Convert the app signature check to use SHA-256 instead of SHA1.

Test:atest cts/tests/tests/telephony/current/src/android/telephony/cts/TelephonyManagerTest.java
Test2:atest cts/tests/tests/telephony/current/src/android/telephony/cts/TelephonyManagerTestOnMockModem.java
Test3: manual test with Fi's TychoApk-debug.apk
Bug: 321868791
Bug: 326325598
Change-Id: I96cb01864b3db3640664d549337fbe30aee262c9
diff --git a/assets/CarrierRestrictionOperatorDetails.json b/assets/CarrierRestrictionOperatorDetails.json
index 596ab75..68d066e 100644
--- a/assets/CarrierRestrictionOperatorDetails.json
+++ b/assets/CarrierRestrictionOperatorDetails.json
@@ -1,10 +1,10 @@
 {
-  "_comment": "Operator should register with its application package name, carrierId and all the corresponding  SHAIDs",
-  "_comment": "Example format :: << \"packageName\" : {\"carrierId\":<int>, \"callerSHA1Id\":[<SHAID1>, <SHAID2>]} >>",
-  "com.vzw.hss.myverizon":{"carrierIds":[1839],"callerSHA1Id":["C58EE7871896786F8BF70EBDB137DE10074043E9","AE23A03436DF07B0CD70FE881CDA2EC1D21215D7B7B0CC68E67B67F5DF89526A"]},
-  "com.google.android.apps.tycho":{"carrierIds":[1989],"callerSHA1Id":["B9CFCE1C47A6AC713442718F15EF55B00B3A6D1A6D48CB46249FA8EB51465350","4C36AF4A5BDAD97C1F3D8B283416D244496C2AC5EAFE8226079EF6F676FD1859"]},
-  "com.comcast.mobile.mxs":{"carrierIds": [2032, 2532, 2556],"callerSHA1Id":["CB16D6A0BEA2F4ED808107408104B2DB3258DF52","914C26403B57D2D482359FC235CC825AD00D52B0121C18EF2B2B9D4DDA4B8996"]},
-  "com.xfinity.digitalhome": {"carrierIds": [2032],"callerSHA1Id":["be268ab5b6126ce1abd6c3131b33b6d02e44d717","31b4c17315c2269040d535f7b6a79cf4d11517c664d9de8f1ddf4f8a785aad47"]},
-  "com.xfinity.digitalhome.debug":{"carrierIds": [2032],"callerSHA1Id":["611f61225138a566428f34e927ad5f2a02fd151e","c9133e8168f97573c8c567f46777dff74ade0c015ecf2c5e91be3e4e76ddcae2"]},
-  "com.xfinity.dh.xm.app": {"carrierIds": [2032],"callerSHA1Id":["611f61225138a566428f34e927ad5f2a02fd151e","c9133e8168f97573c8c567f46777dff74ade0c015ecf2c5e91be3e4e76ddcae2"]}
+  "_comment": "Operator should register with its application package name, carrierId and all the corresponding  SHA256IDs",
+  "_comment": "Example format :: << \"packageName\" : {\"carrierId\":[<int>], \"callerSHA256Ids\":[<SHAID1>, <SHAID2>]} >>",
+  "com.vzw.hss.myverizon":{"carrierIds":[1839],"callerSHA256Ids":["AE23A03436DF07B0CD70FE881CDA2EC1D21215D7B7B0CC68E67B67F5DF89526A"]},
+  "com.google.android.apps.tycho":{"carrierIds":[1989],"callerSHA256Ids":["B9CFCE1C47A6AC713442718F15EF55B00B3A6D1A6D48CB46249FA8EB51465350","4C36AF4A5BDAD97C1F3D8B283416D244496C2AC5EAFE8226079EF6F676FD1859"]},
+  "com.comcast.mobile.mxs":{"carrierIds": [2032, 2532, 2556],"callerSHA256Ids":["914C26403B57D2D482359FC235CC825AD00D52B0121C18EF2B2B9D4DDA4B8996"]},
+  "com.xfinity.digitalhome": {"carrierIds": [2032],"callerSHA256Ids":["31b4c17315c2269040d535f7b6a79cf4d11517c664d9de8f1ddf4f8a785aad47"]},
+  "com.xfinity.digitalhome.debug":{"carrierIds": [2032],"callerSHA256Ids":["c9133e8168f97573c8c567f46777dff74ade0c015ecf2c5e91be3e4e76ddcae2"]},
+  "com.xfinity.dh.xm.app": {"carrierIds": [2032],"callerSHA256Ids":["c9133e8168f97573c8c567f46777dff74ade0c015ecf2c5e91be3e4e76ddcae2"]}
 }
\ No newline at end of file
diff --git a/src/com/android/phone/TelephonyShellCommand.java b/src/com/android/phone/TelephonyShellCommand.java
index 429b7cc..80304b2 100644
--- a/src/com/android/phone/TelephonyShellCommand.java
+++ b/src/com/android/phone/TelephonyShellCommand.java
@@ -3883,7 +3883,7 @@
     /**
      * Building the string that can be used to build the JsonObject which supports to stub the data
      * in CarrierAllowListInfo for CTS testing. sample format is like
-     * {"com.android.example":{"carrierIds":[10000],"callerSHA1Id":["XXXXXXXXXXXXXX"]}}
+     * {"com.android.example":{"carrierIds":[10000],"callerSHA256Ids":["XXXXXXXXXXXXXX"]}}
      */
     private String convertToJsonString(int index, String param) {
 
