9694657967c7fb62a74c187d01e1aaed1f2db7ac |
|
19-Dec-2016 |
Alex Klyubin <klyubin@google.com> |
Permit 65535 byte ZIP comments and empty Central Directory This fixes two cosmetic issues in APK Signature Scheme v2 signature verifier in Android Package Manager: * Accept APKs with ZIP End of Central Directory comment of length 65535. Previously, only comments of length 65534 were accepted due to a off by one bug. * Accept APKs with empty ZIP Central Directory. These issues should not affect actual APKs because they cannot have an empty ZIP Central Directory (they must contain at least the AndroidManifest.xml entry) and shouldn't contain any comments in ZIP End of Central Directory. Test: cts-tradefed run singleCommand cts --skip-device-info --skip-preconditions --skip-connectivity-check --abi arm64-v8a --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest Change-Id: I461c43472fa97c04e7579d129a6053e44233adb7
/frameworks/base/core/java/android/util/apk/ZipUtils.java
|
0722ffcd0699406efe21d2bd69cc8c1708fe858c |
|
19-Mar-2016 |
Alex Klyubin <klyubin@google.com> |
Unbreak verifying v2 signatures of large APKs. The original implementation of APK Signature Scheme v2 verification mmapped the whole APK. This does not work on devices with limited amount of contiguous free logical memory, especially on 32-bit devices where logical address space is relatively small. For example, a 500 MB APK is unlikely to mmap on a Nexus 6. This commit fixes the issue by switching the verification strategy to mmapping each individual 1 MB chunk of the APK, digesting it, and then immediately munmapping. This is about 5-10% slower than mmapping the whole APK in one go. Bug: 27613575 Change-Id: I4167d5a7720c1bb87a0edad5d4f2607f7d554b56
/frameworks/base/core/java/android/util/apk/ZipUtils.java
|
e415718502897a4e5385af47d3bbe8c8257c2e5d |
|
05-Jan-2016 |
Alex Klyubin <klyubin@google.com> |
Verify APKs using APK Signature Scheme v2. This makes Package Manager check whether an APK is signed using APK Signature Scheme v2 and, if it is, verify the APK's signatures using that scheme rather than the usual JAR signature scheme. APK Signature Scheme v2 is a whole-file signature scheme which aims to protect every single bit of the APK as opposed to the JAR signature scheme which protects only the names and uncompressed contents of ZIP entries. The two main goals of APK Signature Scheme v2 are: 1. Detect any unauthorized modifications to the APK. This is achieved by making the signature cover every byte of the APK being signed. 2. Enable much faster signature and integrity verification. This is achieved by requiring only a minimal amount of APK parsing before the signature is verified, thus completely bypassing ZIP entry decompression and by making integrity verification parallelizable by employing a hash tree. Bug: 25794543 Change-Id: If59fe013f2e62bac7677bb20e65f6061b91eec2e
/frameworks/base/core/java/android/util/apk/ZipUtils.java
|