Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 39bad6c991469de140ab71ac2edf72666f79a65d^! / .
commit39bad6c991469de140ab71ac2edf72666f79a65d[log] [tgz]
authorKhaled Abdelmohsen <khelmy@google.com>Thu Mar 12 20:18:51 2020 +0000
committerKhaled Abdelmohsen <khelmy@google.com>Fri Mar 13 18:56:21 2020 +0000
tree3dd0e34c8ec38b67e8988e842218a0de3da9c064
parentf9fe6f87a9bd4006899c93af08f063f3060add43 [diff]
Change source stamp verifier outcome

Modify source stamp verifier to produce non-present stamps when
receiving an error while reading the stamp file in an APK.

Bug: 148005911
Test: atest FrameworksCoreTests:SourceStampVerifierTest
Change-Id: I7682f51761e60b4236424cf2cdb6119f53259ab0

diff --git a/core/java/android/util/apk/SourceStampVerifier.java b/core/java/android/util/apk/SourceStampVerifier.java
index 759c864..70e4a51 100644
--- a/core/java/android/util/apk/SourceStampVerifier.java
+++ b/core/java/android/util/apk/SourceStampVerifier.java

@@ -82,25 +82,34 @@
     public static SourceStampVerificationResult verify(String apkFile) {
         try (RandomAccessFile apk = new RandomAccessFile(apkFile, "r")) {
             return verify(apk);
-        } catch (Exception e) {
-            // Any exception in the SourceStamp verification returns a non-verified SourceStamp
-            // outcome without affecting the outcome of any of the other signature schemes.
-            return SourceStampVerificationResult.notVerified();
+        } catch (IOException e) {
+            // Any exception in reading the APK returns a non-present SourceStamp outcome
+            // without affecting the outcome of any of the other signature schemes.
+            return SourceStampVerificationResult.notPresent();
         }
     }
 
-    private static SourceStampVerificationResult verify(RandomAccessFile apk)
-            throws IOException, SignatureNotFoundException {
-        byte[] sourceStampCertificateDigest = getSourceStampCertificateDigest(apk);
-        if (sourceStampCertificateDigest == null) {
-            // SourceStamp certificate hash file not found, which means that there is not
-            // SourceStamp present.
+    private static SourceStampVerificationResult verify(RandomAccessFile apk) {
+        byte[] sourceStampCertificateDigest;
+        try {
+            sourceStampCertificateDigest = getSourceStampCertificateDigest(apk);
+            if (sourceStampCertificateDigest == null) {
+                // SourceStamp certificate hash file not found, which means that there is not
+                // SourceStamp present.
+                return SourceStampVerificationResult.notPresent();
+            }
+        } catch (IOException e) {
             return SourceStampVerificationResult.notPresent();
         }
-        SignatureInfo signatureInfo =
-                ApkSigningBlockUtils.findSignature(apk, SOURCE_STAMP_BLOCK_ID);
-        Map<Integer, byte[]> apkContentDigests = getApkContentDigests(apk);
-        return verify(signatureInfo, apkContentDigests, sourceStampCertificateDigest);
+
+        try {
+            SignatureInfo signatureInfo =
+                    ApkSigningBlockUtils.findSignature(apk, SOURCE_STAMP_BLOCK_ID);
+            Map<Integer, byte[]> apkContentDigests = getApkContentDigests(apk);
+            return verify(signatureInfo, apkContentDigests, sourceStampCertificateDigest);
+        } catch (IOException | SignatureNotFoundException e) {
+            return SourceStampVerificationResult.notVerified();
+        }
     }
 
     private static SourceStampVerificationResult verify(