| 9694657967c7fb62a74c187d01e1aaed1f2db7ac |
|
19-Dec-2016 |
Alex Klyubin <klyubin@google.com> |
Permit 65535 byte ZIP comments and empty Central Directory
This fixes two cosmetic issues in APK Signature Scheme v2 signature
verifier in Android Package Manager:
* Accept APKs with ZIP End of Central Directory comment of length
65535. Previously, only comments of length 65534 were accepted due
to a off by one bug.
* Accept APKs with empty ZIP Central Directory.
These issues should not affect actual APKs because they cannot have an
empty ZIP Central Directory (they must contain at least the
AndroidManifest.xml entry) and shouldn't contain any comments in ZIP
End of Central Directory.
Test: cts-tradefed run singleCommand cts --skip-device-info --skip-preconditions --skip-connectivity-check --abi arm64-v8a --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: I461c43472fa97c04e7579d129a6053e44233adb7
/frameworks/base/core/java/android/util/apk/ZipUtils.java
|
| 0722ffcd0699406efe21d2bd69cc8c1708fe858c |
|
19-Mar-2016 |
Alex Klyubin <klyubin@google.com> |
Unbreak verifying v2 signatures of large APKs.
The original implementation of APK Signature Scheme v2 verification
mmapped the whole APK. This does not work on devices with limited
amount of contiguous free logical memory, especially on 32-bit
devices where logical address space is relatively small. For example,
a 500 MB APK is unlikely to mmap on a Nexus 6.
This commit fixes the issue by switching the verification strategy
to mmapping each individual 1 MB chunk of the APK, digesting it, and
then immediately munmapping. This is about 5-10% slower than mmapping
the whole APK in one go.
Bug: 27613575
Change-Id: I4167d5a7720c1bb87a0edad5d4f2607f7d554b56
/frameworks/base/core/java/android/util/apk/ZipUtils.java
|
| e415718502897a4e5385af47d3bbe8c8257c2e5d |
|
05-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Verify APKs using APK Signature Scheme v2.
This makes Package Manager check whether an APK is signed using APK
Signature Scheme v2 and, if it is, verify the APK's signatures using
that scheme rather than the usual JAR signature scheme.
APK Signature Scheme v2 is a whole-file signature scheme which aims
to protect every single bit of the APK as opposed to the JAR signature
scheme which protects only the names and uncompressed contents of ZIP
entries.
The two main goals of APK Signature Scheme v2 are:
1. Detect any unauthorized modifications to the APK. This is achieved
by making the signature cover every byte of the APK being signed.
2. Enable much faster signature and integrity verification. This is
achieved by requiring only a minimal amount of APK parsing before
the signature is verified, thus completely bypassing ZIP entry
decompression and by making integrity verification parallelizable
by employing a hash tree.
Bug: 25794543
Change-Id: If59fe013f2e62bac7677bb20e65f6061b91eec2e
/frameworks/base/core/java/android/util/apk/ZipUtils.java
|