Skip to content
Commit 61fc692d authored by Yo Chiang's avatar Yo Chiang
Browse files

DSU to support GSI key revocation list 

DSU installation service fetches a key revocation list (key blacklist).
Revocation list is a https URL specified in a resource string.

Fetched result is cached in HttpResponseCache to save bandwidth, and the
cached result is always forced validated with server to ensure freshness.
In other words, fetching a revocation list is done via a "conditional GET",
such http GET returns a brief (304 NOT MODIFIED) response if ours cache is
still valid, else the server sends a (200 OK) response with new data.

TODO: Compare the installed DSU image's public key with the revocation
list and boot-ramdisk. If the public key is revoked then abort installation.

Bug: 128892201
Test: atest DynamicSystemInstallationServiceTests
Test: adb shell am start-activity \
    -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
    -a android.os.image.action.START_INSTALL \
    --el KEY_USERDATA_SIZE 8589934592 \
    -d file:///storage/emulated/0/Download/aosp_arm64-dsu_test.zip \
    --es KEY_PUBKEY key1

Change-Id: I29ae088acb1bd23336ec09654f38b4fc464316d8
parent 85bb7887
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment