Allow restoring of apps that rotated key
Restoring of apps that rotated key wouldn't be possible due to
explicit signature matching.
Amend signature matching strategies to take into account
apps that have rotated key.
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/backup/utils/AppBackupUtilsTest.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/backup/BackupUtilsTest.java
Test: m -j RunFrameworksServicesRoboTests
Test: runtest -p com.android.server.backup frameworks-services
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest1.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest2.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest3.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest4.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest5.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest6.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest7.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest8.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest9.java
Test: atest frameworks/base/services/tests/servicestests/src/
com/android/server/pm/ShortcutManagerTest10.java
Test: atest CtsShortcutManagerTestCases
Bug: 64686581
Bug: 34345052
Bug: 74208476
Bug: 74159113
Change-Id: Ica23bbfec89648d9348c65db4597188e8c18e1d8
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index f0922b34..d9c0f2f 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -176,6 +176,7 @@
import android.content.pm.PackageParser.PackageParserException;
import android.content.pm.PackageParser.ParseFlags;
import android.content.pm.PackageParser.ServiceIntentInfo;
+import android.content.pm.PackageParser.SigningDetails;
import android.content.pm.PackageParser.SigningDetails.SignatureSchemeVersion;
import android.content.pm.PackageStats;
import android.content.pm.PackageUserState;
@@ -23383,6 +23384,36 @@
}
@Override
+ public boolean isDataRestoreSafe(byte[] restoringFromSigHash, String packageName) {
+ SigningDetails sd = getSigningDetails(packageName);
+ if (sd == null) {
+ return false;
+ }
+ return sd.hasSha256Certificate(restoringFromSigHash,
+ SigningDetails.CertCapabilities.INSTALLED_DATA);
+ }
+
+ @Override
+ public boolean isDataRestoreSafe(Signature restoringFromSig, String packageName) {
+ SigningDetails sd = getSigningDetails(packageName);
+ if (sd == null) {
+ return false;
+ }
+ return sd.hasCertificate(restoringFromSig,
+ SigningDetails.CertCapabilities.INSTALLED_DATA);
+ }
+
+ private SigningDetails getSigningDetails(@NonNull String packageName) {
+ synchronized (mPackages) {
+ PackageParser.Package p = mPackages.get(packageName);
+ if (p == null) {
+ return null;
+ }
+ return p.mSigningDetails;
+ }
+ }
+
+ @Override
public int getPermissionFlagsTEMP(String permName, String packageName, int userId) {
return PackageManagerService.this.getPermissionFlags(permName, packageName, userId);
}
diff --git a/services/core/java/com/android/server/pm/ShortcutPackageInfo.java b/services/core/java/com/android/server/pm/ShortcutPackageInfo.java
index 520ed25..eeaa333 100644
--- a/services/core/java/com/android/server/pm/ShortcutPackageInfo.java
+++ b/services/core/java/com/android/server/pm/ShortcutPackageInfo.java
@@ -18,10 +18,13 @@
import android.annotation.NonNull;
import android.annotation.UserIdInt;
import android.content.pm.PackageInfo;
+import android.content.pm.PackageManagerInternal;
import android.content.pm.ShortcutInfo;
+import android.content.pm.Signature;
import android.util.Slog;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.server.LocalServices;
import com.android.server.backup.BackupUtils;
import libcore.util.HexEncoding;
@@ -137,7 +140,8 @@
//@DisabledReason
public int canRestoreTo(ShortcutService s, PackageInfo currentPackage, boolean anyVersionOkay) {
- if (!BackupUtils.signaturesMatch(mSigHashes, currentPackage)) {
+ PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class);
+ if (!BackupUtils.signaturesMatch(mSigHashes, currentPackage, pmi)) {
Slog.w(TAG, "Can't restore: Package signature mismatch");
return ShortcutInfo.DISABLED_REASON_SIGNATURE_MISMATCH;
}
@@ -159,13 +163,15 @@
public static ShortcutPackageInfo generateForInstalledPackageForTest(
ShortcutService s, String packageName, @UserIdInt int packageUserId) {
final PackageInfo pi = s.getPackageInfoWithSignatures(packageName, packageUserId);
- if (pi.signatures == null || pi.signatures.length == 0) {
+ // retrieve the newest sigs
+ Signature[][] signingHistory = pi.signingCertificateHistory;
+ if (signingHistory == null || signingHistory.length == 0) {
Slog.e(TAG, "Can't get signatures: package=" + packageName);
return null;
}
+ Signature[] signatures = signingHistory[signingHistory.length - 1];
final ShortcutPackageInfo ret = new ShortcutPackageInfo(pi.getLongVersionCode(),
- pi.lastUpdateTime, BackupUtils.hashSignatureArray(pi.signatures),
- /* shadow=*/ false);
+ pi.lastUpdateTime, BackupUtils.hashSignatureArray(signatures), /* shadow=*/ false);
ret.mBackupSourceBackupAllowed = s.shouldBackupApp(pi);
ret.mBackupSourceVersionCode = pi.getLongVersionCode();
@@ -185,7 +191,15 @@
Slog.w(TAG, "Package not found: " + pkg.getPackageName());
return;
}
- mSigHashes = BackupUtils.hashSignatureArray(pi.signatures);
+ // retrieve the newest sigs
+ Signature[][] signingHistory = pi.signingCertificateHistory;
+ if (signingHistory == null || signingHistory.length == 0) {
+ Slog.w(TAG, "Not refreshing signature for " + pkg.getPackageName()
+ + " since it appears to have no signature history.");
+ return;
+ }
+ Signature[] signatures = signingHistory[signingHistory.length - 1];
+ mSigHashes = BackupUtils.hashSignatureArray(signatures);
}
public void saveToXml(ShortcutService s, XmlSerializer out, boolean forBackup)
@@ -221,7 +235,6 @@
public void loadFromXml(XmlPullParser parser, boolean fromBackup)
throws IOException, XmlPullParserException {
-
// Don't use the version code from the backup file.
final long versionCode = ShortcutService.parseLongAttribute(parser, ATTR_VERSION,
ShortcutInfo.VERSION_CODE_UNKNOWN);
diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index 265cc8e..15b4617 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -3121,7 +3121,8 @@
try {
return mIPackageManager.getPackageInfo(
packageName, PACKAGE_MATCH_FLAGS
- | (getSignatures ? PackageManager.GET_SIGNATURES : 0), userId);
+ | (getSignatures ? PackageManager.GET_SIGNING_CERTIFICATES : 0),
+ userId);
} catch (RemoteException e) {
// Shouldn't happen.
Slog.wtf(TAG, "RemoteException", e);