diff options
| author | Torne (Richard Coles) <torne@google.com> | 2018-07-19 14:27:06 -0400 |
|---|---|---|
| committer | Torne (Richard Coles) <torne@google.com> | 2018-08-03 15:49:19 -0400 |
| commit | 8f1ec88053a854b8c8d165e74f866f0c6059208b (patch) | |
| tree | a9c4a9002b8967f056d9fec66d439df5e5f9f6d7 /rs/java/android/renderscript/ProgramFragmentFixedFunction.java | |
| parent | 8f80b51b92cd8aed3ea9a3494e7b3eb7af2de8e0 (diff) | |
Skip signature checking preinstalled WebViews.
Instead of first checking the signature, and only checking if the
package is a system app as a fallback in the case where there is no
specified correct signature, simply allow preinstalled packages without
checking the signature, and only check the signature if it's not
preinstalled.
The new implementation actually matches the documentation given in the
XML config file for the behaviour, and makes some use cases easier to
work with: for example, it's now possible to specify the "release" key
for a package in the XML file such that the appropriately signed APK
will work even if not preinstalled, while still allowing a "debug" key
signed version to be preinstalled in other cases without changing the
configuration.
This does not reduce the security provided, since if an attacker can
modify the system image to preinstall a package, they could already
modify the XML configuration to change the signing requirements.
Also: comment the function more thoroughly/clearly to make the cases
easier to understand.
Test: existing WebView CTS & GTS tests
Change-Id: I334d03d1ed438fbfd5854e07485d8e70a41c7d2b
Diffstat (limited to 'rs/java/android/renderscript/ProgramFragmentFixedFunction.java')
0 files changed, 0 insertions, 0 deletions