Merge "Check signature policy in IdmapManager"
diff --git a/services/core/java/com/android/server/om/IdmapManager.java b/services/core/java/com/android/server/om/IdmapManager.java
index 74fbea1..9e0cb0f 100644
--- a/services/core/java/com/android/server/om/IdmapManager.java
+++ b/services/core/java/com/android/server/om/IdmapManager.java
@@ -36,6 +36,7 @@
import android.util.Slog;
import com.android.internal.os.BackgroundThread;
+import com.android.server.om.OverlayManagerServiceImpl.PackageManagerHelper;
import com.android.server.pm.Installer;
import java.io.File;
@@ -52,6 +53,7 @@
private static final boolean FEATURE_FLAG_IDMAP2 = true;
private final Installer mInstaller;
+ private final PackageManagerHelper mPackageManager;
private IIdmap2 mIdmap2Service;
private static final boolean VENDOR_IS_Q_OR_LATER;
@@ -61,8 +63,9 @@
VENDOR_IS_Q_OR_LATER = value.equals("Q") || value.equals("q");
}
- IdmapManager(final Installer installer) {
+ IdmapManager(final Installer installer, final PackageManagerHelper packageManager) {
mInstaller = installer;
+ mPackageManager = packageManager;
if (FEATURE_FLAG_IDMAP2) {
connectToIdmap2d();
}
@@ -79,7 +82,7 @@
final String overlayPath = overlayPackage.applicationInfo.getBaseCodePath();
try {
if (FEATURE_FLAG_IDMAP2) {
- int policies = determineFulfilledPolicies(overlayPackage);
+ int policies = determineFulfilledPolicies(targetPackage, overlayPackage, userId);
boolean enforce = enforceOverlayable(overlayPackage);
if (mIdmap2Service.verifyIdmap(overlayPath, policies, enforce, userId)) {
return true;
@@ -197,14 +200,18 @@
* Retrieves a bitmask for idmap2 that represents the policies the specified overlay fulfills.
* @throws SecurityException if the overlay is not allowed to overlay any resource
*/
- private int determineFulfilledPolicies(@NonNull final PackageInfo overlayPackage)
- throws SecurityException {
+ private int determineFulfilledPolicies(@NonNull final PackageInfo targetPackage,
+ @NonNull final PackageInfo overlayPackage, int userId) throws SecurityException {
final ApplicationInfo ai = overlayPackage.applicationInfo;
final boolean overlayIsQOrLater = ai.targetSdkVersion >= VERSION_CODES.Q;
int fulfilledPolicies = 0;
- // TODO(b/119402606) : Add signature policy
+ // Overlay matches target signature
+ if (mPackageManager.signaturesMatching(targetPackage.packageName,
+ overlayPackage.packageName, userId)) {
+ fulfilledPolicies |= IIdmap2.POLICY_SIGNATURE;
+ }
// Vendor partition (/vendor)
if (ai.isVendor()) {
diff --git a/services/core/java/com/android/server/om/OverlayManagerService.java b/services/core/java/com/android/server/om/OverlayManagerService.java
index d0c59c1..8905eb9 100644
--- a/services/core/java/com/android/server/om/OverlayManagerService.java
+++ b/services/core/java/com/android/server/om/OverlayManagerService.java
@@ -232,7 +232,7 @@
new File(Environment.getDataSystemDirectory(), "overlays.xml"), "overlays");
mPackageManager = new PackageManagerHelper();
mUserManager = UserManagerService.getInstance();
- IdmapManager im = new IdmapManager(installer);
+ IdmapManager im = new IdmapManager(installer, mPackageManager);
mSettings = new OverlayManagerSettings();
mImpl = new OverlayManagerServiceImpl(mPackageManager, im, mSettings,
getDefaultOverlayPackages(), new OverlayChangeListener());