diff options
| author | Victor Hsieh <victorhsieh@google.com> | 2018-04-20 15:45:37 -0700 |
|---|---|---|
| committer | Victor Hsieh <victorhsieh@google.com> | 2018-04-23 19:22:28 +0000 |
| commit | 8d1553b9b1be06100ce4f4cc4c8c5088b48995a2 (patch) | |
| tree | e2925e06873d529591190cc617a558b5575df890 /tools/aapt2/java/JavaClassGenerator_test.cpp | |
| parent | cef96f69d7b6bc2c435db0905ee37b3a48f1c865 (diff) | |
Verify best signature algorithms of all signers
The previous implementation does not verify signature algorithms of all
signers. It's possible that the attacker can take an old apk (with
digest and signature of old algorithm) and add their own signer block
with new/P digest and signature. In this case, the old implementation
only verifies the attacker's signature, thus the attacker can change apk
content easily.
The solution here is to verify digests of all best signature algorithms
by all signers.
It is expected to increase verification time, if the apk does have
multiple signers with different type of digests.
Test: apks still install
Bug: 78359754
Change-Id: I607edf219c25a2a7adfa27a21a94e9bfefbb6cec
Merged-In: I607edf219c25a2a7adfa27a21a94e9bfefbb6cec
(cherry picked from commit 2f2ced93e3176d71dbd23e7f71a3d78b6dc09830)
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')
0 files changed, 0 insertions, 0 deletions