diff options
| author | Michael Groover <mpgroover@google.com> | 2021-01-22 18:02:40 -0800 | 
|---|---|---|
| committer | Michael Groover <mpgroover@google.com> | 2021-01-27 18:01:13 +0000 | 
| commit | 40447c5ee1b484828637cc8c523f437033278bd9 (patch) | |
| tree | 0028af91adba861d514d5c5984ab32a625a514f2 /tools/aidl/generate_java.cpp | |
| parent | 918e1e01c41e19e84025204061585eb1a16a0170 (diff) | |
Grant signature permission to requesting app with common signer
Previously signature permissions were only granted to a requesting app
under the following conditions:
- Both apps are signed by the same signer
- The requesting app's current signer is in the lineage of the
  declaring app, and this signer in the declaring app still has the
  permission capability granted
- The declaring app's current signer is in the lineage of the
  requesting app
However these requirements prevent the signing keys from diverging,
meaning all apps must always be signed by the same key (or remain at
a previous key in the lineage); this goes against signing key best
practices. This commit allows a signature permission to be granted
to a requesting app if it has a signing key in its lineage in common
with the declaring app, and the declaring app has still granted the
permission capability to that key.
Fixes: 176814921
Test: atest SigningDetailsTest
Test: atest PkgInstallSignatureVerificationTest
Change-Id: I386b53085fc47e5111fe083c934045f5fb8154f1
Diffstat (limited to 'tools/aidl/generate_java.cpp')
0 files changed, 0 insertions, 0 deletions
