 35af82fb39a2..403680089a8d 100644
|
|
--- a/core/res/res/values/config.xml
|
|
+++ b/core/res/res/values/config.xml
|
|
@@ -1804,6 +1804,8 @@
|
|
<string-array name="config_locationProviderPackageNames" translatable="false">
|
|
<!-- The standard AOSP fused location provider -->
|
|
<item>com.android.location.fused</item>
|
|
+ <!-- The (faked) microg fused location provider (a free reimplementation)
|
|
+ <item>com.google.android.gms</item> -->
|
|
</string-array>
|
|
|
|
<!-- Package name(s) of Advanced Driver Assistance applications. These packages have additional
|
|
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
|
index 5bbde18f7e9e..eca352c6c7f6 100644
|
|
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
|
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
|
@@ -3362,8 +3362,20 @@ public class PackageManagerService extends IPackageManager.Stub
|
|
|| ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
|
|
: mPermissionManager.getGrantedPermissions(ps.name, userId);
|
|
|
|
- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
|
|
- ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps);
|
|
+ // Allow microG GmsCore and FakeStore to spoof signature
|
|
+ final boolean isValidGmsCore = p.getPackageName().equals("com.google.android.gms") && p.getTargetSdkVersion() >= 29 && p.getVersionCode() >= 231657056;
|
|
+ final boolean isValidFakeStore = p.getPackageName().equals("com.android.vending") && p.getTargetSdkVersion() >= 24 && p.getVersionCode() >= 30;
|
|
+ final boolean isMicroG = isValidGmsCore || isValidFakeStore;
|
|
+ PackageInfo packageInfo;
|
|
+ if (isMicroG && SystemProperties.getBoolean(SPOOF_CONTROL, false)) {
|
|
+ packageInfo = fakeSignature(p, PackageInfoUtils.generate(p, gids, flags,
|
|
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state,
|
|
+ userId, ps), permissions);
|
|
+ } else {
|
|
+ packageInfo = PackageInfoUtils.generate(p, gids, flags,
|
|
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state,
|
|
+ userId, ps);
|
|
+ }
|
|
|
|
if (packageInfo == null) {
|
|
return null;
|
|
@@ -3400,6 +3412,29 @@ public class PackageManagerService extends IPackageManager.Stub
|
|
}
|
|
}
|
|
|
|
+ // The setting to control spoofing enablement.
|
|
+ private static final String SPOOF_CONTROL = "persist.security.sigspoof";
|
|
+ // The Google signature faked by microG.
|
|
+ private static final String GOOGLE_CERT = "308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a";
|
|
+ // The signing key hash of official microG builds.
|
|
+ private static final String MICROG_HASH = "9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165";
|
|
+
|
|
+ private PackageInfo fakeSignature(AndroidPackage p, PackageInfo pi,
|
|
+ Set<String> permissions) {
|
|
+ String hash = p.getSigningDetails().getSha256Certificate();
|
|
+ try {
|
|
+ if (hash.equals(MICROG_HASH) && p.getTargetSdkVersion() >= 24) {
|
|
+ pi.signatures = new Signature[] {new Signature(GOOGLE_CERT)};
|
|
+ if (DEBUG_PACKAGE_INFO) {
|
|
+ Log.v(TAG, "Spoofing signature for microG");
|
|
+ }
|
|
+ }
|
|
+ } catch (Throwable t) {
|
|
+ Log.w("Unable to fake signature!", t);
|
|
+ }
|
|
+ return pi;
|
|
+ }
|
|
+
|
|
public final PackageInfo getPackageInfo(String packageName, int flags, int userId) {
|
|
return getPackageInfoInternal(packageName, PackageManager.VERSION_CODE_HIGHEST,
|
|
flags, Binder.getCallingUid(), userId);
|