diff options
| author | Victor Hsieh <victorhsieh@google.com> | 2020-03-10 13:53:42 -0700 |
|---|---|---|
| committer | Vikas Marwaha <vikasmarwaha@google.com> | 2020-08-25 21:08:12 +0000 |
| commit | 53225bb6d1014312a682a2e0c59677df0e8fc75d (patch) | |
| tree | 91e48a272309b9824b0c4e887973d02d491b9659 /9_security-model | |
| parent | db918c92f671f049c0ec06a8c4aca987bb06af36 (diff) | |
| download | platform_compatibility_cdd-53225bb6d1014312a682a2e0c59677df0e8fc75d.tar.gz platform_compatibility_cdd-53225bb6d1014312a682a2e0c59677df0e8fc75d.tar.bz2 platform_compatibility_cdd-53225bb6d1014312a682a2e0c59677df0e8fc75d.zip | |
CDD: Added requirements of file-based on-access verification
The new articles require device implementation to support on-access
verification with trusted certificates, such that for an enabled file,
if a part of the file is tampered with, a read from the tampered part
will fail.
As an example, fs-verity, which is an implementation in Linux kernel
and is used to protect an APK if the APK is installed with a trusted
signature.
Test: check in an MD viewer
Bug: 144365636
Change-Id: Icae88a7cc3e4cdb61cf08cab98ab8adfa2931f77
Diffstat (limited to '9_security-model')
| -rw-r--r-- | 9_security-model/9_10_device-integrity.md | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/9_security-model/9_10_device-integrity.md b/9_security-model/9_10_device-integrity.md index cba1739e..b3f6dea9 100644 --- a/9_security-model/9_10_device-integrity.md +++ b/9_security-model/9_10_device-integrity.md @@ -70,6 +70,24 @@ Android. Device implementations: +* [C-0-3] MUST support cryptographically verifying file content against a + trusted key without reading the whole file. +* [C-0-4] MUST NOT allow the read requests on a protected file to succeed + when the read content do not verify against a trusted key. +* [C-0-5] MUST enable the above-described cryptographic file verification + protection for all files for the package that is installed + with trusted signature files as described [here]( + https://developer.android.com/preview/security/features/apk-verity). + +If device implementations are already launched without the ability to verify +file content against a trusted key on an earlier Android version and can not add +support for this feature with a system software update, they MAY be exempted +from the requirement. The upstream Android Open Source project provides a +preferred implementation of this feature based on the Linux kernel [fs-verity]( +https://www.kernel.org/doc/html/latest/filesystems/fsverity.html) feature. + +Device implementations: + * [C-R] Are RECOMMENDED to support the [Android Protected Confirmation API]( https://developer.android.com/preview/features/security.html#user-confirmation). |