Enable fs-verity to all APKs on install - platform/frameworks/base

diff options

author	Victor Hsieh <victorhsieh@google.com>	2022-10-05 17:14:06 -0700
committer	Victor Hsieh <victorhsieh@google.com>	2022-11-07 10:07:50 -0800
commit	314dd4c0753b818eeea6a6e4b46a371e7e09a99c (patch)
tree	9faa2a7818776818a70d9fa0d62bd8f17afc6c89 /libs/androidfw/StringPool.cpp
parent	d86a626d26ef34bd7986352ece2c4337d816a330 (diff)

Enable fs-verity to all APKs on install

Previously, we only enable fs-verity to an APK if it comes with a trusted signature (.fsv_sig). With this change, we'll enable fs-verity in integrity-only mode if there's no signature. The biggest benefit is O(1) measurement of the APK content, and can be useful to some use cases. Note that integrity-only does not imply security, since without a signature, an attacker can also enable fs-verity on arbitrary files. Bug: 249158715 Test: CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest Change-Id: I119e5189603af888dfa1ece2bee9e7635120854b

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: