2 files changed, 16 insertions, 2 deletions

diff --git a/core/java/android/os/incremental/IncrementalStorage.java b/core/java/android/os/incremental/IncrementalStorage.java
index f4e1f967dca8..dea495bf9327 100644
--- a/core/java/android/os/incremental/IncrementalStorage.java
+++ b/core/java/android/os/incremental/IncrementalStorage.java
@@ -434,6 +434,11 @@ public final class IncrementalStorage {
             signature = V4Signature.readFrom(input);
         }
 
+        if (!signature.isVersionSupported()) {
+            throw new IOException("v4 signature version " + signature.version
+                    + " is not supported");
+        }
+
         final byte[] rootHash = signature.verityRootHash;
         final byte[] additionalData = signature.v3Digest;
         final byte[] pkcs7Signature = signature.pkcs7SignatureBlock;
diff --git a/core/java/android/os/incremental/V4Signature.java b/core/java/android/os/incremental/V4Signature.java
index 6516917afd9d..17adfc8a05d9 100644
--- a/core/java/android/os/incremental/V4Signature.java
+++ b/core/java/android/os/incremental/V4Signature.java
@@ -31,7 +31,9 @@ import java.io.IOException;
  */
 public class V4Signature {
     public static final String EXT = ".idsig";
+    public static final int SUPPORTED_VERSION = 1;
 
+    public final int version;
     public final byte[] verityRootHash;
     public final byte[] v3Digest;
     public final byte[] pkcs7SignatureBlock;
@@ -71,20 +73,27 @@ public class V4Signature {
         }
     }
 
+    boolean isVersionSupported() {
+        return this.version == SUPPORTED_VERSION;
+    }
+
     static V4Signature readFrom(DataInputStream stream) throws IOException {
+        final int version = stream.readInt();
         byte[] verityRootHash = readBytes(stream);
         byte[] v3Digest = readBytes(stream);
         byte[] pkcs7SignatureBlock = readBytes(stream);
-        return new V4Signature(verityRootHash, v3Digest, pkcs7SignatureBlock);
+        return new V4Signature(version, verityRootHash, v3Digest, pkcs7SignatureBlock);
     }
 
-    V4Signature(byte[] verityRootHash, byte[] v3Digest, byte[] pkcs7SignatureBlock) {
+    V4Signature(int version, byte[] verityRootHash, byte[] v3Digest, byte[] pkcs7SignatureBlock) {
+        this.version = version;
         this.verityRootHash = verityRootHash;
         this.v3Digest = v3Digest;
         this.pkcs7SignatureBlock = pkcs7SignatureBlock;
     }
 
     void writeTo(DataOutputStream stream) throws IOException {
+        stream.writeInt(this.version);
         writeBytes(stream, this.verityRootHash);
         writeBytes(stream, this.v3Digest);
         writeBytes(stream, this.pkcs7SignatureBlock);