Check signatures of privileged persistent apps for granting defailt permissions
bug:22391058
Change-Id: I56d060f0435fadf87a8cf255ea887dd5b3903821
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 8e3334ff..bf372c8 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -174,7 +174,7 @@
synchronized (mService.mPackages) {
for (PackageParser.Package pkg : mService.mPackages.values()) {
- if (!isSysComponentOrPersistentPrivApp(pkg)
+ if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
|| !doesPackageSupportRuntimePermissions(pkg)) {
continue;
}
@@ -682,7 +682,7 @@
private PackageParser.Package getSystemPackageLPr(String packageName) {
PackageParser.Package pkg = getPackageLPr(packageName);
if (pkg != null && pkg.isSystemApp()) {
- return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null;
+ return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
}
return null;
}
@@ -731,11 +731,16 @@
}
}
- private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) {
- return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID
- || ((pkg.applicationInfo.privateFlags
- & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0
- && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0);
+ private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
+ if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
+ return true;
+ }
+ if ((pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) == 0
+ || (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
+ return false;
+ }
+ return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures,
+ pkg.mSignatures) == PackageManager.SIGNATURE_MATCH;
}
private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {