diff options
author | Bryan Henry <bryanhenry@google.com> | 2018-07-26 22:30:28 -0700 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-06-20 01:34:46 +0000 |
commit | fa00d60b1239b7f7830b2b818ef15993e4ebc217 (patch) | |
tree | 1bdde61fa96faf466e40f78c3d6580c8f54c6dd9 | |
parent | d29c48e3c3165bd7ee50109a7ed633290caf429a (diff) | |
download | base-fa00d60b1239b7f7830b2b818ef15993e4ebc217.tar.gz |
Collect APK certificates after an OTA, rather than relying on timestamps
Checking APK file modified timestamps is not a reliable signal to
determine that the APK signature may have changed. APKs in the system
image (anything that passes through add_img_to_target_files) have all
file timestamps rewritten to 2009-01-01, for instance, so timestamp will
explicitly fail to detect changes in the platform key across an OTA.
Bug: 80093599
Bug: 74501739
Test: Verified OTA between test-keys and dev-keys worked for 2 builds
with same APK timestamps, and signature changes were picked up.
Change-Id: Id3e5afbfe22e63d70cd176f1e438e2fa143ccd65
(cherry picked from commit 770f3579dcc5a1697e0e5c3474e8fa34fd21d3dd)
-rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 3cde709bfeb2..c414abac12a7 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -8821,10 +8821,10 @@ public class PackageManagerService extends IPackageManager.Stub + " better than this " + pkg.getLongVersionCode()); } - // Verify certificates against what was last scanned. If it is an updated priv app, we will - // force re-collecting certificate. - final boolean forceCollect = PackageManagerServiceUtils.isApkVerificationForced( - disabledPkgSetting); + // Verify certificates against what was last scanned. If there was an upgrade or this is an + // updated priv app, we will force re-collecting certificate. + final boolean forceCollect = mIsUpgrade || + PackageManagerServiceUtils.isApkVerificationForced(disabledPkgSetting); // Full APK verification can be skipped during certificate collection, only if the file is // in verified partition, or can be verified on access (when apk verity is enabled). In both // cases, only data in Signing Block is verified instead of the whole file. |