Integrity test to recover allowlisted system app tampering - platform/frameworks/base

diff options

author	Victor Hsieh <victorhsieh@google.com>	2023-10-02 15:40:45 -0700
committer	Victor Hsieh <victorhsieh@google.com>	2023-10-03 14:40:23 -0700
commit	ce6174fee36aedbbab7e8064067447083e1eff84 (patch)
tree	ef7bbfe1484238148a4e352e83e2a07c734155d2 /api/api_test.go
parent	016e056cc6982bc75affdd552973b234b91d91cc (diff)

Integrity test to recover allowlisted system app tampering

This change introduces two scenarios: 1. A system APK is updated to /data. At some point, the APK itself is tampered but V4 signature is not touched (thus invalid now). 2. A system APK is updated to /data. At some point, the APK itself is tampered with by an attacker and re-signed with a different key. The attacker also updates package manager's internal record for consistency. The test requires root to run. The test involves injecting a testing app as a system app. In the above scenarios, the test expects the victim system app in /data is removed. Bug: 277347456 Test: enable flag extend_vb_chain_to_updated_apk, `atest TamperedUpdatedSystemPackageTest` both passed Test: disable flag extend_vb_chain_to_updated_apk, `atest TamperedUpdatedSystemPackageTest` both failed Change-Id: I16b0ed853b9e6b706fddb6d50da2e8f082ee167a

Diffstat (limited to 'api/api_test.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: