Skip apk verification when collecting certificates.
Bug: 154486093
Test: verified locally that this reduces 99% of the time taken to parse APK.
Change-Id: I6e1e5bc76c3e6b8e169c47847512b30aa1fe264e
diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
index 393e8db..2cae1d6 100644
--- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
+++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
@@ -360,7 +360,7 @@
* Verify the UID and return the installer package name.
*
* @return the package name of the installer, or null if it cannot be determined or it is
- * installed via adb.
+ * installed via adb.
*/
@Nullable
private String getInstallerPackageName(Intent intent) {
@@ -568,7 +568,10 @@
try (PackageParser2 parser = mParserSupplier.get()) {
ParsedPackage pkg = parser.parsePackage(installationPath, 0, false);
int flags = PackageManager.GET_SIGNING_CERTIFICATES | PackageManager.GET_META_DATA;
- pkg.setSigningDetails(ParsingPackageUtils.collectCertificates(pkg, false));
+ // APK signatures is already verified elsewhere in PackageManager. We do not need to
+ // verify it again since it could cause a timeout for large APKs.
+ pkg.setSigningDetails(
+ ParsingPackageUtils.collectCertificates(pkg, /* skipVerify= */ true));
return PackageInfoUtils.generate(
pkg,
null,
@@ -709,7 +712,7 @@
// Filter out the rule provider packages that are not system apps.
List<String> systemAppRuleProviders = new ArrayList<>();
- for (String ruleProvider: integrityRuleProviders) {
+ for (String ruleProvider : integrityRuleProviders) {
if (isSystemApp(ruleProvider)) {
systemAppRuleProviders.add(ruleProvider);
}