diff options
| author | Yo Chiang <yochiang@google.com> | 2019-12-06 15:10:59 +0800 |
|---|---|---|
| committer | Yo Chiang <yochiang@google.com> | 2020-01-25 21:31:21 +0800 |
| commit | 61fc692d6675a6b2f35c7ff53ea8fa88728a1e39 (patch) | |
| tree | e2f4e9b3f07b59a2ac71945a1873b3086b110a85 /tools/aapt2/java/JavaClassGenerator.cpp | |
| parent | 85bb7887958053ecaae1891e3cc31e49b766f734 (diff) | |
DSU to support GSI key revocation list
DSU installation service fetches a key revocation list (key blacklist).
Revocation list is a https URL specified in a resource string.
Fetched result is cached in HttpResponseCache to save bandwidth, and the
cached result is always forced validated with server to ensure freshness.
In other words, fetching a revocation list is done via a "conditional GET",
such http GET returns a brief (304 NOT MODIFIED) response if ours cache is
still valid, else the server sends a (200 OK) response with new data.
TODO: Compare the installed DSU image's public key with the revocation
list and boot-ramdisk. If the public key is revoked then abort installation.
Bug: 128892201
Test: atest DynamicSystemInstallationServiceTests
Test: adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
--el KEY_USERDATA_SIZE 8589934592 \
-d file:///storage/emulated/0/Download/aosp_arm64-dsu_test.zip \
--es KEY_PUBKEY key1
Change-Id: I29ae088acb1bd23336ec09654f38b4fc464316d8
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator.cpp')
0 files changed, 0 insertions, 0 deletions