Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7cd62d05 authored by Bryan Henry's avatar Bryan Henry
Browse files

Only collect APK certificates for system apps after OTA 

Tweak to ag/4642341 to reduce boot time impact.

Bug: 112482814
Bug: 80093599
Bug: 74501739
Test: Manually 'faked' an OTA by switching slots between two builds with
some apps installed. Verified only system apps got the forced
certificate rescan.

Change-Id: I987cf721e118297b1c40df92cc35e75830a7659c
parent b3244776

services/core/java/com/android/server/pm/PackageManagerService.java

+7 −6
Original line number Diff line number Diff line
@@ -8914,15 +8914,16 @@ public class PackageManagerService extends IPackageManager.Stub 
                    + " better than this " + pkg.getLongVersionCode());

        }













        // Verify certificates against what was last scanned. If there was an upgrade or this is an













        // updated priv app, we will force re-collecting certificate.













        final boolean forceCollect = mIsUpgrade ||













                PackageManagerServiceUtils.isApkVerificationForced(disabledPkgSetting);













        // Verify certificates against what was last scanned. If there was an upgrade and this is an













        // app in a system partition, or if this is an updated priv app, we will force re-collecting













        // certificate.













        final boolean forceCollect = (mIsUpgrade && scanSystemPartition)













                || PackageManagerServiceUtils.isApkVerificationForced(disabledPkgSetting);















        // Full APK verification can be skipped during certificate collection, only if the file is















        // in verified partition, or can be verified on access (when apk verity is enabled). In both















        // cases, only data in Signing Block is verified instead of the whole file.













        final boolean skipVerify = ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) != 0) ||













                (forceCollect && canSkipFullPackageVerification(pkg));













        final boolean skipVerify = scanSystemPartition













                || (forceCollect && canSkipFullPackageVerification(pkg));















        collectCertificatesLI(pkgSetting, pkg, forceCollect, skipVerify);





























        // Reset profile if the application version is changed