Postpone the shared user checking after Q

The shared user checking becomes strict. If there is an APK in
vendor partition shared UID with a APK in system partition, the
signatures of these 2 APKs must be equal. Otherwise, framework
will throw an exception and cannot boot.

Postpone the checking from first_api_level 28 to 29.

Bug: 137524152
Test: test on a device with first_api_level=29 and pass the checking
Change-Id: I76d87a6dab35d4d39113cdd16a20706ce2c45093
(cherry picked from commit bdf04e88c7e9db4c1ca8c9976d519a87b39dd9d6)
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 9f5fc92..7fce445 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -16590,13 +16590,13 @@
                                 && compareSignatures(sharedUserSignatures,
                                         pkg.mSigningDetails.signatures)
                                         != PackageManager.SIGNATURE_MATCH) {
-                            if (SystemProperties.getInt("ro.product.first_api_level", 0) <= 28) {
+                            if (SystemProperties.getInt("ro.product.first_api_level", 0) <= 29) {
                                 // Mismatched signatures is an error and silently skipping system
                                 // packages will likely break the device in unforeseen ways.
-                                // However,
-                                // we allow the device to boot anyway because, prior to P,
-                                // vendors were
-                                // not expecting the platform to crash in this situation.
+                                // However, we allow the device to boot anyway because, prior to Q,
+                                // vendors were not expecting the platform to crash in this
+                                // situation.
+                                // This WILL be a hard failure on any new API levels after Q.
                                 throw new ReconcileFailure(
                                         INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
                                         "Signature mismatch for shared user: "