Files
patches/android/36/android_frameworks_base.patch
T
2025-11-03 03:25:11 -08:00

135 lines
8.4 KiB
Diff

From 925445e90cbb560ea385d6107014301e7fa82aa2 Mon Sep 17 00:00:00 2001
From: oxmc <67136658+oxmc@users.noreply.github.com>
Date: Mon, 3 Nov 2025 02:18:36 -0800
Subject: [PATCH] Add support for app signature spoofing (needed for microg
GMS)
---
core/api/current.txt | 2 ++
core/res/AndroidManifest.xml | 15 ++++++++++
core/res/res/values/strings.xml | 11 +++++++
.../com/android/server/pm/ComputerEngine.java | 29 ++++++++++++++++---
4 files changed, 53 insertions(+), 4 deletions(-)
diff --git a/core/api/current.txt b/core/api/current.txt
index 07224db7dcd3..255befc4cf32 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -104,6 +104,7 @@ package android {
field @FlaggedApi("android.xr.xr_manifest_entries") public static final String EYE_TRACKING_FINE = "android.permission.EYE_TRACKING_FINE";
field @FlaggedApi("android.xr.xr_manifest_entries") public static final String FACE_TRACKING = "android.permission.FACE_TRACKING";
field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
+ field public static final String FAKE_PACKAGE_SIGNATURE = "android.permission.FAKE_PACKAGE_SIGNATURE";
field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
field public static final String FOREGROUND_SERVICE_CAMERA = "android.permission.FOREGROUND_SERVICE_CAMERA";
field public static final String FOREGROUND_SERVICE_CONNECTED_DEVICE = "android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE";
@@ -360,6 +361,7 @@ package android {
field public static final String CALL_LOG = "android.permission-group.CALL_LOG";
field public static final String CAMERA = "android.permission-group.CAMERA";
field public static final String CONTACTS = "android.permission-group.CONTACTS";
+ field public static final String FAKE_PACKAGE = "android.permission-group.FAKE_PACKAGE";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
field public static final String NEARBY_DEVICES = "android.permission-group.NEARBY_DEVICES";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 636968dd1152..f94250612e5f 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -4883,6 +4883,21 @@
android:label="@string/permlab_getPackageSize"
android:description="@string/permdesc_getPackageSize"
android:protectionLevel="normal" />
+
+ <!-- Dummy user-facing group for faking package signature -->
+ <permission-group android:name="android.permission-group.FAKE_PACKAGE"
+ android:label="@string/permgrouplab_fake_package_signature"
+ android:description="@string/permgroupdesc_fake_package_signature"
+ android:request="@string/permgrouprequest_fake_package_signature"
+ android:priority="100" />
+
+ <!-- Allows an application to change the package signature as
+ seen by applications -->
+ <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_fakePackageSignature"
+ android:description="@string/permdesc_fakePackageSignature" />
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 43ba327f4069..2fae3cfa5916 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -1075,6 +1075,17 @@
<!-- Permissions -->
+ <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permlab_fakePackageSignature">Spoof package signature</string>
+ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Legitimate uses include an emulator pretending to be what it emulates. Grant this permission with caution only!</string>
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgrouplab_fake_package_signature">Spoof package signature</string>
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgroupdesc_fake_package_signature">allow to spoof package signature</string>
+ <!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
+ <string name="permgrouprequest_fake_package_signature">Allow <b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to spoof package signature?</string>
+
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_statusBar">disable or modify status bar</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
diff --git a/services/core/java/com/android/server/pm/ComputerEngine.java b/services/core/java/com/android/server/pm/ComputerEngine.java
index 38ac0473d1a3..dadb4caacf56 100644
--- a/services/core/java/com/android/server/pm/ComputerEngine.java
+++ b/services/core/java/com/android/server/pm/ComputerEngine.java
@@ -1483,6 +1483,26 @@ public class ComputerEngine implements Computer {
return result;
}
+ private boolean requestsFakeSignature(AndroidPackage p) {
+ return p.getMetaData() != null && p.getMetaData().getString("fake-signature") != null;
+ }
+
+ private PackageInfo mayFakeSignature(AndroidPackage p, PackageInfo pi,
+ Set<String> permissions) {
+ try {
+ if (p.getMetaData() != null && p.getTargetSdkVersion() > Build.VERSION_CODES.LOLLIPOP_MR1) {
+ String sig = p.getMetaData().getString("fake-signature");
+ if (sig != null && permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")) {
+ pi.signatures = new Signature[] {new Signature(sig)};
+ }
+ }
+ } catch (Throwable t) {
+ // We should never die because of any failures, this is system code!
+ Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
+ }
+ return pi;
+ }
+
public final PackageInfo generatePackageInfo(PackageStateInternal ps,
@PackageManager.PackageInfoFlagsBits long flags, int userId) {
if (!mUserManager.exists(userId)) return null;
@@ -1516,13 +1536,14 @@ public class ComputerEngine implements Computer {
|| ArrayUtils.isEmpty(p.getPermissions())) ? Collections.emptySet()
: mPermissionManager.getInstalledPermissions(ps.getPackageName());
// Compute granted permissions only if package has requested permissions
- final Set<String> grantedPermissions = ((flags & PackageManager.GET_PERMISSIONS) == 0
+ final Set<String> permissions = (((flags & PackageManager.GET_PERMISSIONS) == 0
+ && !requestsFakeSignature(p))
|| ArrayUtils.isEmpty(p.getRequestedPermissions())) ? Collections.emptySet()
: mPermissionManager.getGrantedPermissions(ps.getPackageName(), userId);
- PackageInfo packageInfo = PackageInfoUtils.generate(p, gids, flags,
- state.getFirstInstallTimeMillis(), ps.getLastUpdateTime(), installedPermissions,
- grantedPermissions, state, userId, ps);
+ PackageInfo packageInfo = mayFakeSignature(p, PackageInfoUtils.generate(p, gids, flags,
+ ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId, ps),
+ permissions);
if (packageInfo == null) {
return null;
--
2.46.0.windows.1