Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ce6174fe authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Integrity test to recover allowlisted system app tampering 

This change introduces two scenarios:

1. A system APK is updated to /data. At some point, the APK itself is
   tampered but V4 signature is not touched (thus invalid now).

2. A system APK is updated to /data. At some point, the APK itself is
   tampered with by an attacker and re-signed with a different key. The
   attacker also updates package manager's internal record for
   consistency.

The test requires root to run. The test involves injecting a testing app
as a system app. In the above scenarios, the test expects the victim
system app in /data is removed.

Bug: 277347456
Test: enable flag extend_vb_chain_to_updated_apk,
      `atest TamperedUpdatedSystemPackageTest` both passed
Test: disable flag extend_vb_chain_to_updated_apk,
      `atest TamperedUpdatedSystemPackageTest` both failed
Change-Id: I16b0ed853b9e6b706fddb6d50da2e8f082ee167a
parent 016e056c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment