Skip to content
Commit 5f761245 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Skip priv app full apk verification if has verify 

When ro.apk_verity.mode is on, full apk verification is only skipped if
the apk already has verity enabled in the file system, and if the apk
contains the Merkle tree root hash we need.

Since the configuration in the file system is duplicated from the apk
(including the offset and size of Signing Block and the Merkle tree),
in order to prevent offline attacker from changing it, we need to
measure the observed configuration and make sure it matches the kernel's
view.

Test: observed package manager's requeset to installd (only) for updated
      priv apps.
Bug: 30972906

Change-Id: I33531a3f6148232b777ea8bfd02f13700649e317
parent d93a7959
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment