FORUMS
Remove All Ads from XDA

[HELP] [PIE] Disable signature verification to resign platform apps

12,180 posts
Thanks Meter: 67,821
 
By niaboc79, Recognized Developer / Themer on 1st November 2018, 02:16 PM
Post Reply Email Thread
Hi guys,

I need devs to help me to find a way to disable signature verification on Pie.

The old patching of compare signature method doesn't work anymore.

Could a java pro analyse PackageManagerService to find how to allow signature of core apps with a different signature.

Thanks

Edit: Here's a working method that I've created:

1) First decompile framework-res.apk and add this in arrays.xml

Code:
<string-array name="config_vendorPlatformSignatures">
        <item>308203BB308202A3A003020102020900F00F8E7F45E72D86300D06092A864886F70D01010B05003074310B30090603550406130255533113301106035504080C0A43616C69666F726E69613116301406035504070C0D4D6F756E7461696E205669657731143012060355040A0C0B476F6F676C6520496E632E3110300E060355040B0C07416E64726F69643110300E06035504030C07416E64726F6964301E170D3136303531303138313332385A170D3433303932363138313332385A3074310B30090603550406130255533113301106035504080C0A43616C69666F726E69613116301406035504070C0D4D6F756E7461696E205669657731143012060355040A0C0B476F6F676C6520496E632E3110300E060355040B0C07416E64726F69643110300E06035504030C07416E64726F696430820122300D06092A864886F70D01010105000382010F003082010A02820101009DA10ED05B5EBFE8E5794CFA3A633E605748FDB8F3545C288D9EFFBA4F2CA1BFC16DA0D4C5724575A21D4DF9D44C1B068785C084BFD4C7071EEF258F2169494239B55FCF187E529760D77DD495F65872D6BF7E61C764A368D0AA6272A51C10E91F89991EA147377B3B37B2ED714E622D17288C8A7003DC6A11022F1B0C6EB005A18CFAB5EF3F9B6912EE1B1CBECCD96A1F76DEBB6E6A9BFCCB76E9C2D279EF119D9E9BF6A089C21507FD00A0237A0C11C32946FE123C0A2CE0C52CB4D3B5D815281F244E4F998CDC4D765459BF1FFA960FC48324869DB0555A6844A94204891A01CCA268448374C7CD17661C74C692FB32AF0DF4C20AFF02F9966B5C94BB80710203010001A350304E301D0603551D0E041604149078B7EBD42D359E4E98E6FEF868CABFFA634F9F301F0603551D230418301680149078B7EBD42D359E4E98E6FEF868CABFFA634F9F300C0603551D13040530030101FF300D06092A864886F70D01010B050003820101008646166908812FD5373CE79FBAAC62F691ECDDCB82619D35BD990D068689E15E0C556D246ED8AE96816743D80CEE443F94F55CB6E169CC8F10B3770C434F351E50170F445369A26A4C37B2CA893C14A3AF7C7513A5420784CE4B6D9B92ED61252F5335A11C75EC978B979B1CD776DC3081094C3E7BE161C21E868303E0B40CB6441A95BB85F6CF83BD707735DAB8908C954CF5BB8553D0384480E1D789130D19151CA2AB01F928657E0DF2AD1FB31DCE18436BF873E4E924A59B7A89AE18C8B93CE0FF2C0ECAB4E7A67CEA1F7022CEA3C27699FA67D3B4965ABF9CE89016F33A08BFBE25AD2A9A6626C1A98802F0592DE720BDEFDDE83963D767C7AD96915224</item>
    </string-array>
2) Recompile framework-res.apk and decompile new compiled one to find new id inside public.xml

Code:
<public type="array" name="config_vendorPlatformSignatures" id="0x01070057" />
3) Decompile Services.jar and look for this method in com/android/server/pm/PackageManagerService.smali

Code:
.method private collectCertificatesLI(Lcom/android/server/pm/PackageSetting;Landroid/content/pm/PackageParser$Package;ZZ)V
Replace the complete method by:

Code:
.method private collectCertificatesLI(Lcom/android/server/pm/PackageSetting;Landroid/content/pm/PackageParser$Package;ZZ)V
    .registers 16
    .param p1, "ps"    # Lcom/android/server/pm/PackageSetting;
    .param p2, "pkg"    # Landroid/content/pm/PackageParser$Package;
    .param p3, "forceCollect"    # Z
    .param p4, "skipVerify"    # Z
    .annotation system Ldalvik/annotation/Throws;
        value = {
            Lcom/android/server/pm/PackageManagerException;
        }
    .end annotation

    .line 8546
    iget-boolean v0, p0, Lcom/android/server/pm/PackageManagerService;->mIsPreNMR1Upgrade:Z

    if-eqz v0, :cond_10

    .line 8547
    new-instance v0, Ljava/io/File;

    iget-object v1, p2, Landroid/content/pm/PackageParser$Package;->codePath:Ljava/lang/String;

    invoke-direct {v0, v1}, Ljava/io/File;-><init>(Ljava/lang/String;)V

    invoke-virtual {v0}, Ljava/io/File;->lastModified()J

    move-result-wide v0

    goto :goto_14

    :cond_10
    invoke-static {p2}, Lcom/android/server/pm/PackageManagerServiceUtils;->getLastModifiedTime(Landroid/content/pm/PackageParser$Package;)J

    move-result-wide v0

    .line 8548
    .local v0, "lastModifiedTime":J
    :goto_14
    if-eqz p1, :cond_77

    if-nez p3, :cond_77

    iget-object v2, p1, Lcom/android/server/pm/PackageSetting;->codePathString:Ljava/lang/String;

    iget-object v3, p2, Landroid/content/pm/PackageParser$Package;->codePath:Ljava/lang/String;

    .line 8549
    invoke-virtual {v2, v3}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v2

    if-eqz v2, :cond_77

    iget-wide v2, p1, Lcom/android/server/pm/PackageSetting;->timeStamp:J

    cmp-long v2, v2, v0

    if-nez v2, :cond_77

    .line 8551
    invoke-direct {p0, p2}, Lcom/android/server/pm/PackageManagerService;->isCompatSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z

    move-result v2

    if-nez v2, :cond_77

    .line 8552
    invoke-direct {p0, p2}, Lcom/android/server/pm/PackageManagerService;->isRecoverSignatureUpdateNeeded(Landroid/content/pm/PackageParser$Package;)Z

    move-result v2

    if-nez v2, :cond_77

    .line 8553
    iget-object v2, p1, Lcom/android/server/pm/PackageSetting;->signatures:Lcom/android/server/pm/PackageSignatures;

    iget-object v2, v2, Lcom/android/server/pm/PackageSignatures;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v2, v2, Landroid/content/pm/PackageParser$SigningDetails;->signatures:[Landroid/content/pm/Signature;

    if-eqz v2, :cond_59

    iget-object v2, p1, Lcom/android/server/pm/PackageSetting;->signatures:Lcom/android/server/pm/PackageSignatures;

    iget-object v2, v2, Lcom/android/server/pm/PackageSignatures;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v2, v2, Landroid/content/pm/PackageParser$SigningDetails;->signatures:[Landroid/content/pm/Signature;

    array-length v2, v2

    if-eqz v2, :cond_59

    iget-object v2, p1, Lcom/android/server/pm/PackageSetting;->signatures:Lcom/android/server/pm/PackageSignatures;

    iget-object v2, v2, Lcom/android/server/pm/PackageSignatures;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget v2, v2, Landroid/content/pm/PackageParser$SigningDetails;->signatureSchemeVersion:I

    if-eqz v2, :cond_59

    .line 8559
    new-instance v2, Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v3, p1, Lcom/android/server/pm/PackageSetting;->signatures:Lcom/android/server/pm/PackageSignatures;

    iget-object v3, v3, Lcom/android/server/pm/PackageSignatures;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    invoke-direct {v2, v3}, Landroid/content/pm/PackageParser$SigningDetails;-><init>(Landroid/content/pm/PackageParser$SigningDetails;)V

    iput-object v2, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    .line 8561
    return-void

    .line 8564
    :cond_59
    const-string v2, "PackageManager"

    new-instance v3, Ljava/lang/StringBuilder;

    invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V

    const-string v4, "PackageSetting for "

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    iget-object v4, p1, Lcom/android/server/pm/PackageSetting;->name:Ljava/lang/String;

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v4, " is missing signatures.  Collecting certs again to recover them."

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v3

    invoke-static {v2, v3}, Landroid/util/Slog;->w(Ljava/lang/String;Ljava/lang/String;)I

    goto :goto_99

    .line 8567
    :cond_77
    const-string v2, "PackageManager"

    new-instance v3, Ljava/lang/StringBuilder;

    invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V

    iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->codePath:Ljava/lang/String;

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v4, " changed; collecting certs"

    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    .line 8568
    if-eqz p3, :cond_8d

    const-string v4, " (forced)"

    goto :goto_8f

    :cond_8d
    const-string v4, ""

    :goto_8f
    invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v3

    .line 8567
    invoke-static {v2, v3}, Landroid/util/Slog;->i(Ljava/lang/String;Ljava/lang/String;)I

    .line 8573
    :goto_99
    const-wide/32 v2, 0x40000

    :try_start_9c
    const-string v4, "collectCertificates"

    invoke-static {v2, v3, v4}, Landroid/os/Trace;->traceBegin(JLjava/lang/String;)V

    .line 8574
    invoke-static {p2, p4}, Landroid/content/pm/PackageParser;->collectCertificates(Landroid/content/pm/PackageParser$Package;Z)V

    .line 8575
    iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v4, v4, Landroid/content/pm/PackageParser$SigningDetails;->signatures:[Landroid/content/pm/Signature;

    iget-object v5, p0, Lcom/android/server/pm/PackageManagerService;->mVendorPlatformSignatures:[Landroid/content/pm/Signature;

    invoke-static {v4, v5}, Lcom/android/server/pm/PackageManagerServiceUtils;->compareSignatures2([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

    move-result v4

    if-nez v4, :cond_e6
	
	.line 8579
    iget-object v4, p0, Lcom/android/server/pm/PackageManagerService;->mPlatformPackage:Landroid/content/pm/PackageParser$Package;

    if-eqz v4, :cond_e6

    .line 8580
    new-instance v4, Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v5, p0, Lcom/android/server/pm/PackageManagerService;->mPlatformPackage:Landroid/content/pm/PackageParser$Package;

    iget-object v5, v5, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v6, v5, Landroid/content/pm/PackageParser$SigningDetails;->signatures:[Landroid/content/pm/Signature;

    iget-object v5, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget v7, v5, Landroid/content/pm/PackageParser$SigningDetails;->signatureSchemeVersion:I

    iget-object v5, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v8, v5, Landroid/content/pm/PackageParser$SigningDetails;->publicKeys:Landroid/util/ArraySet;

    iget-object v5, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v9, v5, Landroid/content/pm/PackageParser$SigningDetails;->pastSigningCertificates:[Landroid/content/pm/Signature;

    iget-object v5, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v10, v5, Landroid/content/pm/PackageParser$SigningDetails;->pastSigningCertificatesFlags:[I

    move-object v5, v4

    invoke-direct/range {v5 .. v10}, Landroid/content/pm/PackageParser$SigningDetails;-><init>([Landroid/content/pm/Signature;ILandroid/util/ArraySet;[Landroid/content/pm/Signature;[I)V

    iput-object v4, p2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

	.line 8586
    iget-object v4, p2, Landroid/content/pm/PackageParser$Package;->applicationInfo:Landroid/content/pm/ApplicationInfo;

    iget v4, v4, Landroid/content/pm/ApplicationInfo;->targetSdkVersion:I

    .line 8587
    .local v4, "targetSdkVersion":I
    iget-object v5, p2, Landroid/content/pm/PackageParser$Package;->applicationInfo:Landroid/content/pm/ApplicationInfo;

    iget v5, v5, Landroid/content/pm/ApplicationInfo;->targetSandboxVersion:I

    .line 8588
    .local v5, "targetSandboxVersion":I
    invoke-virtual {p2}, Landroid/content/pm/PackageParser$Package;->isPrivileged()Z

    move-result v6

    .line 8590
    .local v6, "isPrivileged":Z
    iget-object v7, p2, Landroid/content/pm/PackageParser$Package;->applicationInfo:Landroid/content/pm/ApplicationInfo;

    invoke-static {p2, v6, v5, v4}, Lcom/android/server/pm/SELinuxMMAC;->getSeInfo(Landroid/content/pm/PackageParser$Package;ZII)Ljava/lang/String;

    move-result-object v8

    iput-object v8, v7, Landroid/content/pm/ApplicationInfo;->seInfo:Ljava/lang/String;
    :try_end_e6
    .catch Landroid/content/pm/PackageParser$PackageParserException; {:try_start_9c .. :try_end_e6} :catch_ed
    .catchall {:try_start_9c .. :try_end_e6} :catchall_eb

    .line 8597
    .end local v4    # "targetSdkVersion":I
    .end local v5    # "targetSandboxVersion":I
    .end local v6    # "isPrivileged":Z
	
	:cond_e6
	invoke-static {v2, v3}, Landroid/os/Trace;->traceEnd(J)V

    .line 8598
    nop

    .line 8599
    return-void

    .line 8597
    :catchall_eb
    move-exception v4

    goto :goto_f3

    .line 8594
    :catch_ed
    move-exception v4

    .line 8595
    .local v4, "e":Landroid/content/pm/PackageParser$PackageParserException;
    :try_start_ee
    invoke-static {v4}, Lcom/android/server/pm/PackageManagerException;->from(Landroid/content/pm/PackageParser$PackageParserException;)Lcom/android/server/pm/PackageManagerException;

    move-result-object v5

    throw v5
    :try_end_f3
    .catchall {:try_start_ee .. :try_end_f3} :catchall_eb

    .line 8597
    .end local v4    # "e":Landroid/content/pm/PackageParser$PackageParserException;
    :goto_f3
    invoke-static {v2, v3}, Landroid/os/Trace;->traceEnd(J)V

    throw v4
.end method
4) Look for this method in com/android/server/pm/PackageManagerService.smali

Code:
.method public constructor <init>(Landroid/content/Context;Lcom/android/server/pm/Installer;ZZ)V
Inside this method add this part (take care of 0x1070057 it must be replaced by the one you've added in framework-res.apk):

Code:
.line 2420
    invoke-virtual/range {p1 .. p1}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;

    move-result-object v0

    const v1, 0x1070057

    invoke-virtual {v0, v1}, Landroid/content/res/Resources;->getStringArray(I)[Ljava/lang/String;

    move-result-object v0

    invoke-static {v0}, Lcom/android/server/pm/PackageManagerServiceUtils;->createSignatures([Ljava/lang/String;)[Landroid/content/pm/Signature;

    move-result-object v0

    iput-object v0, v13, Lcom/android/server/pm/PackageManagerService;->mVendorPlatformSignatures:[Landroid/content/pm/Signature;
Add the above code just before this:

Code:
.line 2428
    move/from16 v5, p3

    iput-boolean v5, v13, Lcom/android/server/pm/PackageManagerService;->mFactoryTest:Z

    .line 2429
    iput-boolean v11, v13, Lcom/android/server/pm/PackageManagerService;->mOnlyCore:Z

    .line 2430
    new-instance v0, Landroid/util/DisplayMetrics;

    invoke-direct {v0}, Landroid/util/DisplayMetrics;-><init>()V

    iput-object v0, v13, Lcom/android/server/pm/PackageManagerService;->mMetrics:Landroid/util/DisplayMetrics;

    .line 2431
    iput-object v15, v13, Lcom/android/server/pm/PackageManagerService;->mInstaller:Lcom/android/server/pm/Installer;

    .line 2434
    iget-object v1, v13, Lcom/android/server/pm/PackageManagerService;->mInstallLock:Ljava/lang/Object;

    monitor-enter v1
5) Add this field at the top of in com/android/server/pm/PackageManagerService.smali

Code:
.field private final mVendorPlatformSignatures:[Landroid/content/pm/Signature;
6) Add this method in com/android/server/pm/PackageManagerServiceUtils.smali

Code:
.method public static compareSignatures2([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I
    .registers 9
    .param p0, "s1"    # [Landroid/content/pm/Signature;
    .param p1, "s2"    # [Landroid/content/pm/Signature;

    .line 411
    const/4 v0, 0x0

    return v0
.end method
7) Add this method in com/android/server/pm/PackageManagerServiceUtils.smali

Code:
.method public static createSignatures([Ljava/lang/String;)[Landroid/content/pm/Signature;
    .registers 5
    .param p0, "hexBytes"    # [Ljava/lang/String;

    .line 708
    array-length v0, p0

    new-array v0, v0, [Landroid/content/pm/Signature;

    .line 709
    .local v0, "sigs":[Landroid/content/pm/Signature;
    const/4 v1, 0x0

    .local v1, "i":I
    :goto_4
    array-length v2, v0

    if-ge v1, v2, :cond_13

    .line 710
    new-instance v2, Landroid/content/pm/Signature;

    aget-object v3, p0, v1

    invoke-direct {v2, v3}, Landroid/content/pm/Signature;-><init>(Ljava/lang/String;)V

    aput-object v2, v0, v1

    .line 709
    add-int/lit8 v1, v1, 0x1

    goto :goto_4

    .line 712
    .end local v1    # "i":I
    :cond_13
    return-object v0
.end method
8) Find this method in com/android/server/pm/permission/PermissionManagerService.smali

Code:
.method constructor <init>(Landroid/content/Context;Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy$DefaultPermissionGrantedCallback;Ljava/lang/Object;)V
Replace whole method by (take care of 0x1070057 it must be replaced by the one you've added in framework-res.apk):

Code:
.method constructor <init>(Landroid/content/Context;Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy$DefaultPermissionGrantedCallback;Ljava/lang/Object;)V
    .registers 14
    .param p1, "context"    # Landroid/content/Context;
    .param p2, "defaultGrantCallback"    # Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy$DefaultPermissionGrantedCallback;
    .param p3, "externalLock"    # Ljava/lang/Object;

    .line 144
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    .line 130
    new-instance v0, Lcom/android/internal/logging/MetricsLogger;

    invoke-direct {v0}, Lcom/android/internal/logging/MetricsLogger;-><init>()V

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mMetricsLogger:Lcom/android/internal/logging/MetricsLogger;

    .line 145
    iput-object p1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mContext:Landroid/content/Context;

    .line 146
    iput-object p3, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mLock:Ljava/lang/Object;

    .line 147
    const-class v0, Landroid/content/pm/PackageManagerInternal;

    invoke-static {v0}, Lcom/android/server/LocalServices;->getService(Ljava/lang/Class;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Landroid/content/pm/PackageManagerInternal;

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    .line 148
    const-class v0, Landroid/os/UserManagerInternal;

    invoke-static {v0}, Lcom/android/server/LocalServices;->getService(Ljava/lang/Class;)Ljava/lang/Object;

    move-result-object v0

    check-cast v0, Landroid/os/UserManagerInternal;

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mUserManagerInt:Landroid/os/UserManagerInternal;

    .line 149
    new-instance v0, Lcom/android/server/pm/permission/PermissionSettings;

    iget-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mLock:Ljava/lang/Object;

    invoke-direct {v0, p1, v1}, Lcom/android/server/pm/permission/PermissionSettings;-><init>(Landroid/content/Context;Ljava/lang/Object;)V

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mSettings:Lcom/android/server/pm/permission/PermissionSettings;

    .line 151
    new-instance v0, Lcom/android/server/ServiceThread;

    const-string v1, "PackageManager"

    const/4 v2, 0x1

    const/16 v3, 0xa

    invoke-direct {v0, v1, v3, v2}, Lcom/android/server/ServiceThread;-><init>(Ljava/lang/String;IZ)V

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mHandlerThread:Landroid/os/HandlerThread;

    .line 153
    iget-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mHandlerThread:Landroid/os/HandlerThread;

    invoke-virtual {v0}, Landroid/os/HandlerThread;->start()V

    .line 154
    new-instance v0, Landroid/os/Handler;

    iget-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mHandlerThread:Landroid/os/HandlerThread;

    invoke-virtual {v1}, Landroid/os/HandlerThread;->getLooper()Landroid/os/Looper;

    move-result-object v1

    invoke-direct {v0, v1}, Landroid/os/Handler;-><init>(Landroid/os/Looper;)V

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mHandler:Landroid/os/Handler;

    .line 155
    invoke-static {}, Lcom/android/server/Watchdog;->getInstance()Lcom/android/server/Watchdog;

    move-result-object v0

    iget-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mHandler:Landroid/os/Handler;

    invoke-virtual {v0, v1}, Lcom/android/server/Watchdog;->addThread(Landroid/os/Handler;)V

    .line 157
    new-instance v0, Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy;

    iget-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mHandlerThread:Landroid/os/HandlerThread;

    .line 158
    invoke-virtual {v1}, Landroid/os/HandlerThread;->getLooper()Landroid/os/Looper;

    move-result-object v1

    invoke-direct {v0, p1, v1, p2, p0}, Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy;-><init>(Landroid/content/Context;Landroid/os/Looper;Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy$DefaultPermissionGrantedCallback;Lcom/android/server/pm/permission/PermissionManagerService;)V

    iput-object v0, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mDefaultPermissionGrantPolicy:Lcom/android/server/pm/permission/DefaultPermissionGrantPolicy;

    .line 159
    invoke-static {}, Lcom/android/server/SystemConfig;->getInstance()Lcom/android/server/SystemConfig;

    move-result-object v0

    .line 160
    .local v0, "systemConfig":Lcom/android/server/SystemConfig;
    invoke-virtual {v0}, Lcom/android/server/SystemConfig;->getSystemPermissions()Landroid/util/SparseArray;

    move-result-object v1

    iput-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mSystemPermissions:Landroid/util/SparseArray;

    .line 161
    invoke-virtual {v0}, Lcom/android/server/SystemConfig;->getGlobalGids()[I

    move-result-object v1

    iput-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mGlobalGids:[I

    .line 168
    invoke-virtual {p1}, Landroid/content/Context;->getResources()Landroid/content/res/Resources;

    move-result-object v1

    const v3, 0x1070057

    invoke-virtual {v1, v3}, Landroid/content/res/Resources;->getStringArray(I)[Ljava/lang/String;

    move-result-object v1

    .line 167
    invoke-static {v1}, Lcom/android/server/pm/PackageManagerServiceUtils;->createSignatures([Ljava/lang/String;)[Landroid/content/pm/Signature;

    move-result-object v1

    iput-object v1, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mVendorPlatformSignatures:[Landroid/content/pm/Signature;

    .line 165
    invoke-static {}, Lcom/android/server/SystemConfig;->getInstance()Lcom/android/server/SystemConfig;

    move-result-object v1

    invoke-virtual {v1}, Lcom/android/server/SystemConfig;->getPermissions()Landroid/util/ArrayMap;

    move-result-object v1

    .line 166
    .local v1, "permConfig":Landroid/util/ArrayMap;, "Landroid/util/ArrayMap<Ljava/lang/String;Lcom/android/server/SystemConfig$PermissionEntry;>;"
    iget-object v3, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mLock:Ljava/lang/Object;

    monitor-enter v3

    .line 167
    const/4 v4, 0x0

    .local v4, "i":I
    :goto_7b
    :try_start_7b
    invoke-virtual {v1}, Landroid/util/ArrayMap;->size()I

    move-result v5

    if-ge v4, v5, :cond_b0

    .line 168
    invoke-virtual {v1, v4}, Landroid/util/ArrayMap;->valueAt(I)Ljava/lang/Object;

    move-result-object v5

    check-cast v5, Lcom/android/server/SystemConfig$PermissionEntry;

    .line 169
    .local v5, "perm":Lcom/android/server/SystemConfig$PermissionEntry;
    iget-object v6, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mSettings:Lcom/android/server/pm/permission/PermissionSettings;

    iget-object v7, v5, Lcom/android/server/SystemConfig$PermissionEntry;->name:Ljava/lang/String;

    invoke-virtual {v6, v7}, Lcom/android/server/pm/permission/PermissionSettings;->getPermissionLocked(Ljava/lang/String;)Lcom/android/server/pm/permission/BasePermission;

    move-result-object v6

    .line 170
    .local v6, "bp":Lcom/android/server/pm/permission/BasePermission;
    if-nez v6, :cond_a2

    .line 171
    new-instance v7, Lcom/android/server/pm/permission/BasePermission;

    iget-object v8, v5, Lcom/android/server/SystemConfig$PermissionEntry;->name:Ljava/lang/String;

    const-string v9, "android"

    invoke-direct {v7, v8, v9, v2}, Lcom/android/server/pm/permission/BasePermission;-><init>(Ljava/lang/String;Ljava/lang/String;I)V

    move-object v6, v7

    .line 172
    iget-object v7, p0, Lcom/android/server/pm/permission/PermissionManagerService;->mSettings:Lcom/android/server/pm/permission/PermissionSettings;

    iget-object v8, v5, Lcom/android/server/SystemConfig$PermissionEntry;->name:Ljava/lang/String;

    invoke-virtual {v7, v8, v6}, Lcom/android/server/pm/permission/PermissionSettings;->putPermissionLocked(Ljava/lang/String;Lcom/android/server/pm/permission/BasePermission;)V

    .line 174
    :cond_a2
    iget-object v7, v5, Lcom/android/server/SystemConfig$PermissionEntry;->gids:[I

    if-eqz v7, :cond_ad

    .line 175
    iget-object v7, v5, Lcom/android/server/SystemConfig$PermissionEntry;->gids:[I

    iget-boolean v8, v5, Lcom/android/server/SystemConfig$PermissionEntry;->perUser:Z

    invoke-virtual {v6, v7, v8}, Lcom/android/server/pm/permission/BasePermission;->setGids([IZ)V

    .line 167
    .end local v5    # "perm":Lcom/android/server/SystemConfig$PermissionEntry;
    .end local v6    # "bp":Lcom/android/server/pm/permission/BasePermission;
    :cond_ad
    add-int/lit8 v4, v4, 0x1

    goto :goto_7b

    .line 178
    .end local v4    # "i":I
    :cond_b0
    monitor-exit v3
    :try_end_b1
    .catchall {:try_start_7b .. :try_end_b1} :catchall_bd

    .line 180
    const-class v2, Lcom/android/server/pm/permission/PermissionManagerInternal;

    new-instance v3, Lcom/android/server/pm/permission/PermissionManagerService$PermissionManagerInternalImpl;

    const/4 v4, 0x0

    invoke-direct {v3, p0, v4}, Lcom/android/server/pm/permission/PermissionManagerService$PermissionManagerInternalImpl;-><init>(Lcom/android/server/pm/permission/PermissionManagerService;Lcom/android/server/pm/permission/PermissionManagerService$1;)V

    invoke-static {v2, v3}, Lcom/android/server/LocalServices;->addService(Ljava/lang/Class;Ljava/lang/Object;)V

    .line 182
    return-void

    .line 178
    :catchall_bd
    move-exception v2

    :try_start_be
    monitor-exit v3
    :try_end_bf
    .catchall {:try_start_be .. :try_end_bf} :catchall_bd

    throw v2
.end method
The Following 5 Users Say Thank You to niaboc79 For This Useful Post: [ View ]
 
 
1st November 2018, 02:22 PM |#2  
niaboc79's Avatar
OP Recognized Developer / Themer
Flag Enghien
Thanks Meter: 67,821
 
Donate to Me
More
9) Look for this method in com/android/server/pm/permission/PermissionManagerService.smali

Code:
.method private grantSignaturePermission(Ljava/lang/String;Landroid/content/pm/PackageParser$Package;Lcom/android/server/pm/permission/BasePermission;Lcom/android/server/pm/permission/PermissionsState;)Z
Replace whole method by:

Code:
.method private grantSignaturePermission(Ljava/lang/String;Landroid/content/pm/PackageParser$Package;Lcom/android/server/pm/permission/BasePermission;Lcom/android/server/pm/permission/PermissionsState;)Z
    .registers 26
    .param p1, "perm"    # Ljava/lang/String;
    .param p2, "pkg"    # Landroid/content/pm/PackageParser$Package;
    .param p3, "bp"    # Lcom/android/server/pm/permission/BasePermission;
    .param p4, "origPermissions"    # Lcom/android/server/pm/permission/PermissionsState;

    move-object/from16 v0, p0

    move-object/from16 v1, p1

    move-object/from16 v2, p2

    .line 1046
    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isOEM()Z

    move-result v3

    .line 1047
    .local v3, "oemPermission":Z
    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isVendorPrivileged()Z

    move-result v4

    .line 1048
    .local v4, "vendorPrivilegedPermission":Z
    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isPrivileged()Z

    move-result v5

    const/4 v7, 0x0

    if-nez v5, :cond_1e

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isVendorPrivileged()Z

    move-result v5

    if-eqz v5, :cond_1c

    goto :goto_1e

    :cond_1c
    move v5, v7

    goto :goto_1f

    :cond_1e
    :goto_1e
    const/4 v5, 0x1

    .line 1049
    .local v5, "privilegedPermission":Z
    :goto_1f
    sget-boolean v8, Lcom/android/internal/os/RoSystemProperties;->CONTROL_PRIVAPP_PERMISSIONS_DISABLE:Z

    .line 1051
    .local v8, "privappPermissionsDisable":Z
    const-string v9, "android"

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->getSourcePackageName()Ljava/lang/String;

    move-result-object v10

    invoke-virtual {v9, v10}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v9

    .line 1052
    .local v9, "platformPermission":Z
    const-string v10, "android"

    iget-object v11, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    invoke-virtual {v10, v11}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v10

    .line 1053
    .local v10, "platformPackage":Z
    if-nez v8, :cond_e2

    if-eqz v5, :cond_e2

    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isPrivileged()Z

    move-result v11

    if-eqz v11, :cond_e2

    if-nez v10, :cond_e2

    if-eqz v9, :cond_e2

    .line 1055
    invoke-direct/range {p0 .. p2}, Lcom/android/server/pm/permission/PermissionManagerService;->hasPrivappWhitelistEntry(Ljava/lang/String;Landroid/content/pm/PackageParser$Package;)Z

    move-result v11

    if-nez v11, :cond_e2

    .line 1057
    iget-boolean v11, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mSystemReady:Z

    if-nez v11, :cond_dd

    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isUpdatedSystemApp()Z

    move-result v11

    if-nez v11, :cond_dd

    .line 1059
    const/4 v11, 0x0

    .line 1060
    .local v11, "deniedPermissions":Landroid/util/ArraySet;, "Landroid/util/ArraySet<Ljava/lang/String;>;"
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isVendor()Z

    move-result v12

    if-eqz v12, :cond_63

    .line 1061
    invoke-static {}, Lcom/android/server/SystemConfig;->getInstance()Lcom/android/server/SystemConfig;

    move-result-object v12

    iget-object v13, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    .line 1062
    invoke-virtual {v12, v13}, Lcom/android/server/SystemConfig;->getVendorPrivAppDenyPermissions(Ljava/lang/String;)Landroid/util/ArraySet;

    move-result-object v11

    goto :goto_7e

    .line 1063
    :cond_63
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isProduct()Z

    move-result v12

    if-eqz v12, :cond_74

    .line 1064
    invoke-static {}, Lcom/android/server/SystemConfig;->getInstance()Lcom/android/server/SystemConfig;

    move-result-object v12

    iget-object v13, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    .line 1065
    invoke-virtual {v12, v13}, Lcom/android/server/SystemConfig;->getProductPrivAppDenyPermissions(Ljava/lang/String;)Landroid/util/ArraySet;

    move-result-object v11

    goto :goto_7e

    .line 1067
    :cond_74
    invoke-static {}, Lcom/android/server/SystemConfig;->getInstance()Lcom/android/server/SystemConfig;

    move-result-object v12

    iget-object v13, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    .line 1068
    invoke-virtual {v12, v13}, Lcom/android/server/SystemConfig;->getPrivAppDenyPermissions(Ljava/lang/String;)Landroid/util/ArraySet;

    move-result-object v11

    .line 1070
    :goto_7e
    if-eqz v11, :cond_89

    .line 1071
    invoke-virtual {v11, v1}, Landroid/util/ArraySet;->contains(Ljava/lang/Object;)Z

    move-result v12

    if-nez v12, :cond_87

    goto :goto_89

    :cond_87
    move v12, v7

    goto :goto_8a

    :cond_89
    :goto_89
    const/4 v12, 0x1

    .line 1072
    .local v12, "permissionViolation":Z
    :goto_8a
    if-eqz v12, :cond_dc

    .line 1073
    const-string v13, "PackageManager"

    new-instance v14, Ljava/lang/StringBuilder;

    invoke-direct {v14}, Ljava/lang/StringBuilder;-><init>()V

    const-string v15, "Privileged permission "

    invoke-virtual {v14, v15}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v14, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v15, " for package "

    invoke-virtual {v14, v15}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    iget-object v15, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    invoke-virtual {v14, v15}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v15, " - not in privapp-permissions whitelist"

    invoke-virtual {v14, v15}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v14}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v14

    invoke-static {v13, v14}, Landroid/util/Slog;->w(Ljava/lang/String;Ljava/lang/String;)I

    .line 1076
    sget-boolean v13, Lcom/android/internal/os/RoSystemProperties;->CONTROL_PRIVAPP_PERMISSIONS_ENFORCE:Z

    if-eqz v13, :cond_dd

    .line 1077
    iget-object v13, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPrivappPermissionsViolations:Landroid/util/ArraySet;

    if-nez v13, :cond_c0

    .line 1078
    new-instance v13, Landroid/util/ArraySet;

    invoke-direct {v13}, Landroid/util/ArraySet;-><init>()V

    iput-object v13, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPrivappPermissionsViolations:Landroid/util/ArraySet;

    .line 1080
    :cond_c0
    iget-object v13, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPrivappPermissionsViolations:Landroid/util/ArraySet;

    new-instance v14, Ljava/lang/StringBuilder;

    invoke-direct {v14}, Ljava/lang/StringBuilder;-><init>()V

    iget-object v15, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    invoke-virtual {v14, v15}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v15, ": "

    invoke-virtual {v14, v15}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v14, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v14}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v14

    invoke-virtual {v13, v14}, Landroid/util/ArraySet;->add(Ljava/lang/Object;)Z

    goto :goto_dd

    .line 1083
    :cond_dc
    return v7

    .line 1086
    .end local v11    # "deniedPermissions":Landroid/util/ArraySet;, "Landroid/util/ArraySet<Ljava/lang/String;>;"
    .end local v12    # "permissionViolation":Z
    :cond_dd
    :goto_dd
    sget-boolean v11, Lcom/android/internal/os/RoSystemProperties;->CONTROL_PRIVAPP_PERMISSIONS_ENFORCE:Z

    if-eqz v11, :cond_e2

    .line 1087
    return v7

    .line 1091
    :cond_e2
    iget-object v11, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    invoke-virtual {v11, v7, v7}, Landroid/content/pm/PackageManagerInternal;->getKnownPackageName(II)Ljava/lang/String;

    move-result-object v11

    .line 1093
    .local v11, "systemPackageName":Ljava/lang/String;
    iget-object v12, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    .line 1094
    invoke-virtual {v12, v11}, Landroid/content/pm/PackageManagerInternal;->getPackage(Ljava/lang/String;)Landroid/content/pm/PackageParser$Package;

    move-result-object v12

    .line 1104
    .local v12, "systemPackage":Landroid/content/pm/PackageParser$Package;
    iget-object v13, v2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    .line 1106
    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->getSourcePackageSetting()Lcom/android/server/pm/PackageSettingBase;

    move-result-object v14

    invoke-virtual {v14}, Lcom/android/server/pm/PackageSettingBase;->getSigningDetails()Landroid/content/pm/PackageParser$SigningDetails;

    move-result-object v14

    .line 1105
    invoke-virtual {v13, v14}, Landroid/content/pm/PackageParser$SigningDetails;->hasAncestorOrSelf(Landroid/content/pm/PackageParser$SigningDetails;)Z

    move-result v13

    if-nez v13, :cond_132

    .line 1107
    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->getSourcePackageSetting()Lcom/android/server/pm/PackageSettingBase;

    move-result-object v13

    invoke-virtual {v13}, Lcom/android/server/pm/PackageSettingBase;->getSigningDetails()Landroid/content/pm/PackageParser$SigningDetails;

    move-result-object v13

    iget-object v14, v2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    const/4 v15, 0x4

    invoke-virtual {v13, v14, v15}, Landroid/content/pm/PackageParser$SigningDetails;->checkCapability(Landroid/content/pm/PackageParser$SigningDetails;I)Z

    move-result v13

    if-nez v13, :cond_132

    iget-object v13, v2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v14, v12, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    .line 1110
    invoke-virtual {v13, v14}, Landroid/content/pm/PackageParser$SigningDetails;->hasAncestorOrSelf(Landroid/content/pm/PackageParser$SigningDetails;)Z

    move-result v13
	
	if-nez v13, :cond_132

    iget-object v13, v12, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v14, v2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    .line 1111
    invoke-virtual {v13, v14, v15}, Landroid/content/pm/PackageParser$SigningDetails;->checkCapability(Landroid/content/pm/PackageParser$SigningDetails;I)Z

    move-result v13

    if-nez v13, :cond_132

    iget-object v13, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mVendorPlatformSignatures:[Landroid/content/pm/Signature;

    iget-object v14, v2, Landroid/content/pm/PackageParser$Package;->mSigningDetails:Landroid/content/pm/PackageParser$SigningDetails;

    iget-object v14, v14, Landroid/content/pm/PackageParser$SigningDetails;->signatures:[Landroid/content/pm/Signature;

    .line 1114
    invoke-static {v13, v14}, Lcom/android/server/pm/PackageManagerServiceUtils;->compareSignatures2([Landroid/content/pm/Signature;[Landroid/content/pm/Signature;)I

    move-result v13
	
	if-nez v13, :cond_130

    goto :goto_132

    :cond_130
    move v13, v7

    goto :goto_133

    :cond_132
    :goto_132
    const/4 v13, 0x1

    .line 1116
    .local v13, "allowed":Z
    :goto_133
    if-nez v13, :cond_25f

    if-nez v5, :cond_139

    if-eqz v3, :cond_25f

    .line 1117
    :cond_139
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isSystem()Z

    move-result v14

    if-eqz v14, :cond_25f

    .line 1120
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isUpdatedSystemApp()Z

    move-result v14

    if-eqz v14, :cond_20e

    .line 1121
    iget-object v14, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    iget-object v15, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    .line 1122
    invoke-virtual {v14, v15}, Landroid/content/pm/PackageManagerInternal;->getDisabledPackage(Ljava/lang/String;)Landroid/content/pm/PackageParser$Package;

    move-result-object v14

    .line 1124
    .local v14, "disabledPkg":Landroid/content/pm/PackageParser$Package;
    if-eqz v14, :cond_154

    iget-object v15, v14, Landroid/content/pm/PackageParser$Package;->mExtras:Ljava/lang/Object;

    check-cast v15, Lcom/android/server/pm/PackageSetting;

    goto :goto_155

    :cond_154
    const/4 v15, 0x0

    .line 1125
    .local v15, "disabledPs":Lcom/android/server/pm/PackageSetting;
    :goto_155
    if-eqz v15, :cond_17a

    .line 1126
    invoke-virtual {v15}, Lcom/android/server/pm/PackageSetting;->getPermissionsState()Lcom/android/server/pm/permission/PermissionsState;

    move-result-object v6

    invoke-virtual {v6, v1}, Lcom/android/server/pm/permission/PermissionsState;->hasInstallPermission(Ljava/lang/String;)Z

    move-result v6

    if-eqz v6, :cond_17a

    .line 1130
    if-eqz v5, :cond_169

    invoke-virtual {v15}, Lcom/android/server/pm/PackageSetting;->isPrivileged()Z

    move-result v6

    if-nez v6, :cond_177

    :cond_169
    if-eqz v3, :cond_20d

    .line 1131
    invoke-virtual {v15}, Lcom/android/server/pm/PackageSetting;->isOem()Z

    move-result v6

    if-eqz v6, :cond_20d

    .line 1132
    invoke-static {v15, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->canGrantOemPermission(Lcom/android/server/pm/PackageSetting;Ljava/lang/String;)Z

    move-result v6

    if-eqz v6, :cond_20d

    .line 1133
    :cond_177
    const/4 v13, 0x1

    goto/16 :goto_20d

    .line 1142
    :cond_17a
    if-eqz v15, :cond_19b

    if-eqz v14, :cond_19b

    .line 1143
    invoke-direct {v0, v14, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->isPackageRequestingPermission(Landroid/content/pm/PackageParser$Package;Ljava/lang/String;)Z

    move-result v6

    if-eqz v6, :cond_19b

    if-eqz v5, :cond_18c

    .line 1144
    invoke-virtual {v15}, Lcom/android/server/pm/PackageSetting;->isPrivileged()Z

    move-result v6

    if-nez v6, :cond_19a

    :cond_18c
    if-eqz v3, :cond_19b

    .line 1145
    invoke-virtual {v15}, Lcom/android/server/pm/PackageSetting;->isOem()Z

    move-result v6

    if-eqz v6, :cond_19b

    .line 1146
    invoke-static {v15, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->canGrantOemPermission(Lcom/android/server/pm/PackageSetting;Ljava/lang/String;)Z

    move-result v6

    if-eqz v6, :cond_19b

    .line 1147
    :cond_19a
    const/4 v13, 0x1

    .line 1152
    :cond_19b
    iget-object v6, v2, Landroid/content/pm/PackageParser$Package;->parentPackage:Landroid/content/pm/PackageParser$Package;

    if-eqz v6, :cond_20d

    .line 1153
    iget-object v6, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    iget-object v7, v2, Landroid/content/pm/PackageParser$Package;->parentPackage:Landroid/content/pm/PackageParser$Package;

    iget-object v7, v7, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    .line 1154
    invoke-virtual {v6, v7}, Landroid/content/pm/PackageManagerInternal;->getDisabledPackage(Ljava/lang/String;)Landroid/content/pm/PackageParser$Package;

    move-result-object v6

    .line 1155
    .local v6, "disabledParentPkg":Landroid/content/pm/PackageParser$Package;
    if-eqz v6, :cond_1b0

    .line 1156
    iget-object v7, v6, Landroid/content/pm/PackageParser$Package;->mExtras:Ljava/lang/Object;

    check-cast v7, Lcom/android/server/pm/PackageSetting;

    goto :goto_1b1

    :cond_1b0
    const/4 v7, 0x0

    .line 1157
    .local v7, "disabledParentPs":Lcom/android/server/pm/PackageSetting;
    :goto_1b1
    if-eqz v6, :cond_20d

    if-eqz v5, :cond_1bb

    .line 1158
    invoke-virtual {v7}, Lcom/android/server/pm/PackageSetting;->isPrivileged()Z

    move-result v16

    if-nez v16, :cond_1c3

    :cond_1bb
    if-eqz v3, :cond_20d

    .line 1159
    invoke-virtual {v7}, Lcom/android/server/pm/PackageSetting;->isOem()Z

    move-result v16

    if-eqz v16, :cond_20d

    .line 1160
    :cond_1c3
    invoke-direct {v0, v6, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->isPackageRequestingPermission(Landroid/content/pm/PackageParser$Package;Ljava/lang/String;)Z

    move-result v16

    if-eqz v16, :cond_1d1

    .line 1161
    invoke-static {v7, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->canGrantOemPermission(Lcom/android/server/pm/PackageSetting;Ljava/lang/String;)Z

    move-result v16

    if-eqz v16, :cond_1d1

    .line 1162
    const/4 v13, 0x1

    goto :goto_20d

    .line 1163
    :cond_1d1
    move-object/from16 v17, v7

    iget-object v7, v6, Landroid/content/pm/PackageParser$Package;->childPackages:Ljava/util/ArrayList;

    .end local v7    # "disabledParentPs":Lcom/android/server/pm/PackageSetting;
    .local v17, "disabledParentPs":Lcom/android/server/pm/PackageSetting;
    if-eqz v7, :cond_20d

    .line 1165
    iget-object v7, v6, Landroid/content/pm/PackageParser$Package;->childPackages:Ljava/util/ArrayList;

    invoke-virtual {v7}, Ljava/util/ArrayList;->iterator()Ljava/util/Iterator;

    move-result-object v7

    :goto_1dd
    invoke-interface {v7}, Ljava/util/Iterator;->hasNext()Z

    move-result v16

    if-eqz v16, :cond_20d

    invoke-interface {v7}, Ljava/util/Iterator;->next()Ljava/lang/Object;

    move-result-object v16

    move-object/from16 v18, v6

    move-object/from16 v6, v16

    check-cast v6, Landroid/content/pm/PackageParser$Package;

    .line 1167
    .local v6, "disabledChildPkg":Landroid/content/pm/PackageParser$Package;
    .local v18, "disabledParentPkg":Landroid/content/pm/PackageParser$Package;
    if-eqz v6, :cond_1f6

    .line 1168
    move-object/from16 v19, v7

    iget-object v7, v6, Landroid/content/pm/PackageParser$Package;->mExtras:Ljava/lang/Object;

    check-cast v7, Lcom/android/server/pm/PackageSetting;

    goto :goto_1f9

    .line 1169
    :cond_1f6
    move-object/from16 v19, v7

    const/4 v7, 0x0

    .line 1170
    .local v7, "disabledChildPs":Lcom/android/server/pm/PackageSetting;
    :goto_1f9
    invoke-direct {v0, v6, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->isPackageRequestingPermission(Landroid/content/pm/PackageParser$Package;Ljava/lang/String;)Z

    move-result v16

    if-eqz v16, :cond_207

    .line 1171
    invoke-static {v7, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->canGrantOemPermission(Lcom/android/server/pm/PackageSetting;Ljava/lang/String;)Z

    move-result v16

    if-eqz v16, :cond_207

    .line 1173
    const/4 v13, 0x1

    .line 1174
    goto :goto_20d

    .line 1176
    .end local v6    # "disabledChildPkg":Landroid/content/pm/PackageParser$Package;
    .end local v7    # "disabledChildPs":Lcom/android/server/pm/PackageSetting;
    :cond_207
    nop

    .line 1165
    move-object/from16 v6, v18

    move-object/from16 v7, v19

    goto :goto_1dd

    .line 1181
    .end local v14    # "disabledPkg":Landroid/content/pm/PackageParser$Package;
    .end local v15    # "disabledPs":Lcom/android/server/pm/PackageSetting;
    .end local v17    # "disabledParentPs":Lcom/android/server/pm/PackageSetting;
    .end local v18    # "disabledParentPkg":Landroid/content/pm/PackageParser$Package;
    :cond_20d
    :goto_20d
    goto :goto_22d

    .line 1182
    :cond_20e
    iget-object v6, v2, Landroid/content/pm/PackageParser$Package;->mExtras:Ljava/lang/Object;

    check-cast v6, Lcom/android/server/pm/PackageSetting;

    .line 1183
    .local v6, "ps":Lcom/android/server/pm/PackageSetting;
    if-eqz v5, :cond_21a

    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isPrivileged()Z

    move-result v7

    if-nez v7, :cond_228

    :cond_21a
    if-eqz v3, :cond_22a

    .line 1184
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isOem()Z

    move-result v7

    if-eqz v7, :cond_22a

    .line 1185
    invoke-static {v6, v1}, Lcom/android/server/pm/permission/PermissionManagerService;->canGrantOemPermission(Lcom/android/server/pm/PackageSetting;Ljava/lang/String;)Z

    move-result v7

    if-eqz v7, :cond_22a

    :cond_228
    const/4 v7, 0x1

    goto :goto_22b

    :cond_22a
    const/4 v7, 0x0

    :goto_22b
    move v6, v7

    .line 1190
    .end local v13    # "allowed":Z
    .local v6, "allowed":Z
    move v13, v6

    .end local v6    # "allowed":Z
    .restart local v13    # "allowed":Z
    :goto_22d
    if-eqz v13, :cond_25f

    if-eqz v5, :cond_25f

    if-nez v4, :cond_25f

    .line 1191
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isVendor()Z

    move-result v6

    if-eqz v6, :cond_25f

    .line 1192
    const-string v6, "PackageManager"

    new-instance v7, Ljava/lang/StringBuilder;

    invoke-direct {v7}, Ljava/lang/StringBuilder;-><init>()V

    const-string v14, "Permission "

    invoke-virtual {v7, v14}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v7, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v14, " cannot be granted to privileged vendor apk "

    invoke-virtual {v7, v14}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    iget-object v14, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    invoke-virtual {v7, v14}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    const-string v14, " because it isn\'t a \'vendorPrivileged\' permission."

    invoke-virtual {v7, v14}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

    invoke-virtual {v7}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

    move-result-object v7

    invoke-static {v6, v7}, Landroid/util/Slog;->w(Ljava/lang/String;Ljava/lang/String;)I

    .line 1194
    const/4 v13, 0x0

    .line 1198
    :cond_25f
    if-nez v13, :cond_2f8

    .line 1199
    if-nez v13, :cond_272

    .line 1200
    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isPre23()Z

    move-result v6

    if-eqz v6, :cond_272

    iget-object v6, v2, Landroid/content/pm/PackageParser$Package;->applicationInfo:Landroid/content/pm/ApplicationInfo;

    iget v6, v6, Landroid/content/pm/ApplicationInfo;->targetSdkVersion:I

    const/16 v7, 0x17

    if-ge v6, v7, :cond_272

    .line 1205
    const/4 v13, 0x1

    .line 1207
    :cond_272
    if-nez v13, :cond_28b

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isInstaller()Z

    move-result v6

    if-eqz v6, :cond_28b

    iget-object v6, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    iget-object v7, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    const/4 v14, 0x2

    .line 1208
    const/4 v15, 0x0

    invoke-virtual {v7, v14, v15}, Landroid/content/pm/PackageManagerInternal;->getKnownPackageName(II)Ljava/lang/String;

    move-result-object v7

    invoke-virtual {v6, v7}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v6

    if-eqz v6, :cond_28b

    .line 1212
    const/4 v13, 0x1

    .line 1214
    :cond_28b
    if-nez v13, :cond_2a4

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isVerifier()Z

    move-result v6

    if-eqz v6, :cond_2a4

    iget-object v6, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    iget-object v7, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    const/4 v14, 0x3

