Verify APKs using APK Signature Scheme v2.
This makes Package Manager check whether an APK is signed using APK
Signature Scheme v2 and, if it is, verify the APK's signatures using
that scheme rather than the usual JAR signature scheme.
APK Signature Scheme v2 is a whole-file signature scheme which aims
to protect every single bit of the APK as opposed to the JAR signature
scheme which protects only the names and uncompressed contents of ZIP
entries.
The two main goals of APK Signature Scheme v2 are:
1. Detect any unauthorized modifications to the APK. This is achieved
by making the signature cover every byte of the APK being signed.
2. Enable much faster signature and integrity verification. This is
achieved by requiring only a minimal amount of APK parsing before
the signature is verified, thus completely bypassing ZIP entry
decompression and by making integrity verification parallelizable
by employing a hash tree.
Bug: 25794543
Change-Id: If59fe013f2e62bac7677bb20e65f6061b91eec2e
5 files changed