Installer digests for Incremental installations. (b39d13ed) · Commits · e / os / android_frameworks_base

api/current.txt

+5 −3

core/java/android/content/pm/ApkChecksum.java

+30 −10

Original line number	Original line	Diff line number	Diff line
	@@ -50,7 +50,11 @@ public final class ApkChecksum implements Parcelable {
	*/		*/
	private final @NonNull Checksum mChecksum;		private final @NonNull Checksum mChecksum;
	/**		/**
	* For Installer-provided checksums, certificate of the Installer/AppStore.		* For Installer-provided checksums, package name of the Installer.
			*/
			private final @Nullable String mSourcePackageName;
			/**
			* For Installer-provided checksums, certificate of the Installer.
	*/		*/
	private final @Nullable byte[] mSourceCertificate;		private final @Nullable byte[] mSourceCertificate;

	@@ -61,7 +65,7 @@ public final class ApkChecksum implements Parcelable {
	*/		*/
	public ApkChecksum(@Nullable String splitName, @Checksum.Kind int kind,		public ApkChecksum(@Nullable String splitName, @Checksum.Kind int kind,
	@NonNull byte[] value) {		@NonNull byte[] value) {
	this(splitName, new Checksum(kind, value), (byte[]) null);		this(splitName, new Checksum(kind, value), (String) null, (byte[]) null);
	}		}

	/**		/**
	@@ -69,10 +73,10 @@ public final class ApkChecksum implements Parcelable {
	*		*
	* @hide		* @hide
	*/		*/
	public ApkChecksum(@Nullable String splitName, @Checksum.Kind int kind,		public ApkChecksum(@Nullable String splitName, @Checksum.Kind int kind, @NonNull byte[] value,
	@NonNull byte[] value, @Nullable Certificate sourceCertificate)		@Nullable String sourcePackageName, @Nullable Certificate sourceCertificate)
	throws CertificateEncodingException {		throws CertificateEncodingException {
	this(splitName, new Checksum(kind, value),		this(splitName, new Checksum(kind, value), sourcePackageName,
	(sourceCertificate != null) ? sourceCertificate.getEncoded() : null);		(sourceCertificate != null) ? sourceCertificate.getEncoded() : null);
	}		}

	@@ -136,19 +140,23 @@ public final class ApkChecksum implements Parcelable {
	* Checksum for which split. Null indicates base.apk.		* Checksum for which split. Null indicates base.apk.
	* @param checksum		* @param checksum
	* Checksum.		* Checksum.
			* @param sourcePackageName
			* For Installer-provided checksums, package name of the Installer.
	* @param sourceCertificate		* @param sourceCertificate
	* For Installer-provided checksums, certificate of the Installer/AppStore.		* For Installer-provided checksums, certificate of the Installer.
	* @hide		* @hide
	*/		*/
	@DataClass.Generated.Member		@DataClass.Generated.Member
	public ApkChecksum(		public ApkChecksum(
	@Nullable String splitName,		@Nullable String splitName,
	@NonNull Checksum checksum,		@NonNull Checksum checksum,
			@Nullable String sourcePackageName,
	@Nullable byte[] sourceCertificate) {		@Nullable byte[] sourceCertificate) {
	this.mSplitName = splitName;		this.mSplitName = splitName;
	this.mChecksum = checksum;		this.mChecksum = checksum;
	com.android.internal.util.AnnotationValidations.validate(		com.android.internal.util.AnnotationValidations.validate(
	NonNull.class, null, mChecksum);		NonNull.class, null, mChecksum);
			this.mSourcePackageName = sourcePackageName;
	this.mSourceCertificate = sourceCertificate;		this.mSourceCertificate = sourceCertificate;

	// onConstructed(); // You can define this method to get a callback		// onConstructed(); // You can define this method to get a callback
	@@ -162,6 +170,14 @@ public final class ApkChecksum implements Parcelable {
	return mSplitName;		return mSplitName;
	}		}

			/**
			* For Installer-provided checksums, package name of the Installer.
			*/
			@DataClass.Generated.Member
			public @Nullable String getSourcePackageName() {
			return mSourcePackageName;
			}

	@Override		@Override
	@DataClass.Generated.Member		@DataClass.Generated.Member
	public void writeToParcel(@NonNull Parcel dest, int flags) {		public void writeToParcel(@NonNull Parcel dest, int flags) {
	@@ -170,10 +186,12 @@ public final class ApkChecksum implements Parcelable {

	byte flg = 0;		byte flg = 0;
	if (mSplitName != null) flg \|= 0x1;		if (mSplitName != null) flg \|= 0x1;
	if (mSourceCertificate != null) flg \|= 0x4;		if (mSourcePackageName != null) flg \|= 0x4;
			if (mSourceCertificate != null) flg \|= 0x8;
	dest.writeByte(flg);		dest.writeByte(flg);
	if (mSplitName != null) dest.writeString(mSplitName);		if (mSplitName != null) dest.writeString(mSplitName);
	dest.writeTypedObject(mChecksum, flags);		dest.writeTypedObject(mChecksum, flags);
			if (mSourcePackageName != null) dest.writeString(mSourcePackageName);
	if (mSourceCertificate != null) dest.writeByteArray(mSourceCertificate);		if (mSourceCertificate != null) dest.writeByteArray(mSourceCertificate);
	}		}

	@@ -191,12 +209,14 @@ public final class ApkChecksum implements Parcelable {
	byte flg = in.readByte();		byte flg = in.readByte();
	String splitName = (flg & 0x1) == 0 ? null : in.readString();		String splitName = (flg & 0x1) == 0 ? null : in.readString();
	Checksum checksum = (Checksum) in.readTypedObject(Checksum.CREATOR);		Checksum checksum = (Checksum) in.readTypedObject(Checksum.CREATOR);
	byte[] sourceCertificate = (flg & 0x4) == 0 ? null : in.createByteArray();		String sourcePackageName = (flg & 0x4) == 0 ? null : in.readString();
			byte[] sourceCertificate = (flg & 0x8) == 0 ? null : in.createByteArray();

	this.mSplitName = splitName;		this.mSplitName = splitName;
	this.mChecksum = checksum;		this.mChecksum = checksum;
	com.android.internal.util.AnnotationValidations.validate(		com.android.internal.util.AnnotationValidations.validate(
	NonNull.class, null, mChecksum);		NonNull.class, null, mChecksum);
			this.mSourcePackageName = sourcePackageName;
	this.mSourceCertificate = sourceCertificate;		this.mSourceCertificate = sourceCertificate;

	// onConstructed(); // You can define this method to get a callback		// onConstructed(); // You can define this method to get a callback
	@@ -217,10 +237,10 @@ public final class ApkChecksum implements Parcelable {
	};		};

	@DataClass.Generated(		@DataClass.Generated(
	time = 1599845645160L,		time = 1600407436287L,
	codegenVersion = "1.0.15",		codegenVersion = "1.0.15",
	sourceFile = "frameworks/base/core/java/android/content/pm/ApkChecksum.java",		sourceFile = "frameworks/base/core/java/android/content/pm/ApkChecksum.java",
	inputSignatures = "private final @android.annotation.Nullable java.lang.String mSplitName\nprivate final @android.annotation.NonNull android.content.pm.Checksum mChecksum\nprivate final @android.annotation.Nullable byte[] mSourceCertificate\npublic @android.content.pm.Checksum.Kind int getKind()\npublic @android.annotation.NonNull byte[] getValue()\npublic @android.annotation.Nullable byte[] getSourceCertificateBytes()\npublic @android.annotation.Nullable java.security.cert.Certificate getSourceCertificate()\nclass ApkChecksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genHiddenConstructor=true)")		inputSignatures = "private final @android.annotation.Nullable java.lang.String mSplitName\nprivate final @android.annotation.NonNull android.content.pm.Checksum mChecksum\nprivate final @android.annotation.Nullable java.lang.String mSourcePackageName\nprivate final @android.annotation.Nullable byte[] mSourceCertificate\npublic @android.content.pm.Checksum.Kind int getKind()\npublic @android.annotation.NonNull byte[] getValue()\npublic @android.annotation.Nullable byte[] getSourceCertificateBytes()\npublic @android.annotation.Nullable java.security.cert.Certificate getSourceCertificate()\nclass ApkChecksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genHiddenConstructor=true)")
	@Deprecated		@Deprecated
	private void __metadata() {}		private void __metadata() {}

core/java/android/content/pm/Checksum.java

+23 −4

Original line number	Original line	Diff line number	Diff line
	@@ -32,14 +32,19 @@ import java.util.List;
	*		*
	* @see PackageInstaller.Session#addChecksums(String, List)		* @see PackageInstaller.Session#addChecksums(String, List)
	*/		*/
	@DataClass(genHiddenConstructor = true, genConstDefs = false)		@DataClass(genConstDefs = false)
	public final class Checksum implements Parcelable {		public final class Checksum implements Parcelable {
	/**		/**
	* Root SHA256 hash of a 4K Merkle tree computed over all file bytes.		* Root SHA256 hash of a 4K Merkle tree computed over all file bytes.
	* <a href="https://source.android.com/security/apksigning/v4">See APK Signature Scheme V4</a>.		* <a href="https://source.android.com/security/apksigning/v4">See APK Signature Scheme V4</a>.
	* <a href="https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git/tree/Documentation/filesystems/fsverity.rst">See fs-verity</a>.		* <a href="https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git/tree/Documentation/filesystems/fsverity.rst">See fs-verity</a>.
	*		*
			* Recommended for all new applications.
			* Can be used by kernel to enforce authenticity and integrity of the APK.
			* <a href="https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git/tree/Documentation/filesystems/fsverity.rst#">See fs-verity for details</a>
			*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
	*/		*/
	public static final int WHOLE_MERKLE_ROOT_4K_SHA256 = 0x00000001;		public static final int WHOLE_MERKLE_ROOT_4K_SHA256 = 0x00000001;

	@@ -47,20 +52,31 @@ public final class Checksum implements Parcelable {
	* MD5 hash computed over all file bytes.		* MD5 hash computed over all file bytes.
	*		*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
			* @deprecated Use SHA2 family of hashes (SHA256/SHA512) instead.
			* MD5 is cryptographically broken and unsuitable for further use.
			* Provided for completeness' sake and to support legacy usecases.
	*/		*/
			@Deprecated
	public static final int WHOLE_MD5 = 0x00000002;		public static final int WHOLE_MD5 = 0x00000002;

	/**		/**
	* SHA1 hash computed over all file bytes.		* SHA1 hash computed over all file bytes.
	*		*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
			* @deprecated Use SHA2 family of hashes (SHA256/SHA512) instead.
			* SHA1 is broken and should not be used.
			* Provided for completeness' sake and to support legacy usecases.
	*/		*/
			@Deprecated
	public static final int WHOLE_SHA1 = 0x00000004;		public static final int WHOLE_SHA1 = 0x00000004;

	/**		/**
	* SHA256 hash computed over all file bytes.		* SHA256 hash computed over all file bytes.
	*		*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
	*/		*/
	public static final int WHOLE_SHA256 = 0x00000008;		public static final int WHOLE_SHA256 = 0x00000008;

	@@ -68,6 +84,7 @@ public final class Checksum implements Parcelable {
	* SHA512 hash computed over all file bytes.		* SHA512 hash computed over all file bytes.
	*		*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
	*/		*/
	public static final int WHOLE_SHA512 = 0x00000010;		public static final int WHOLE_SHA512 = 0x00000010;

	@@ -77,6 +94,7 @@ public final class Checksum implements Parcelable {
	* <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>.		* <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>.
	*		*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
	*/		*/
	public static final int PARTIAL_MERKLE_ROOT_1M_SHA256 = 0x00000020;		public static final int PARTIAL_MERKLE_ROOT_1M_SHA256 = 0x00000020;

	@@ -86,6 +104,7 @@ public final class Checksum implements Parcelable {
	* <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>.		* <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>.
	*		*
	* @see PackageManager#getChecksums		* @see PackageManager#getChecksums
			* @see PackageInstaller.Session#addChecksums
	*/		*/
	public static final int PARTIAL_MERKLE_ROOT_1M_SHA512 = 0x00000040;		public static final int PARTIAL_MERKLE_ROOT_1M_SHA512 = 0x00000040;

	@@ -113,6 +132,7 @@ public final class Checksum implements Parcelable {




	// Code below generated by codegen v1.0.15.		// Code below generated by codegen v1.0.15.
	//		//
	// DO NOT MODIFY!		// DO NOT MODIFY!
	@@ -133,7 +153,6 @@ public final class Checksum implements Parcelable {
	* Checksum kind.		* Checksum kind.
	* @param value		* @param value
	* Checksum value.		* Checksum value.
	* @hide
	*/		*/
	@DataClass.Generated.Member		@DataClass.Generated.Member
	public Checksum(		public Checksum(
	@@ -214,10 +233,10 @@ public final class Checksum implements Parcelable {
	};		};

	@DataClass.Generated(		@DataClass.Generated(
	time = 1599845646883L,		time = 1600717052366L,
	codegenVersion = "1.0.15",		codegenVersion = "1.0.15",
	sourceFile = "frameworks/base/core/java/android/content/pm/Checksum.java",		sourceFile = "frameworks/base/core/java/android/content/pm/Checksum.java",
	inputSignatures = "public static final int WHOLE_MERKLE_ROOT_4K_SHA256\npublic static final int WHOLE_MD5\npublic static final int WHOLE_SHA1\npublic static final int WHOLE_SHA256\npublic static final int WHOLE_SHA512\npublic static final int PARTIAL_MERKLE_ROOT_1M_SHA256\npublic static final int PARTIAL_MERKLE_ROOT_1M_SHA512\nprivate final @android.content.pm.Checksum.Kind int mKind\nprivate final @android.annotation.NonNull byte[] mValue\nclass Checksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genHiddenConstructor=true, genConstDefs=false)")		inputSignatures = "public static final int WHOLE_MERKLE_ROOT_4K_SHA256\npublic static final @java.lang.Deprecated int WHOLE_MD5\npublic static final @java.lang.Deprecated int WHOLE_SHA1\npublic static final int WHOLE_SHA256\npublic static final int WHOLE_SHA512\npublic static final int PARTIAL_MERKLE_ROOT_1M_SHA256\npublic static final int PARTIAL_MERKLE_ROOT_1M_SHA512\nprivate final @android.content.pm.Checksum.Kind int mKind\nprivate final @android.annotation.NonNull byte[] mValue\nclass Checksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genConstDefs=false)")
	@Deprecated		@Deprecated
	private void __metadata() {}		private void __metadata() {}

core/java/android/content/pm/PackageInstaller.java

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1227,7 +1227,10 @@ public class PackageInstaller {
	* IntentSender)}.		* IntentSender)}.
	* @throws SecurityException if called after the session has been		* @throws SecurityException if called after the session has been
	* committed or abandoned.		* committed or abandoned.
			* @deprecated use platform-enforced checksums e.g.
			* {@link Checksum#WHOLE_MERKLE_ROOT_4K_SHA256}
	*/		*/
			@Deprecated
	public void addChecksums(@NonNull String name, @NonNull List<Checksum> checksums)		public void addChecksums(@NonNull String name, @NonNull List<Checksum> checksums)
	throws IOException {		throws IOException {
	Objects.requireNonNull(name);		Objects.requireNonNull(name);

core/java/android/content/pm/PackageManager.java

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -7873,6 +7873,9 @@ public abstract class PackageManager {
	* - enforced by installer.		* - enforced by installer.
	* If caller needs a specific checksum kind, they can specify it as required.		* If caller needs a specific checksum kind, they can specify it as required.
	*		*
			* <b>Caution: Android can not verify installer-provided checksums. Make sure you specify
			* trusted installers.</b>
			*
	* @param packageName whose checksums to return.		* @param packageName whose checksums to return.
	* @param includeSplits whether to include checksums for non-base splits.		* @param includeSplits whether to include checksums for non-base splits.
	* @param required explicitly request the checksum kinds. Will incur significant		* @param required explicitly request the checksum kinds. Will incur significant