Check signature match between Cert installer and Settings

To prevent an app masquerading as com.android.certinstaller install
malicious certs.

Bug: 22095968
Change-Id: Ia79f326af0f39a23b687cb08981920665669e0a1

diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java
index a12369b..18b4ac8 100644 (file)
--- a/src/com/android/settings/CredentialStorage.java
+++ b/src/com/android/settings/CredentialStorage.java
@@ -22,6 +22,7 @@ import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
+import android.content.pm.PackageManager;
 import android.content.pm.UserInfo;
 import android.content.res.Resources;
 import android.os.AsyncTask;
@@ -417,8 +418,10 @@ public final class CredentialStorage extends Activity {
      */
     private boolean checkCallerIsCertInstallerOrSelfInProfile() {
         if (TextUtils.equals("com.android.certinstaller", getCallingPackage())) {
-            // CertInstaller is allowed to install credentials
-            return true;
+            // CertInstaller is allowed to install credentials if it has the same signature as
+            // Settings package.
+            return getPackageManager().checkSignatures(
+                    getCallingPackage(), getPackageName()) == PackageManager.SIGNATURE_MATCH;
         }
 
         final int launchedFromUserId;