Android Q external application installation permission management

Mobile 2023-08-19 20:20:07 views: null

Android Q external application installation permission management

Requirements: If the external third-party application does not have a system platform signature, the application cannot be installed through the adb install command.

Only files in the whitelist are allowed to be installed through the adb command

1. The file path is as follows
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

App installation whitelist

--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -488,7 +488,10 @@ public class PackageManagerService extends IPackageManager.Stub
     private static String mSignPackageName[] = {
    
    
       "com.kaifa.bgm.setting",
       "com.kirin.healthcare",
-      "com.kaifa.bgm.demo"};
+      "com.kaifa.bgm.demo",
+      "com.ascensia.bgm.demo",
+      "com.ascensia.scanner.demo",
+      "com.ascensia.kirin.evaluation"};


.../android/server/pm/PackageManagerService.java   | 89 +++++++++++++++++++++-
 1 file changed, 87 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 23c7ad4..e493e1d 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -377,6 +377,9 @@ import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.BiConsumer;
 import java.util.function.Consumer;
 import java.util.function.Predicate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
 /**
  * Keep track of all those APKs everywhere.
@@ -480,6 +483,21 @@ public class PackageManagerService extends IPackageManager.Stub
     static final int SCAN_AS_PRODUCT_SERVICES = 1 << 22;
     static final int SCAN_AS_ODM = 1 << 23;
 
+    //add by hhuming on 2021-05-10 for ID1013053 begain
+    //packageName
+    private static String mSignPackageName[] = {
+      "com.kaifa.bgm.setting",
+      "com.kirin.healthcare",
+      "com.kaifa.bgm.demo"};
+
+    //media,platform,shared,testkey,releasekey
+    private static String mRomSingnum[] = {
+      "17005646429478100598",
+      "9539596108125051488",
+      "16132430370418643909",
+      "13604184191370124297",
+      "12176541990031084972"};
+
     @IntDef(flag = true, prefix = { "SCAN_" }, value = {
             SCAN_NO_DEX,
             SCAN_UPDATE_SIGNATURE,
@@ -15651,6 +15669,7 @@ public class PackageManagerService extends IPackageManager.Stub
         if (params.move != null) {
             return new MoveInstallArgs(params);
         } else {
+	    Log.i(TAG,"createInstallArgs FileInstallArgs");
             return new FileInstallArgs(params);
         }
     }
@@ -15780,6 +15799,62 @@ public class PackageManagerService extends IPackageManager.Stub
         }
     }
 
+    private boolean isRomSignsPackage(Context context,PackageInfoLite pkgLite) {
+        try {
+            if(pkgLite != null){
+		String packageName = pkgLite.packageName;
+	        Log.i(TAG,"isRomSignsPackage packageName = " + packageName);
+                for(String num:mSignPackageName) {
+                    if(num.equals(packageName)) {
+                        return true;
+                    }
+                }
+            }else{
+                return false;
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return false;
+    }
+
+    public boolean isRomSign(Context context) {
+        try {
+            PackageInfo packageInfo = context.getPackageManager().
+                    getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
+            android.content.pm.Signature[] signs = packageInfo.signatures;
+            android.content.pm.Signature sign = signs[0];
+            String signNumber = parseSignature(sign.toByteArray());
+	    Log.i(TAG,"isRomSign signNumber = " + signNumber);
+            for(String num:mRomSingnum) {
+                if(num.equals(signNumber)) {
+		    Log.i(TAG,"isRomSign signNumber is right, so return true");
+                    return true;
+                }
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return false;
+    }
+
+    private static String parseSignature(byte[] signature) {
+        try {
+            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+            X509Certificate cert = (X509Certificate) certFactory
+                    .generateCertificate(new ByteArrayInputStream(signature));
+            String pubKey = cert.getPublicKey().toString();
+            String signNumber = cert.getSerialNumber().toString();
+            String AlgNumber =  cert.getSignature().toString();
+            Log.i(TAG,"parseSignature pubKey = " + pubKey + ", signNumber =  "
+                    + signNumber + ", AlgNumber = " + AlgNumber);
+            return signNumber;
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
     /**
      * Logic to handle installation of new applications, including copying
      * and renaming logic.
@@ -15824,8 +15899,18 @@ public class PackageManagerService extends IPackageManager.Stub
         }
 
         private int doCopyApk() {
+	    Log.i(TAG,"doCopyApk = origin " + origin);
+	    PackageInfoLite pkgLite = null;
+	    int ret = PackageManager.INSTALL_UNKNOWN;
+	    if ((((FileInstallArgs)this).installFlags & PackageManager.INSTALL_FROM_ADB) != 0){
+		pkgLite = PackageManagerServiceUtils.getMinimalPackageInfo(mContext,origin.resolvedPath, installFlags, "");
+		if (!isRomSignsPackage(mContext,pkgLite) || !isRomSign(mContext)) {
+		    ret = PackageManager.INSTALL_FAILED_INVALID_APK;
+		    return ret;
+	        }
+	    }
             if (origin.staged) {
-                if (DEBUG_INSTALL) Slog.d(TAG, origin.file + " already staged; skipping copy");
+                Slog.d(TAG, origin.file + " already staged; skipping copy");
                 codeFile = origin.file;
                 resourceFile = origin.file;
                 return PackageManager.INSTALL_SUCCEEDED;
@@ -15842,7 +15927,7 @@ public class PackageManagerService extends IPackageManager.Stub
                 return PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE;
             }
 
-            int ret = PackageManagerServiceUtils.copyPackage(
+            ret = PackageManagerServiceUtils.copyPackage(
                     origin.file.getAbsolutePath(), codeFile);
             if (ret != PackageManager.INSTALL_SUCCEEDED) {
                 Slog.e(TAG, "Failed to copy package");
-- 
2.7.4

2. The command to generate the platform signature is as follows

development/tools/make_key testkey  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key media  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key shared  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key platform  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key releasekey  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
development/tools/make_key verity  '/C=US/ST=NY/L=Holbrook View/O=ZJY/OU=PM/CN=SW/[email protected]'
out/host/linux-x86/bin/generate_verity_key -convert verity.x509.pem verity_key

Guess you like

Origin blog.csdn.net/weixin_45080805/article/details/120738416
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com