Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / cd4cb81fbad35249c27a26bb62756fe7d57804c6
commitcd4cb81fbad35249c27a26bb62756fe7d57804c6[log] [tgz]
authorDan Cashman <dcashman@google.com>Tue Jan 02 14:55:58 2018 -0800
committerDan Cashman <dcashman@google.com>Tue Jan 02 15:51:07 2018 -0800
tree480e8e23b44f16a583025c33e1a9c3202e68653d
parent67096e08a72beea85979a3aa9fc5b376b2c2b5ad [diff]
APK Signature Scheme v3: require Proof-of-rotation and signing certs to match.

Though not yet used, the Proof-of-rotation certificates are intended to be
used by the platform as equivalent to signing certificates, i.e. the presence
of a certificate in a Proof-of-rotation record should grant equivalent
capabilities as if the APK were signed by that certificate.  For this to work,
each certificate needs to be signed by the previous one indicating a transfer
of trust all the way to the signing certificate of the APK.  There is no case
in which the last certificate in the Proof-of-rotation record should not be
the one used to sign the APK, so enforce this during verification.

Bug: 64686581
Change-Id: Ia1b25a917a878fb378c8557b25a2bbfdd9da7d3d
Test: Builds, boots, passes
      android.appsecurity.cts.PkgInstallSignatureVerificationTest
1 file changed
tree: 480e8e23b44f16a583025c33e1a9c3202e68653d
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-base/
  28. test-mock/
  29. test-runner/
  30. tests/
  31. tools/
  32. vr/
  33. wifi/
  34. Android.bp
  35. Android.mk
  36. CleanSpec.mk
  37. MODULE_LICENSE_APACHE2
  38. NOTICE
  39. pathmap.mk
  40. PREUPLOAD.cfg