Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d52181a0 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Replace the check of fs-verity-ness to signature file 

When a base APK has fs-verity enabled with signature, we require the
split APKs to be installed with the fs-verity signature. The existing
code only checks the fs-verity-ness (while the signature is installed to
the filesystem internal) of the base APK.

With the plan to enable fs-verity in integrity-only mode, the
fs-verity-ness check becomes ambiguous. Switch the check to the
signature file instead.

An alternative is to use ioctl(FS_IOC_READ_VERITY_METADATA) to retrieve
the signature if any, but the API was introduced around T and may not
work on older devices.

Bug: 249158715
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Change-Id: I1ac82e16883bd23080369f1711cd8c0155e1b41d
parent adb0627c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment