Merge "Workaround for verifying large APKs." into nyc-dev am: 026cf53fe4

am: ea9917a570 * commit 'ea9917a5709fd0845a221cbae2fd8821c85f3d2f': Workaround for verifying large APKs.
2016-03-11 23:58:44 +00:00
parent 36e0bd87e5 ea9917a570
commit 7dc701956f
1 changed files with 33 additions and 7 deletions
--- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
@@ -84,8 +84,19 @@ public class ApkSignatureSchemeV2Verifier {
            if (fileSize > Integer.MAX_VALUE) {
                return false;
            }
-            MappedByteBuffer apkContents =
-                    apk.getChannel().map(FileChannel.MapMode.READ_ONLY, 0, fileSize);
+            MappedByteBuffer apkContents;
+            try {
+                apkContents = apk.getChannel().map(FileChannel.MapMode.READ_ONLY, 0, fileSize);
+            } catch (IOException e) {
+                if (e.getCause() instanceof OutOfMemoryError) {
+                    // TODO: Remove this temporary workaround once verifying large APKs is
+                    // supported. Very large APKs cannot be memory-mapped. This verification code
+                    // needs to change to use a different approach for verifying such APKs.
+                    return false; // Pretend that this APK does not have a v2 signature.
+                } else {
+                    throw new IOException("Failed to memory-map APK", e);
+                }
+            }
            // ZipUtils and APK Signature Scheme v2 verifier expect little-endian byte order.
            apkContents.order(ByteOrder.LITTLE_ENDIAN);

@@ -134,11 +145,26 @@ public class ApkSignatureSchemeV2Verifier {
        if (fileSize > Integer.MAX_VALUE) {
            throw new IOException("File too large: " + apk.length() + " bytes");
        }
-        MappedByteBuffer apkContents =
-                apk.getChannel().map(FileChannel.MapMode.READ_ONLY, 0, fileSize);
-        // Attempt to preload the contents into memory for faster overall verification (v2 and
-        // older) at the expense of somewhat increased latency for rejecting malformed APKs.
-        apkContents.load();
+        MappedByteBuffer apkContents;
+        try {
+            apkContents = apk.getChannel().map(FileChannel.MapMode.READ_ONLY, 0, fileSize);
+            // Attempt to preload the contents into memory for faster overall verification (v2 and
+            // older) at the expense of somewhat increased latency for rejecting malformed APKs.
+            apkContents.load();
+        } catch (IOException e) {
+            if (e.getCause() instanceof OutOfMemoryError) {
+                // TODO: Remove this temporary workaround once verifying large APKs is supported.
+                // Very large APKs cannot be memory-mapped. This verification code needs to change
+                // to use a different approach for verifying such APKs.
+                // This workaround pretends that this APK does not have a v2 signature. This works
+                // fine provided the APK is not actually v2-signed. If the APK is v2 signed, v2
+                // signature stripping protection inside v1 signature verification code will reject
+                // this APK.
+                throw new SignatureNotFoundException("Failed to memory-map APK", e);
+            } else {
+                throw new IOException("Failed to memory-map APK", e);
+            }
+        }
        return verify(apkContents);
    }