Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fa00d60b authored by Bryan Henry's avatar Bryan Henry Committed by android-build-team Robot
Browse files

Collect APK certificates after an OTA, rather than relying on timestamps 

Checking APK file modified timestamps is not a reliable signal to
determine that the APK signature may have changed. APKs in the system
image (anything that passes through add_img_to_target_files) have all
file timestamps rewritten to 2009-01-01, for instance, so timestamp will
explicitly fail to detect changes in the platform key across an OTA.

Bug: 80093599
Bug: 74501739
Test: Verified OTA between test-keys and dev-keys worked for 2 builds
with same APK timestamps, and signature changes were picked up.
Change-Id: Id3e5afbfe22e63d70cd176f1e438e2fa143ccd65
(cherry picked from commit 770f3579)
parent d29c48e3

services/core/java/com/android/server/pm/PackageManagerService.java

+4 −4
Original line number Diff line number Diff line
@@ -8821,10 +8821,10 @@ public class PackageManagerService extends IPackageManager.Stub 
                    + " better than this " + pkg.getLongVersionCode());

        }













        // Verify certificates against what was last scanned. If it is an updated priv app, we will













        // force re-collecting certificate.













        final boolean forceCollect = PackageManagerServiceUtils.isApkVerificationForced(













                disabledPkgSetting);













        // Verify certificates against what was last scanned. If there was an upgrade or this is an













        // updated priv app, we will force re-collecting certificate.













        final boolean forceCollect = mIsUpgrade ||













                PackageManagerServiceUtils.isApkVerificationForced(disabledPkgSetting);















        // Full APK verification can be skipped during certificate collection, only if the file is















        // in verified partition, or can be verified on access (when apk verity is enabled). In both















        // cases, only data in Signing Block is verified instead of the whole file.