From 307e3d048d6e89bc8419ac5d3f480841c84fc5a2 Mon Sep 17 00:00:00 2001
From: Zoltan Szatmary-Ban <szatmz@google.com>
Date: Thu, 9 Jul 2015 17:30:20 +0100
Subject: [PATCH] Check signature match between Cert installer and Settings

To prevent an app masquerading as com.android.certinstaller install
malicious certs.

Bug: 22095968
Change-Id: Ia79f326af0f39a23b687cb08981920665669e0a1
---
 src/com/android/settings/CredentialStorage.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java
index a12369b9414..18b4ac8f40a 100644
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -22,6 +22,7 @@ import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
+import android.content.pm.PackageManager;
 import android.content.pm.UserInfo;
 import android.content.res.Resources;
 import android.os.AsyncTask;
@@ -417,8 +418,10 @@ public final class CredentialStorage extends Activity {
      */
     private boolean checkCallerIsCertInstallerOrSelfInProfile() {
         if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) {
-            // CertInstaller is allowed to install credentials
-            return true;
+            // CertInstaller is allowed to install credentials if it has the same signature as
+            // Settings package.
+            return getPackageManager().checkSignatures(
+                    getCallingPackage(), getPackageName()) == PackageManager.SIGNATURE_MATCH;
         }
 
         final int launchedFromUserId;