Blacklist known signatures of APEX Q packages.
Bug: 138691256
Test: atest PackageSignatureTest (verified google-devkeys-signed apexes
are making the test fail)
Change-Id: If0b633cbbd23a43ad4ce6217288900715b310add
Merged-In: If0b633cbbd23a43ad4ce6217288900715b310add
(cherry picked from commit 8c63275d16cb2edc854d9224dc048be1bd41a817)
diff --git a/tests/tests/security/res/raw/sig_com_android_conscrypt.bin b/tests/tests/security/res/raw/sig_com_android_conscrypt.bin
new file mode 100644
index 0000000..67e87a1
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_conscrypt.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_media.bin b/tests/tests/security/res/raw/sig_com_android_media.bin
new file mode 100644
index 0000000..d33cb3f
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_media.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_media_swcodec.bin b/tests/tests/security/res/raw/sig_com_android_media_swcodec.bin
new file mode 100644
index 0000000..8c663d4
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_media_swcodec.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_resolv.bin b/tests/tests/security/res/raw/sig_com_android_resolv.bin
new file mode 100644
index 0000000..cae337e
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_resolv.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_runtime_debug.bin b/tests/tests/security/res/raw/sig_com_android_runtime_debug.bin
new file mode 100644
index 0000000..8248649
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_runtime_debug.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_runtime_release.bin b/tests/tests/security/res/raw/sig_com_android_runtime_release.bin
new file mode 100644
index 0000000..55640d7
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_runtime_release.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_tzdata.bin b/tests/tests/security/res/raw/sig_com_android_tzdata.bin
new file mode 100644
index 0000000..f4339e6
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_tzdata.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_conscrypt.bin b/tests/tests/security/res/raw/sig_com_google_android_conscrypt.bin
new file mode 100644
index 0000000..e27820f
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_conscrypt.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_media.bin b/tests/tests/security/res/raw/sig_com_google_android_media.bin
new file mode 100644
index 0000000..1259311
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_media.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_media_swcodec.bin b/tests/tests/security/res/raw/sig_com_google_android_media_swcodec.bin
new file mode 100644
index 0000000..0e72db7
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_media_swcodec.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_resolv.bin b/tests/tests/security/res/raw/sig_com_google_android_resolv.bin
new file mode 100644
index 0000000..f5de871
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_resolv.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_runtime_debug.bin b/tests/tests/security/res/raw/sig_com_google_android_runtime_debug.bin
new file mode 100644
index 0000000..e28c489
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_runtime_debug.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_runtime_release.bin b/tests/tests/security/res/raw/sig_com_google_android_runtime_release.bin
new file mode 100644
index 0000000..96c192c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_runtime_release.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_android_tzdata.bin b/tests/tests/security/res/raw/sig_com_google_android_tzdata.bin
new file mode 100644
index 0000000..abcc35f
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_android_tzdata.bin
Binary files differ
diff --git a/tests/tests/security/src/android/security/cts/PackageSignatureTest.java b/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
index 9ce81a8..1f4eba1 100644
--- a/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
+++ b/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
@@ -52,9 +52,11 @@
PackageManager packageManager = mContext.getPackageManager();
List<PackageInfo> allPackageInfos = packageManager.getInstalledPackages(
PackageManager.GET_UNINSTALLED_PACKAGES |
- PackageManager.GET_SIGNATURES);
+ PackageManager.GET_SIGNATURES |
+ PackageManager.MATCH_APEX);
for (PackageInfo packageInfo : allPackageInfos) {
String packageName = packageInfo.packageName;
+ Log.v(TAG, "Scanning " + packageName);
if (packageName != null && !isWhitelistedPackage(packageName)) {
for (Signature signature : packageInfo.signatures) {
if (wellKnownSignatures.contains(signature)) {
@@ -80,6 +82,20 @@
wellKnownSignatures.add(getSignature(R.raw.sig_devkeys_platform));
wellKnownSignatures.add(getSignature(R.raw.sig_devkeys_shared));
wellKnownSignatures.add(getSignature(R.raw.sig_devkeys_networkstack));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_conscrypt));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_media));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_media_swcodec));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_resolv));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_runtime_debug));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_runtime_release));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_tzdata));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_conscrypt));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_media));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_media_swcodec));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_resolv));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_runtime_debug));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_runtime_release));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_tzdata));
return wellKnownSignatures;
}
