diff options
| author | 2022-10-31 10:56:08 -0700 | |
|---|---|---|
| committer | 2022-10-31 11:02:58 -0700 | |
| commit | d52181a0b3b739633723ea69ff7cf65c2b20d3c0 (patch) | |
| tree | 58c766bf6c6211d45f75fbbff12c20447ee1e206 /libs/androidfw/StringPool.cpp | |
| parent | adb0627c6272b9c259c5a180a1bcd68b4409ab63 (diff) | |
Replace the check of fs-verity-ness to signature file
When a base APK has fs-verity enabled with signature, we require the
split APKs to be installed with the fs-verity signature. The existing
code only checks the fs-verity-ness (while the signature is installed to
the filesystem internal) of the base APK.
With the plan to enable fs-verity in integrity-only mode, the
fs-verity-ness check becomes ambiguous. Switch the check to the
signature file instead.
An alternative is to use ioctl(FS_IOC_READ_VERITY_METADATA) to retrieve
the signature if any, but the API was introduced around T and may not
work on older devices.
Bug: 249158715
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Change-Id: I1ac82e16883bd23080369f1711cd8c0155e1b41d
Diffstat (limited to 'libs/androidfw/StringPool.cpp')
0 files changed, 0 insertions, 0 deletions