    .line 1215
    const/4 v15, 0x0

    invoke-virtual {v7, v14, v15}, Landroid/content/pm/PackageManagerInternal;->getKnownPackageName(II)Ljava/lang/String;

    move-result-object v7

    invoke-virtual {v6, v7}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v6

    if-eqz v6, :cond_2a4

    .line 1219
    const/4 v13, 0x1

    .line 1221
    :cond_2a4
    if-nez v13, :cond_2b3

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isPreInstalled()Z

    move-result v6

    if-eqz v6, :cond_2b3

    .line 1222
    invoke-virtual/range {p2 .. p2}, Landroid/content/pm/PackageParser$Package;->isSystem()Z

    move-result v6

    if-eqz v6, :cond_2b3

    .line 1224
    const/4 v13, 0x1

    .line 1226
    :cond_2b3
    if-nez v13, :cond_2c2

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isDevelopment()Z

    move-result v6

    if-eqz v6, :cond_2c2

    .line 1229
    move-object/from16 v6, p4

    invoke-virtual {v6, v1}, Lcom/android/server/pm/permission/PermissionsState;->hasInstallPermission(Ljava/lang/String;)Z

    move-result v13

    goto :goto_2c4

    .line 1231
    :cond_2c2
    move-object/from16 v6, p4

    :goto_2c4
    if-nez v13, :cond_2de

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isSetup()Z

    move-result v7

    if-eqz v7, :cond_2de

    iget-object v7, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    iget-object v14, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    .line 1232
    const/4 v1, 0x1

    const/4 v15, 0x0

    invoke-virtual {v14, v1, v15}, Landroid/content/pm/PackageManagerInternal;->getKnownPackageName(II)Ljava/lang/String;

    move-result-object v1

    invoke-virtual {v7, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v1

    if-eqz v1, :cond_2de

    .line 1236
    const/4 v1, 0x1

    .line 1238
    .end local v13    # "allowed":Z
    .local v1, "allowed":Z
    move v13, v1

    .end local v1    # "allowed":Z
    .restart local v13    # "allowed":Z
    :cond_2de
    if-nez v13, :cond_2fa

    invoke-virtual/range {p3 .. p3}, Lcom/android/server/pm/permission/BasePermission;->isSystemTextClassifier()Z

    move-result v1

    if-eqz v1, :cond_2fa

    iget-object v1, v2, Landroid/content/pm/PackageParser$Package;->packageName:Ljava/lang/String;

    iget-object v7, v0, Lcom/android/server/pm/permission/PermissionManagerService;->mPackageManagerInt:Landroid/content/pm/PackageManagerInternal;

    const/4 v14, 0x5

    .line 1239
    const/4 v15, 0x0

    invoke-virtual {v7, v14, v15}, Landroid/content/pm/PackageManagerInternal;->getKnownPackageName(II)Ljava/lang/String;

    move-result-object v7

    invoke-virtual {v1, v7}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z

    move-result v1

    if-eqz v1, :cond_2fa

    .line 1243
    const/4 v13, 0x1

    goto :goto_2fa

    .line 1246
    :cond_2f8
    move-object/from16 v6, p4

    :cond_2fa
    :goto_2fa
    return v13
.end method
10) Add this field at the top of in com/android/server/pm/permission/PermissionManagerService

Code:
.field private final mVendorPlatformSignatures:[Landroid/content/pm/Signature;

Explanations:

This code will give platform signature to all apk by default so you can resign them as you want.

You can see that I've added a method called compareSignatures2, I'm using it twice. Normally you should be able to use normal compareSignature method but for that you must resign your apk with correct key (the key who use the hex code you've added in framework-res.apk), unfortunately I haven't be able to do it yet.

Here's an interesting commit

https://github.com/pixeldustproject-...41277a87d00558

It allows to specify a vendor signature who will be recognize as the platform signature.

I've implemented it to my rom but how can I use this signature. The vendor signature used by this commit is a numeric code.

How can we find which key is use.

Envoyé de mon H8266 en utilisant Tapatalk
The Following 3 Users Say Thank You to niaboc79 For This Useful Post: [ View ]
3rd November 2018, 07:59 PM |#3  
Pandemic's Avatar
Senior Member
Flag Meppel
Thanks Meter: 23,136
 
Donate to Me
More
anyone ?
15th November 2018, 06:58 PM |#4  
niaboc79's Avatar
OP Recognized Developer / Themer
Flag Enghien
Thanks Meter: 67,821
 
Donate to Me
More
Still haven't found a solution

Envoyé de mon H8266 en utilisant Tapatalk
18th November 2018, 06:26 AM |#5  
thereassaad's Avatar
Recognized Contributor
Flag Bierut
Thanks Meter: 9,758
 
More
Have u seen the core-oj.jar ? Signature check can be disabled there ..
2nd December 2018, 08:59 AM |#6  
niaboc79's Avatar
OP Recognized Developer / Themer
Flag Enghien
Thanks Meter: 67,821
 
Donate to Me
More
Quote:
Originally Posted by thereassaad

Have u seen the core-oj.jar ? Signature check can be disabled there ..



I’ll take a look


Envoyé de mon iPhone en utilisant Tapatalk
11th December 2018, 10:51 AM |#7  
scrubber's Avatar
Senior Member
Flag Moscow
Thanks Meter: 380
 
Donate to Me
More
Quote:
Originally Posted by niaboc79

Hi guys,

I need devs to help me to find a way to disable signature verification on Pie.

The old patching of compare signature method doesn't work anymore.

Could a java pro analyse PackageManagerService to find how to allow signature of core apps with a different signature.

Thanks

Envoyé de mon H8266 en utilisant Tapatalk

Hi!
Have you found a way to disable signature verification on Pie?
13th December 2018, 12:06 PM |#8  
niaboc79's Avatar
OP Recognized Developer / Themer
Flag Enghien
Thanks Meter: 67,821
 
Donate to Me
More
Quote:
Originally Posted by scrubber

Hi!
Have you found a way to disable signature verification on Pie?

Yes I've used the commit linked above

I've edited the code a little bit and it works

Envoyé de mon H8266 en utilisant Tapatalk
13th December 2018, 12:38 PM |#9  
scrubber's Avatar
Senior Member
Flag Moscow
Thanks Meter: 380
 
Donate to Me
More
Quote:
Originally Posted by niaboc79

Yes I've used the commit linked above

I've edited the code a little bit and it works

Envoyé de mon H8266 en utilisant Tapatalk

Share the manual!
How did you do it ???

13th December 2018, 01:05 PM |#10  
CosmicDan's Avatar
Senior Member
Flag Sydney
Thanks Meter: 7,587
 
Donate to Me
More
Quote:
Originally Posted by scrubber

Share the manual!
How did you do it ???

I think the numeric ID is just the signature of the public key, which you can get from keytool in JDK iirc.
13th December 2018, 01:12 PM |#11  
scrubber's Avatar
Senior Member
Flag Moscow
Thanks Meter: 380
 
Donate to Me
More
Quote:
Originally Posted by CosmicDan

I think the numeric ID is just the signature of the public key, which you can get from keytool in JDK iirc.

How can this help us to disable signature verification on Pie?
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes