Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 314dd4c0 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Enable fs-verity to all APKs on install 

Previously, we only enable fs-verity to an APK if it comes with a
trusted signature (.fsv_sig). With this change, we'll enable fs-verity
in integrity-only mode if there's no signature.

The biggest benefit is O(1) measurement of the APK content, and can be
useful to some use cases.

Note that integrity-only does not imply security, since without a
signature, an attacker can also enable fs-verity on arbitrary files.

Bug: 249158715
Test: CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Change-Id: I119e5189603af888dfa1ece2bee9e7635120854b
parent d86a626d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment