Updated v4 signature processing.

Passing to libincfs.so.
Obtaining and verifying, including v3 digest check.

go/apk-v4-signature-format

Test: atest PackageManagerShellCommandTest
Bug: b/151241461
Change-Id: Id61f5716b9f9b55d6ab1ebca5a7ecb1c6e54570a

3 files changed, 10 insertions, 17 deletions

diff --git a/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp b/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp
index 6f9d012d3145..b96fbf5f5359 100644
--- a/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp
+++ b/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp
@@ -172,26 +172,25 @@ static bool readChunk(int fd, std::vector<uint8_t>& data) {
 
 BlockHeader readHeader(std::span<uint8_t>& data);
 
-static inline int32_t readBEInt32(borrowed_fd fd) {
+static inline int32_t readLEInt32(borrowed_fd fd) {
     int32_t result;
     ReadFully(fd, &result, sizeof(result));
-    result = int32_t(be32toh(result));
+    result = int32_t(le32toh(result));
     return result;
 }
 
 static inline std::vector<char> readBytes(borrowed_fd fd) {
-    int32_t size = readBEInt32(fd);
+    int32_t size = readLEInt32(fd);
     std::vector<char> result(size);
     ReadFully(fd, result.data(), size);
     return result;
 }
 
 static inline int32_t skipIdSigHeaders(borrowed_fd fd) {
-    readBEInt32(fd);        // version
-    readBytes(fd);          // verityRootHash
-    readBytes(fd);          // v3Digest
-    readBytes(fd);          // pkcs7SignatureBlock
-    return readBEInt32(fd); // size of the verity tree
+    readLEInt32(fd);        // version
+    readBytes(fd);          // hashingInfo
+    readBytes(fd);          // signingInfo
+    return readLEInt32(fd); // size of the verity tree
 }
 
 static inline IncFsSize verityTreeSizeForFile(IncFsSize fileSize) {
diff --git a/services/incremental/BinderIncrementalService.cpp b/services/incremental/BinderIncrementalService.cpp
index 3fcb57a83cf5..2dbbc5ac6806 100644
--- a/services/incremental/BinderIncrementalService.cpp
+++ b/services/incremental/BinderIncrementalService.cpp
@@ -178,15 +178,9 @@ static std::tuple<int, incfs::FileId, incfs::NewFileParams> toMakeFileParams(
     nfp.size = params.size;
     nfp.metadata = {(const char*)params.metadata.data(), (IncFsSize)params.metadata.size()};
     if (!params.signature) {
-        nfp.verification = {};
+        nfp.signature = {};
     } else {
-        nfp.verification.hashAlgorithm = IncFsHashAlgortithm(params.signature->hashAlgorithm);
-        nfp.verification.rootHash = {(const char*)params.signature->rootHash.data(),
-                                     (IncFsSize)params.signature->rootHash.size()};
-        nfp.verification.additionalData = {(const char*)params.signature->additionalData.data(),
-                                           (IncFsSize)params.signature->additionalData.size()};
-        nfp.verification.signature = {(const char*)params.signature->signature.data(),
-                                      (IncFsSize)params.signature->signature.size()};
+        nfp.signature = {(const char*)params.signature->data(), (IncFsSize)params.signature->size()};
     }
     return {0, id, nfp};
 }
diff --git a/services/incremental/IncrementalService.cpp b/services/incremental/IncrementalService.cpp
index cccd01339177..727593664895 100644
--- a/services/incremental/IncrementalService.cpp
+++ b/services/incremental/IncrementalService.cpp
@@ -1155,7 +1155,7 @@ bool IncrementalService::configureNativeBinaries(StorageId storage, std::string_
         // Create new lib file without signature info
         incfs::NewFileParams libFileParams{};
         libFileParams.size = uncompressedLen;
-        libFileParams.verification.hashAlgorithm = INCFS_HASH_NONE;
+        libFileParams.signature = {};
         // Metadata of the new lib file is its relative path
         IncFsSpan libFileMetadata;
         libFileMetadata.data = targetLibPath.c_str();