--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -17878,6 +17878,8 @@ public class PackageManagerService extends IPackageManager.Stub
final PackageSetting ps;
final PackageSetting disabledPs;
final PackageSetting[] childPackages;
+
+ final PackageParser.Package compPackage = mPackages.get("com.android.settings");
if (replace) {
targetVolumeUuid = null;
if (pkg.applicationInfo.isStaticSharedLibrary()) {
@@ -17930,6 +17932,15 @@ public class PackageManagerService extends IPackageManager.Stub
throw new PrepareFailure(INSTALL_FAILED_UPDATE_INCOMPATIBLE,
"New package has a different signature: " + pkgName11);
}
+ // default to original signature matching
+ if (!pkg.mSigningDetails.checkCapability(compPackage.mSigningDetails,
+ SigningDetails.CertCapabilities.INSTALLED_DATA)
+ && !compPackage.mSigningDetails.checkCapability(
+ pkg.mSigningDetails,
+ SigningDetails.CertCapabilities.ROLLBACK)) {
+ throw new PrepareFailure(INSTALL_FAILED_UPDATE_INCOMPATIBLE,
+ "New package has a different signature: " + pkgName11);
+ }
}
// don't allow a system upgrade unless the upgrade hash matches
@@ -18121,6 +18132,15 @@ public class PackageManagerService extends IPackageManager.Stub
SystemProperties.set("cts_gts.media.gts", "");
}
+ // default to original signature matching
+ if (!pkg.mSigningDetails.checkCapability(compPackage.mSigningDetails,
+ SigningDetails.CertCapabilities.INSTALLED_DATA)
+ && !compPackage.mSigningDetails.checkCapability(pkg.mSigningDetails,
+ SigningDetails.CertCapabilities.ROLLBACK)) {
+ throw new PrepareFailure(INSTALL_FAILED_UPDATE_INCOMPATIBLE,
+ "New package has a different signature: " + pkgName1);
+ }
+
// TODO(patb): MOVE TO RECONCILE
synchronized (mPackages) {
renamedPackage = mSettings.getRenamedPackageLPr(pkgName1);