PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check signature match between Cert installer and Settings

Browse Source 
To prevent an app masquerading as com.android.certinstaller install
malicious certs.

Bug: 22095968
Change-Id: Ia79f326af0f39a23b687cb08981920665669e0a1
This commit is contained in:
Zoltan Szatmary-Ban
2015-07-09 17:30:20 +01:00
parent 93b1a5a974
commit 307e3d048d
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/com/android/settings/CredentialStorage.java
View File

@@ -22,6 +22,7 @@ import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.UserInfo;
import android.content.res.Resources;
import android.os.AsyncTask;
@@ -417,8 +418,10 @@ public final class CredentialStorage extends Activity {
*/
private boolean checkCallerIsCertInstallerOrSelfInProfile() {
if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) {
// CertInstaller is allowed to install credentials
return true;
// CertInstaller is allowed to install credentials if it has the same signature as
// Settings package.
return getPackageManager().checkSignatures(
getCallingPackage(), getPackageName()) == PackageManager.SIGNATURE_MATCH;
}
final int launchedFromUserId;