Check signatures of privileged persistent apps for granting defailt permissions bug:22391058 Change-Id: I56d060f0435fadf87a8cf255ea887dd5b3903821

commit: 824d453246d65db43fd7bc24df6fa3d536d2b54a [log] [tgz]
author: Svet Ganov <svetoslavganov@google.com> Fri Jul 10 18:25:48 2015 -0700
committer: Svet Ganov <svetoslavganov@google.com> Fri Jul 10 18:28:52 2015 -0700
tree: 6c4aaa472db373f3c68c42db2c7da321e353b02e
parent: 6795a2aeafa6df8a5e8e3045d29991d33c8db33f [diff]
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 8e3334ff..bf372c8 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java

@@ -174,7 +174,7 @@
 
         synchronized (mService.mPackages) {
             for (PackageParser.Package pkg : mService.mPackages.values()) {
-                if (!isSysComponentOrPersistentPrivApp(pkg)
+                if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
                         || !doesPackageSupportRuntimePermissions(pkg)) {
                     continue;
                 }
@@ -682,7 +682,7 @@
     private PackageParser.Package getSystemPackageLPr(String packageName) {
         PackageParser.Package pkg = getPackageLPr(packageName);
         if (pkg != null && pkg.isSystemApp()) {
-            return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null;
+            return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
         }
         return null;
     }
@@ -731,11 +731,16 @@
         }
     }
 
-    private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) {
-        return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID
-                || ((pkg.applicationInfo.privateFlags
-                & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0
-                && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0);
+    private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
+        if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
+            return true;
+        }
+        if ((pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) == 0
+                || (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
+            return false;
+        }
+        return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures,
+                pkg.mSignatures) == PackageManager.SIGNATURE_MATCH;
     }
 
     private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
commit	824d453246d65db43fd7bc24df6fa3d536d2b54a	[log] [tgz]
author	Svet Ganov <svetoslavganov@google.com>	Fri Jul 10 18:25:48 2015 -0700
committer	Svet Ganov <svetoslavganov@google.com>	Fri Jul 10 18:28:52 2015 -0700
tree	6c4aaa472db373f3c68c42db2c7da321e353b02e
parent	6795a2aeafa6df8a5e8e3045d29991d33c8db33f [diff]