diff --git a/src/com/android/phone/utils/CarrierAllowListInfo.java b/src/com/android/phone/utils/CarrierAllowListInfo.java
index 62b71ff..3ab9733 100644
--- a/src/com/android/phone/utils/CarrierAllowListInfo.java
+++ b/src/com/android/phone/utils/CarrierAllowListInfo.java
@@ -23,7 +23,6 @@
 import android.content.pm.Signature;
 import android.telephony.Rlog;
 import android.text.TextUtils;
-import android.util.Log;
 
 import com.android.internal.telephony.uicc.IccUtils;
 
@@ -46,8 +45,8 @@
     private static final String LOG_TAG = "CarrierAllowListInfo";
     private JSONObject mDataJSON;
     private static final String JSON_CHARSET = "UTF-8";
-    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA1";
-    private static final String CALLER_SHA_1_ID = "callerSHA1Id";
+    private static final String MESSAGE_DIGEST_256_ALGORITHM = "SHA-256";
+    private static final String CALLER_SHA256_ID = "callerSHA256Ids";
     private static final String CALLER_CARRIER_ID = "carrierIds";
     public static final int INVALID_CARRIER_ID = -1;
 
@@ -96,7 +95,7 @@
         try {
             if (mDataJSON != null && callerPackage != null) {
                 JSONObject callerJSON = mDataJSON.getJSONObject(callerPackage.trim());
-                JSONArray callerJSONArray = callerJSON.getJSONArray(CALLER_SHA_1_ID);
+                JSONArray callerJSONArray = callerJSON.getJSONArray(CALLER_SHA256_ID);
                 JSONArray carrierIdArray = callerJSON.getJSONArray(CALLER_CARRIER_ID);
 
                 Set<Integer> carrierIds = new HashSet<>();
@@ -142,7 +141,7 @@
 
     /**
      * API fetches all the related signatures of the given package from the packageManager
-     * and validate all the signatures.
+     * and validate all the signatures using SHA-256.
      *
      * @param context             context
      * @param packageName         package name of the caller to validate the signatures.
@@ -158,13 +157,13 @@
         }
         final PackageManager packageManager = context.getPackageManager();
         try {
-            MessageDigest sha1MDigest = MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM);
+            MessageDigest sha256MDigest = MessageDigest.getInstance(MESSAGE_DIGEST_256_ALGORITHM);
             final PackageInfo packageInfo = packageManager.getPackageInfo(packageName,
                     PackageManager.GET_SIGNATURES);
             for (Signature signature : packageInfo.signatures) {
-                final byte[] signatureSha1 = sha1MDigest.digest(signature.toByteArray());
-                final String hexSignatureSha1 = IccUtils.bytesToHexString(signatureSha1);
-                if (!allowListSignatures.contains(hexSignatureSha1)) {
+                final byte[] signatureSha256 = sha256MDigest.digest(signature.toByteArray());
+                final String hexSignatureSha256 = IccUtils.bytesToHexString(signatureSha256);
+                if (!allowListSignatures.contains(hexSignatureSha256)) {
                     return false;
                 }
             }
@@ -214,7 +213,7 @@
         if (carrierInfo != null && carrierInfo.getCallerCarrierIdList().contains(carrierId)) {
             return carrierInfo.getSHAIdList();
         }
-        Rlog.e(LOG_TAG, "getShaIdList carrierId or shaIdList is empty");
+        Rlog.e(LOG_TAG, "getShaIdList: carrierId or shaIdList is empty");
         return Collections.EMPTY_LIST;
     }
 }