diff options
| author | 2023-09-07 15:47:55 -0700 | |
|---|---|---|
| committer | 2023-09-18 16:38:49 -0700 | |
| commit | 760f1e4f5657b3bd5126c8d5886e99f16885c735 (patch) | |
| tree | 725a2f51186868094e07922cf98bc4863e84b279 /libs/androidfw/ZipFileRO.cpp | |
| parent | 8c6d8c87b6f0dd16d4a1b3c06d2134b76792d165 (diff) | |
Accept APK install with v4 signature to set up fs-verity
.idsig is recognized and staged in the installer session. When .idsig is
provided, fs-verity is enabled in validateApkInstallLocked before the
first APK signature check happens.
With fs-verity enabled, ApkSignatureSchemeV4Verifier can also work (in
additional to IncFS) over fs-verity. The verifier can build fs-verity
digest from V4Signature.HashingInfo and verify the signed data is
consistent with the actual fs-verity digest. See
VerityUtils#generateFsVerityDigest.
ApkSignatureSchemeV4Verifier#extractSignature now also throws
SignatureException. When a signature size is wrong (see CTS test
PkgInstallSignatureVerificationTest#testInstallV4WithWrongSignatureBytesSize),
V4Signature.SigningInfos.fromByteArray throws an EOFException (which is
an IOException). The IOException is handled as missing signature by
rethrowing as SignatureNotFoundException. But this allows a fallback to
other v3/v2 signature check. This change distriguishes it by rethrowing a
SignatureException instead. This is not a problem during an incremental
install, because the signature size check happens earlier when the
installer commits, and it's done inside IncFS.
Bug: 277344944
Test: Force enable the (read-only) flag, since it's off in build time, then
atest android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: I6fd22fe2e04cfc58c68e690f23f63ff268938eda
Diffstat (limited to 'libs/androidfw/ZipFileRO.cpp')
0 files changed, 0 insertions, 0 deletions