APK Signature Scheme v3 enables APK signing key rotation by allowing
an APK to embed a proof-of-rotation structure linking past signing
certificates to the current one. This information needs to be exposed
to the system before it can be used to make authorization decisions.
Bug: 64686581
Test: Builds and boots.
Change-Id: I49961f92fcec141d73b36197147d5d8fa64c149e
Changes the default value of the settings_zone_picker_v2 to true to
allow more wide spread testing of the new zone picker.
Bug: 62255208
Test: manual
Change-Id: I6755a527ffa38835c126e4598be37b1d7035d0df
We changed the API to use long-based config keys instead of strings,
but we have some code that depends on the old API. Let's add them
back temporarily. The old API (that does nothing now) will be
deleted next month.
Test: N/A. Just to prevent build failures.
Bug: 69522276
Change-Id: Ibc51622371d4f3ced3e9b2f66a862dea1ac1c63c
This code was previously used by telephony
but was removed by frameworks/opt/telephony
commit a0f09cee0f6328ea104b9ef965a387b4a4652e8a
Bug: 63743683
Test: make droid
Change-Id: I83deffc2aadc098e1c976bf164a752e19b96c77a
This change makes APK signature verifier accept the 4k-based signature
algorithms.
Test: build, install apk with such algorithm by apksig
Bug: 30972906
Change-Id: I90f32a6779f258605668e44f0d66f53e6890cfa7
This change replaces fields from Package that relate to signing
with a single SigningDetails container. It does the same with
InstallArgs and InstallParams. This simplifies much of the code
that would have otherwise relied on synchronizing many fields and
will enable PackageManagerService to make install-time descisions
based on package data instead of forcing it to be part of package
parsing.
This is a retake of ag/3382280
Test: android.appsecurity.cts.PkgInstallSignatureVerificationTest passes.
Test: atest google/perf/boottime/boottime-test to ensure no startup regression.
Bug: 68860689
Change-Id: I0df45ce537df5552a7e60e4d727a4dcef23c2252
Mirrors the design of TimeUnit and ChronoUnit which many developers
are already familiar with, making it easy to pick up and use.
Yes, this is an enum.
Bug: 70915728
Test: bit FrameworksCoreTests:android.util.DataUnitTest
Change-Id: Id0cfdac5c81ed89c3c9ece23c964acba4a4f8471
This change replaces fields from Package that relate to signing
with a single SigningDetails container. It does the same with
InstallArgs and InstallParams. This simplifies much of the code
that would have otherwise relied on synchronizing many fields and
will enable PackageManagerService to make install-time descisions
based on package data instead of forcing it to be part of package
parsing.
Test: android.appsecurity.cts.PkgInstallSignatureVerificationTest passes.
Bug: 68860689
Change-Id: I53bc8c6908b61a54004d1b1d45637be9710ae72f
For JobScheduler, DeviceIdle and AppStandby constants, allow
using a more compact format than milliseconds,
which are a PITA to calculate.
So instead of 18640000000... whatever, you can
use PT2H (for 2 hours), or P2D (for 2 days), etc.
Uses Duration.parse() to do the parsing. See Duration
for format.
Test: adb shell settings put global app_standby_constants
screen_thresholds=0/PT2H/PT12H/P2D
Fixes: 71554131
Change-Id: I5141854ec7df6de266725a67f1f3e2a6e0b4c1c1
2/ Handle Subscription for alert.
3/ Support no_report_metric
Bug: 69522276
Test: all statsd unit tests passed.
Change-Id: I851b235f2d149b8602b0cad632d5bf541962f40a
Though not yet used, the Proof-of-rotation certificates are intended to be
used by the platform as equivalent to signing certificates, i.e. the presence
of a certificate in a Proof-of-rotation record should grant equivalent
capabilities as if the APK were signed by that certificate. For this to work,
each certificate needs to be signed by the previous one indicating a transfer
of trust all the way to the signing certificate of the APK. There is no case
in which the last certificate in the Proof-of-rotation record should not be
the one used to sign the APK, so enforce this during verification.
Bug: 64686581
Change-Id: Ia1b25a917a878fb378c8557b25a2bbfdd9da7d3d
Test: Builds, boots, passes
android.appsecurity.cts.PkgInstallSignatureVerificationTest
Add ApkSignatureSchemeV3Verifier to enable APKs to be signed with
the new signature scheme. Update the ApkSignatureVerifier to process
the results, but only pass on what's needed for the existing interface.
In the process, move the ApkSignatureSchemeV2 code into a common
area for use by any scheme that makes use of the APK Signature Block.
The primary purpose of APK Signature Scheme v3 is to enable applications
to rotate their signing key. This is accomplished by augmenting APK
Signature Scheme v2 to also include a new Proof-of-rotation struct, which
is fundamentally a singly linked list where each of the APK's signing
certificates is included in order, along with a signature over the next
certificate. Thus, each certificate contains proof that the private key
corresponding to the previous one blessed it. This provides evidence to
the platform that the new signing certificate should be as trusted as
the previously trusted one. This structure also includes some flags for
each certificate to indicate to the platform how the APK itself would
like to interract/trust the old certificates.
Bug: 64686581
Test: Builds, boots, passes
android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: I0f98ff13950af78f5d9b269f80d13af8891f7a2d
There are currently two conceptual operations performed by PackageParser
while parsing APKs: collecting certificates and verifying them.
ApkSignatureVerifier relies on the systemDir flag to indicate whether or
not it should do a full verification of a package, but this only applies
when verifying V1 (jar signed) APKs. This distinction should be explicitly
made. This creates cleaner code and also saves time when verifying V2
signed systemDir APKs.
Bug: 64686581
Test: Builds, boots, passes
android.appsecurity.cts.PkgInstallSignatureVerificationTest.
Change-Id: Ie8a0f8cad3dd8f70da791f2f1f4516e84e2ae4d0
This is a first step at a larger goal of moving instant app
verifications from parsing logic into install logic.
Test: manual - install v1 and v2 instant app and static lib
Test: android.appsecurity.cts.PkgInstallSignatureVerificationTest passes.
Change-Id: Iab50b91a6fb8ef014b573bb9f733d30c1aa6022f
Bug: 68860689
This API allows app to construct custom metrics based on labels
chosen by the app developers. Also added some buttons to manually
test this functionality in the dogfood app.
Test: Verified that Android can be built and tested with custom app.
Bug: 69522276
Change-Id: Ifb7abea4c1d62fb435a9cb6f32df12bc2234d82f
PackageParser shoudln't really need to know the gory details of APK
verification, it should just get back the blobs it needs to do its
job. Move the package verification into its own class which is
*almost* exclusively responsible for verifying app signatures. This
is in preparation for adding APK signature scheme v3, which will add
yet another way to do this.
Bug: 64686581
Test: Builds 'n' boots without issue.
Test: android.appsecurity.cts.PkgInstallSignatureVerificationTest passes.
Change-Id: Ieb76b2353bd44ffdb83e7b894e5ad720d1697dc7
