[pm] Always load rotated certificates for v4 signature
The optimized 'unsafe' function for loading v4 signature used to
not look into the corresponding v2/3/3.1 block in the apk, and
thus only returned the information from the v4 signature file.
That information has no past certificates - and unfortunately
we would use that in PackageManager as the main signing info
for the package when removing a split as the only action of
the installation session. It's also possible that some other
place may start using the same function for loading the main
package signing info, and lose the past signers there too.
This change ensures that we always load those, making the
'unsafe' signature loading a bit slower, but much safer to use.
Bug: 378539511
Flag: android.content.pm.always_load_past_certs_v4
Test: install a v4-signed app and remove a split
Change-Id: I59e55eddd7f93a013aa5cc39c5e577a6e7e1bec9
2 files changed
