Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 8d1553b9b1be06100ce4f4cc4c8c5088b48995a2
commit8d1553b9b1be06100ce4f4cc4c8c5088b48995a2[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Fri Apr 20 15:45:37 2018 -0700
committerVictor Hsieh <victorhsieh@google.com>Mon Apr 23 19:22:28 2018 +0000
treee2925e06873d529591190cc617a558b5575df890
parentcef96f69d7b6bc2c435db0905ee37b3a48f1c865 [diff]
Verify best signature algorithms of all signers

The previous implementation does not verify signature algorithms of all
signers.  It's possible that the attacker can take an old apk (with
digest and signature of old algorithm) and add their own signer block
with new/P digest and signature.  In this case, the old implementation
only verifies the attacker's signature, thus the attacker can change apk
content easily.

The solution here is to verify digests of all best signature algorithms
by all signers.

It is expected to increase verification time, if the apk does have
multiple signers with different type of digests.

Test: apks still install
Bug: 78359754
Change-Id: I607edf219c25a2a7adfa27a21a94e9bfefbb6cec
Merged-In: I607edf219c25a2a7adfa27a21a94e9bfefbb6cec
(cherry picked from commit 2f2ced93e3176d71dbd23e7f71a3d78b6dc09830)
1 file changed
tree: e2925e06873d529591190cc617a558b5575df890
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-base/
  28. test-legacy/
  29. test-mock/
  30. test-runner/
  31. tests/
  32. tools/
  33. vr/
  34. wifi/
  35. Android.bp
  36. Android.mk
  37. CleanSpec.mk
  38. MODULE_LICENSE_APACHE2
  39. NOTICE
  40. pathmap.mk
  41. PREUPLOAD.cfg