[Replicant] [PATCH] Add manifest to verification params

Moritz Bandemer replicant at posteo.mx
Thu Jul 23 22:06:16 UTC 2015


This is the .patch for bug #1257: 
http://redmine.replicant.us/issues/1257

I've merged the patch from here: 
https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2b3202c3ff18469b294629bf1416118f12492173 
to the Replicant sources and successfully recompiled Replicant after 
that for my device.

After flashing the patched Replicant, I've tested my productive device 
several weeks without any misbehavior.
Furthermore I've successfully checked, that Replicant isn't vulnerale to 
the "Installer Hijacking Vulnerability" anymore.

Please review the patch, inline attached below, and apply it if you 
like:

###

 From 247913ca358693f44c66ad603c600e229b43a6c1 Mon Sep 17 00:00:00 2001
 From: Kenny Root <kroot at google.com>
Date: Thu, 14 Mar 2013 09:41:18 -0700
Subject: [PATCH] Add manifest to verification params

Change-Id: I088ab981cb56d4f156b6ff910d6a2270e3302dc4
Signed-off-by: Kenny Root <kroot at google.com> Signed-off-by: Moritz 
Bandemer <replicant at posteo.mx>
---
  src/com/android/packageinstaller/InstallAppProgress.java       | 6 
+++++-
  src/com/android/packageinstaller/PackageInstallerActivity.java | 4 ++++
  src/com/android/packageinstaller/PackageUtil.java              | 1 +
  3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/com/android/packageinstaller/InstallAppProgress.java 
b/src/com/android/packageinstaller/InstallAppProgress.java
index fc82078..71c792e 100755
--- a/src/com/android/packageinstaller/InstallAppProgress.java
+++ b/src/com/android/packageinstaller/InstallAppProgress.java
@@ -24,6 +24,7 @@ import 
android.content.DialogInterface.OnCancelListener;
  import android.content.Intent;
  import android.content.pm.ApplicationInfo;
  import android.content.pm.IPackageInstallObserver;
+import android.content.pm.ManifestDigest;
  import android.content.pm.PackageInfo;
  import android.content.pm.PackageManager;
  import android.content.pm.PackageManager.NameNotFoundException;
@@ -54,6 +55,8 @@ import java.util.List;
  public class InstallAppProgress extends Activity implements 
View.OnClickListener, OnCancelListener {
      private final String TAG="InstallAppProgress";
      private boolean localLOGV = false;
+    static final String EXTRA_MANIFEST_DIGEST =
+            "com.android.packageinstaller.extras.manifest_digest";
      private ApplicationInfo mAppInfo;
      private Uri mPackageURI;
      private ProgressBar mProgressBar;
@@ -254,8 +257,9 @@ public class InstallAppProgress extends Activity 
implements View.OnClickListener
          Uri referrer = 
getIntent().getParcelableExtra(Intent.EXTRA_REFERRER);
          int originatingUid = 
getIntent().getIntExtra(Intent.EXTRA_ORIGINATING_UID,
                  VerificationParams.NO_UID);
+        ManifestDigest manifestDigest = 
getIntent().getParcelableExtra(EXTRA_MANIFEST_DIGEST);
          VerificationParams verificationParams = new 
VerificationParams(null, originatingURI,
-                referrer, originatingUid, null);
+                referrer, originatingUid, manifestDigest);
          PackageInstallObserver observer = new PackageInstallObserver();

          if ("package".equals(mPackageURI.getScheme())) {
diff --git 
a/src/com/android/packageinstaller/PackageInstallerActivity.java 
b/src/com/android/packageinstaller/PackageInstallerActivity.java
index 4a6db21..4d7b0c0 100644
--- a/src/com/android/packageinstaller/PackageInstallerActivity.java
+++ b/src/com/android/packageinstaller/PackageInstallerActivity.java
@@ -26,6 +26,7 @@ import 
android.content.DialogInterface.OnCancelListener;
  import android.content.Intent;
  import android.content.SharedPreferences;
  import android.content.pm.ApplicationInfo;
+import android.content.pm.ManifestDigest;
  import android.content.pm.PackageInfo;
  import android.content.pm.PackageManager;
  import android.content.pm.PackageUserState;
@@ -69,6 +70,7 @@ public class PackageInstallerActivity extends Activity 
implements OnCancelListen
      private Uri mOriginatingURI;
      private Uri mReferrerURI;
      private int mOriginatingUid = VerificationParams.NO_UID;
+    private ManifestDigest mPkgDigest;

      private boolean localLOGV = false;
      PackageManager mPm;
@@ -520,6 +522,7 @@ public class PackageInstallerActivity extends 
Activity implements OnCancelListen
              mPkgInfo = PackageParser.generatePackageInfo(parsed, null,
                      PackageManager.GET_PERMISSIONS, 0, 0, null,
                      new PackageUserState());
+            mPkgDigest = parsed.manifestDigest;
              as = PackageUtil.getAppSnippet(this, 
mPkgInfo.applicationInfo, sourceFile);
          }

@@ -656,6 +659,7 @@ public class PackageInstallerActivity extends 
Activity implements OnCancelListen
                          mPkgInfo.applicationInfo);
                  newIntent.setData(mPackageURI);
                  newIntent.setClass(this, InstallAppProgress.class);
+                
newIntent.putExtra(InstallAppProgress.EXTRA_MANIFEST_DIGEST, 
mPkgDigest);
                  String installerPackageName = 
getIntent().getStringExtra(
                          Intent.EXTRA_INSTALLER_PACKAGE_NAME);
                  if (mOriginatingURI != null) {
diff --git a/src/com/android/packageinstaller/PackageUtil.java 
b/src/com/android/packageinstaller/PackageUtil.java
index 8681bfc..20dce43 100644
--- a/src/com/android/packageinstaller/PackageUtil.java
+++ b/src/com/android/packageinstaller/PackageUtil.java
@@ -72,6 +72,7 @@ public class PackageUtil {
          metrics.setToDefaults();
          PackageParser.Package pkg =  
packageParser.parsePackage(sourceFile,
                  archiveFilePath, metrics, 0);
+        packageParser.collectCertificates(pkg, 0);
          // Nuke the parser reference.
          packageParser = null;
          return pkg;
-- 
2.1.4




More information about the Replicant mailing list