summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBryan Henry <bryanhenry@google.com>2018-07-27 05:30:28 (GMT)
committerandroid-build-team Robot <android-build-team-robot@google.com>2019-06-18 19:50:27 (GMT)
commitcd86ddeca54b03c414b44331a498edcd136fa6bb (patch)
treebdc867eda68277890dfebad88c9db3827c0452f7
parentafc931f3ccde3374055f161cf206e9d70e90dd38 (diff)
downloadframeworks_base-cd86ddeca54b03c414b44331a498edcd136fa6bb.zip
frameworks_base-cd86ddeca54b03c414b44331a498edcd136fa6bb.tar.gz
frameworks_base-cd86ddeca54b03c414b44331a498edcd136fa6bb.tar.bz2
Collect APK certificates after an OTA, rather than relying on timestamps
Checking APK file modified timestamps is not a reliable signal to determine that the APK signature may have changed. APKs in the system image (anything that passes through add_img_to_target_files) have all file timestamps rewritten to 2009-01-01, for instance, so timestamp will explicitly fail to detect changes in the platform key across an OTA. Bug: 80093599 Bug: 74501739 Test: Verified OTA between test-keys and dev-keys worked for 2 builds with same APK timestamps, and signature changes were picked up. Change-Id: Id3e5afbfe22e63d70cd176f1e438e2fa143ccd65 (cherry picked from commit 770f3579dcc5a1697e0e5c3474e8fa34fd21d3dd)
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java8
1 files changed, 4 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 3cde709..c414aba 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -8821,10 +8821,10 @@ public class PackageManagerService extends IPackageManager.Stub
+ " better than this " + pkg.getLongVersionCode());
}
- // Verify certificates against what was last scanned. If it is an updated priv app, we will
- // force re-collecting certificate.
- final boolean forceCollect = PackageManagerServiceUtils.isApkVerificationForced(
- disabledPkgSetting);
+ // Verify certificates against what was last scanned. If there was an upgrade or this is an
+ // updated priv app, we will force re-collecting certificate.
+ final boolean forceCollect = mIsUpgrade ||
+ PackageManagerServiceUtils.isApkVerificationForced(disabledPkgSetting);
// Full APK verification can be skipped during certificate collection, only if the file is
// in verified partition, or can be verified on access (when apk verity is enabled). In both
// cases, only data in Signing Block is verified instead of the whole file.