Skip to content
Commit cdd685c0 authored by Svetoslav Ganov's avatar Svetoslav Ganov
Browse files

Use all certs for computing package signing sha256 

In several places we compute the sha256 of the app's signing certificate
(instant cookie storage, backup account permission grants, static shared
lib matching). It is possible that an app is singed with multiple certs
which unfortunately can appear in a random order. We were using only the
first certificate to compute the hash which may be problematic for apps
signed with multiple certs which are later reordered. If an app update's
certs are reordered for cookie storage the app would not be able to
access the cookie, for account grants the app would not get the grant,
and for shared libs the app would fail to install due to a missing lib.

Test: all cookie CTS tests pass
      all static shared lib CTS tests pass
      added test that cookie data not lost on sha256 computation change
      added test that lib install works when specifying
      multiple certs

bug:64270295

Change-Id: Ib6b55f25da735ff5c2762faf6e9b5888e749041d
parent 0862898a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment