Don't use upgrade-key-sets check when scanning during boot.
Apps may specify upgrade-key-sets which are different than their current signing
keys to prevent a future upgrade with the current set of keys. Every package is
re-scanned on boot, however, so the existing application would violate its own
recorded upgrade-key-sets. Change the key verification check to ignore
upgrade-key-sets on boot. Also default to the same-sig checks if the
upgrade-key-set meta-data has been corrupted.
Bug: 21785716
Change-Id: I5c0c1e2017ec780a745a74488620bfe95b052269
diff --git a/services/core/java/com/android/server/pm/KeySetManagerService.java b/services/core/java/com/android/server/pm/KeySetManagerService.java
index 7531403..1ee07a5 100644
--- a/services/core/java/com/android/server/pm/KeySetManagerService.java
+++ b/services/core/java/com/android/server/pm/KeySetManagerService.java
@@ -277,6 +277,11 @@
return mKeySets.get(keySetId);
}
+ /* Checks if an identifier refers to a known keyset */
+ public boolean isIdValidKeySetId(long id) {
+ return mKeySets.get(id) != null;
+ }
+
/**
* Fetches the {@link PublicKey public keys} which belong to the specified
* KeySet id.