Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abbc2bad authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Require APK Signature Scheme v2 for ephemeral APKs 

This makes Package Manager require APK Signature Scheme v2 signatures
for ephemeral APKs. This part of the effort to deprecate the v1
signature scheme based on JAR signing.

Test: cts-tradefed run singleCommand cts --skip-device-info --skip-preconditions --skip-connectivity-check --abi arm64-v8a --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest
Bug: 33700225
Change-Id: I3b408487c07085c0a7924d3eca495bdcb344b32d
parent a5e50e26

core/java/android/content/pm/PackageParser.java

+6 −1
Original line number Diff line number Diff line
@@ -1344,6 +1344,11 @@ public class PackageParser { 
                verified = true;

            } catch (ApkSignatureSchemeV2Verifier.SignatureNotFoundException e) {

                // No APK Signature Scheme v2 signature found

                if ((parseFlags & PARSE_IS_EPHEMERAL) != 0) {

                    throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,

                        "No APK Signature Scheme v2 signature in ephemeral package " + apkPath,

                        e);

                }

            } catch (Exception e) {

                // APK Signature Scheme v2 signature was found but did not verify

                throw new PackageParserException(INSTALL_PARSE_FAILED_NO_CERTIFICATES,
@@ -1519,7 +1524,7 @@ public class PackageParser { 
                final Package tempPkg = new Package(null);

                Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "collectCertificates");

                try {

                    collectCertificates(tempPkg, apkFile, 0 /*parseFlags*/);

                    collectCertificates(tempPkg, apkFile, flags);

                } finally {

                    Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);

                }