feat: Handle packages not installed when spoofed to them

oSumAtrIX · oSumAtrIX · commit 8d07810d3851 · 2024-03-27T22:06:34.000+01:00
If a package being spoofed is not installed on the device, GmsCore rejects it. This can only occur when spoofing is present, which means that handling this case should be allowed as a package that does not exist and can only happen when spoofing.
diff --git a/play-services-base/core/src/main/java/org/microg/gms/common/PackageUtils.java b/play-services-base/core/src/main/java/org/microg/gms/common/PackageUtils.java
@@ -81,6 +81,11 @@ public static boolean callerHasGooglePackagePermission(Context context, GooglePa
                     packageCandidate
             );
 
+            // See https://github.com/ReVanced/GmsCore/issues/10.
+            ExtendedPackageInfo extendedPackageInfo = new ExtendedPackageInfo(context, packageName);
+            if (!extendedPackageInfo.isInstalled())
+                return true;
+
             if (new ExtendedPackageInfo(context, packageName).hasGooglePackagePermission(permission)) {
                 return true;
             }
@@ -241,7 +246,7 @@ public static String getAndCheckPackage(Context context, String suggestedPackage
         if (packageName != null && suggestedPackageName != null && !packageName.equals(suggestedPackageName)) {
             throw new SecurityException("UID [" + callingUid + "] is not related to packageName [" + suggestedPackageName + "] (seems to be " + packageName + ")");
         }
-        return PackageSpoofUtils.spoofPackageName(context.getPackageManager(), packageName);
+        return packageName;
     }
 
     @Nullable
diff --git a/play-services-base/core/src/main/kotlin/org/microg/gms/common/PackageSpoofUtils.kt b/play-services-base/core/src/main/kotlin/org/microg/gms/common/PackageSpoofUtils.kt
@@ -10,7 +10,7 @@ import java.util.*
 /**
  * Utilities to spoof package information.
  */
-internal object PackageSpoofUtils {
+object PackageSpoofUtils {
     private const val TAG = "SpoofUtils"
     private const val META_SPOOF_PACKAGE_NAME =
         BuildConfig.BASE_PACKAGE_NAME + ".android.gms.SPOOFED_PACKAGE_NAME"
diff --git a/play-services-core/src/main/java/org/microg/gms/auth/AuthManager.java b/play-services-core/src/main/java/org/microg/gms/auth/AuthManager.java
@@ -15,6 +15,7 @@
 
 import androidx.annotation.RequiresPermission;
 import com.google.android.gms.base.BuildConfig;
+import org.microg.gms.common.PackageSpoofUtils;
 import org.microg.gms.common.PackageUtils;
 import org.microg.gms.settings.SettingsContract;
 
@@ -269,7 +270,10 @@ public AuthResponse requestAuth(boolean legacy) throws IOException {
         }
         AuthRequest request = new AuthRequest().fromContext(context)
                 .source("android")
-                .app(packageName, getPackageSignature())
+                .app(
+                        PackageSpoofUtils.spoofPackageName(context.getPackageManager(), packageName),
+                        PackageSpoofUtils.spoofStringSignature(context.getPackageManager(), packageName, getPackageSignature())
+                )
                 .email(accountName)
                 .token(getAccountManager().getPassword(account))
                 .service(service)
diff --git a/play-services-core/src/main/java/org/microg/gms/auth/loginservice/AccountAuthenticator.java b/play-services-core/src/main/java/org/microg/gms/auth/loginservice/AccountAuthenticator.java
@@ -34,6 +34,7 @@
 import org.microg.gms.auth.AuthManager;
 import org.microg.gms.auth.AuthResponse;
 import org.microg.gms.auth.login.LoginActivity;
+import org.microg.gms.common.PackageSpoofUtils;
 import org.microg.gms.common.PackageUtils;
 
 import java.util.Arrays;
@@ -107,7 +108,7 @@ public Bundle getAuthToken(AccountAuthenticatorResponse response, Account accoun
                 Intent i = new Intent(context, AskPermissionActivity.class);
                 i.putExtras(options);
                 i.putExtra(KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response);
-                i.putExtra(KEY_ANDROID_PACKAGE_NAME, app);
+                i.putExtra(KEY_ANDROID_PACKAGE_NAME, PackageSpoofUtils.spoofPackageName(context.getPackageManager(), app));
                 i.putExtra(KEY_ACCOUNT_TYPE, account.type);
                 i.putExtra(KEY_ACCOUNT_NAME, account.name);
                 i.putExtra(KEY_AUTHTOKEN, authTokenType);

Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,11 @@ public static boolean callerHasGooglePackagePermission(Context context, GooglePa`
`81`	`81`	`packageCandidate`
`82`	`82`	`);`
`83`	`83`
	`84`	`+ // See https://github.com/ReVanced/GmsCore/issues/10.`
	`85`	`+ ExtendedPackageInfo extendedPackageInfo = new ExtendedPackageInfo(context, packageName);`
	`86`	`+ if (!extendedPackageInfo.isInstalled())`
	`87`	`+ return true;`
	`88`	`+`
`84`	`89`	`if (new ExtendedPackageInfo(context, packageName).hasGooglePackagePermission(permission)) {`
`85`	`90`	`return true;`
`86`	`91`	`}`
`@@ -241,7 +246,7 @@ public static String getAndCheckPackage(Context context, String suggestedPackage`
`241`	`246`	`if (packageName != null && suggestedPackageName != null && !packageName.equals(suggestedPackageName)) {`
`242`	`247`	`throw new SecurityException("UID [" + callingUid + "] is not related to packageName [" + suggestedPackageName + "] (seems to be " + packageName + ")");`
`243`	`248`	`}`
`244`		`- return PackageSpoofUtils.spoofPackageName(context.getPackageManager(), packageName);`
	`249`	`+ return packageName;`
`245`	`250`	`}`
`246`	`251`
`247`	`252`	`@Nullable`