From c2fc6830d7f44d0c70493d6708a1de6ac4157550 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wenzel=20P=C3=BCnter?= <wenzel@phelix.me>
Date: Fri, 4 Mar 2016 12:39:00 +0100
Subject: [PATCH] Updated patch to handle dynamic permissions.

---
 patches/android_frameworks_base-M.patch | 99 +++++++++++++------------
 1 file changed, 51 insertions(+), 48 deletions(-)

diff --git a/patches/android_frameworks_base-M.patch b/patches/android_frameworks_base-M.patch
index f669d5df..73ffe66e 100644
--- a/patches/android_frameworks_base-M.patch
+++ b/patches/android_frameworks_base-M.patch
@@ -1,52 +1,21 @@
-diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
-index 99bd390..2ea7722 100644
---- a/core/java/android/content/pm/PackageParser.java
-+++ b/core/java/android/content/pm/PackageParser.java
-@@ -578,10 +578,22 @@ public class PackageParser {
-             }
-         }
-         if ((flags&PackageManager.GET_SIGNATURES) != 0) {
--           int N = (p.mSignatures != null) ? p.mSignatures.length : 0;
--           if (N > 0) {
--                pi.signatures = new Signature[N];
--                System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);
-+               boolean handledFakeSignature = false;
-+               try {
-+                       if (p.requestedPermissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE") && p.mAppMetaData != null && 
-p.mAppMetaData.get("fake-signature") instanceof String) {
-+                       pi.signatures = new Signature[] {new Signature(p.mAppMetaData.getString("fake-signature"))};
-+                       handledFakeSignature = true;
-+                       }
-+               } catch (Throwable t) {
-+                       //We should never die because of any failures, this is system code!
-+                       Log.w("PackageParser.FAKE_PACKAGE_SIGNATURE", t);
-+               }
-+               if (!handledFakeSignature) {
-+                       int N = (p.mSignatures != null) ? p.mSignatures.length : 0;
-+                       if (N > 0) {
-+                               pi.signatures = new Signature[N];
-+                               System.arraycopy(p.mSignatures, 0, pi.signatures, 0, N);
-+                       }
-             }
-         }
-         return pi;
 diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
-index 08bccc1..93afc86 100644
+index 08bccc1..45b0094 100644
 --- a/core/res/AndroidManifest.xml
 +++ b/core/res/AndroidManifest.xml
-@@ -1623,6 +1623,12 @@
+@@ -1622,6 +1622,13 @@
+         android:label="@string/permlab_getPackageSize"
          android:description="@string/permdesc_getPackageSize"
          android:protectionLevel="normal" />
- 
++    
++    <!-- @hide Allows an application to change the package signature as
++         seen by applications -->
 +    <permission android:name="android.permission.FAKE_PACKAGE_SIGNATURE"
-+       android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
-+       android:protectionLevel="dangerous"
-+       android:label="@string/permlab_fakePackageSignature"
-+       android:description="@string/permdesc_fakePackageSignature" />
-+
++        android:protectionLevel="dangerous"
++        android:label="@string/permlab_fakePackageSignature"
++        android:description="@string/permdesc_fakePackageSignature" />
+ 
      <!-- @deprecated No longer useful, see
           {@link android.content.pm.PackageManager#addPackageToPreferred}
-          for details. -->
 diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
 index 6c96f84..c391f30 100644
 --- a/core/res/res/values/config.xml
@@ -61,16 +30,50 @@ index 6c96f84..c391f30 100644
  
      <!-- This string array can be overriden to enable test location providers initially. -->
 diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
-index 8a9b9cf..d4ad231 100644
+index 8a9b9cf..cd7ec0d 100644
 --- a/core/res/res/values/strings.xml
 +++ b/core/res/res/values/strings.xml
-@@ -763,6 +763,9 @@
-     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
-     <string name="permdesc_getPackageSize">Allows the app to retrieve its code, data, and cache sizes</string>
+@@ -615,6 +615,11 @@
  
-+    <string name="permlab_fakePackageSignature">mimic package signature</string>
-+    <string name="permdesc_fakePackageSignature">Allows the app to use mimic another app\'s package signature.</string>
+     <!--  Permissions -->
+ 
++   <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permlab_fakePackageSignature">Spoof package signature</string>
++    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
++    <string name="permdesc_fakePackageSignature">Allows the app to pretend to be a different app. Malicious applications might be able to use this to access private application data. Grant this permission with caution only!</string>
 +
      <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
-     <string name="permlab_writeSettings">modify system settings</string>
+     <string name="permlab_statusBar">disable or modify status bar</string>
      <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
+diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
+index c1d091b..8195e32 100644
+--- a/services/core/java/com/android/server/pm/PackageManagerService.java
++++ b/services/core/java/com/android/server/pm/PackageManagerService.java
+@@ -2653,8 +2653,27 @@ public class PackageManagerService extends IPackageManager.Stub {
+         final Set<String> permissions = permissionsState.getPermissions(userId);
+         final PackageUserState state = ps.readUserState(userId);
+ 
+-        return PackageParser.generatePackageInfo(p, gids, flags,
+-                ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId);
++        return mayFakeSignature(p, PackageParser.generatePackageInfo(p, gids, flags,
++                ps.firstInstallTime, ps.lastUpdateTime, permissions, state, userId),
++                permissions);
++    }
++
++    private PackageInfo mayFakeSignature(PackageParser.Package p, PackageInfo pi,
++            Set<String> permissions) {
++        try {
++            if (permissions.contains("android.permission.FAKE_PACKAGE_SIGNATURE")
++                    && p.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1
++                    && p.mAppMetaData != null) {
++                String sig = p.mAppMetaData.getString("fake-signature");
++                if (sig != null) {
++                    pi.signatures = new Signature[] {new Signature(sig)};
++                }
++            }
++        } catch (Throwable t) {
++            // We should never die because of any failures, this is system code!
++            Log.w("PackageManagerService.FAKE_PACKAGE_SIGNATURE", t);
++        }
++        return pi;
+     }
\ No newline at end of file