Add ROLLBACK past signing cert capability.
Add a new capability that may be granted to past signing certificates
after changing to a new signing certificate that will allow applications
to go back to a previous signing certificate. This capability is
intended to not be granted, but may be added later in the event that
a signing certificate change caused undesirable behavior.
(cherry-pick of commit: 26f734ffa011f6f22e5f83a9a80b877ddcc0c10a)
Bug: 73927694
Test: bazel test ...
Change-Id: Ic837ec66a97865ce941b202093e9bbe26fcfba90
Merged-In: Ic837ec66a97865ce941b202093e9bbe26fcfba90
diff --git a/src/main/java/com/android/apksig/SigningCertificateLineage.java b/src/main/java/com/android/apksig/SigningCertificateLineage.java
index b3d10f2..440f13d 100644
--- a/src/main/java/com/android/apksig/SigningCertificateLineage.java
+++ b/src/main/java/com/android/apksig/SigningCertificateLineage.java
@@ -81,6 +81,14 @@
/** grant SIGNATURE permissions to pkgs with this cert */
private static final int PAST_CERT_PERMISSION = 4;
+ /**
+ * Enable updates back to this certificate. WARNING: this effectively removes any benefit of
+ * signing certificate changes, since a compromised key could retake control of an app even
+ * after change, and should only be used if there is a problem encountered when trying to ditch
+ * an older cert.
+ */
+ private static final int PAST_CERT_ROLLBACK = 8;
+
private final int mMinSdkVersion;
/**
@@ -571,6 +579,25 @@
}
/**
+ * Set the {@code PAST_CERT_ROLLBACK} flag in this capabilities object. This flag
+ * is used by the platform to determine if this app is willing to upgrade to a new
+ * version that is signed by one of its past signing certificates.
+ *
+ * <note> WARNING: this effectively removes any benefit of signing certificate changes,
+ * since a compromised key could retake control of an app even after change, and should
+ * only be used if there is a problem encountered when trying to ditch an older cert
+ * </note>
+ */
+ public Builder setRollback(boolean enabled) {
+ if (enabled) {
+ mFlags |= PAST_CERT_ROLLBACK;
+ } else {
+ mFlags &= ~PAST_CERT_ROLLBACK;
+ }
+ return this;
+ }
+
+ /**
* Returns a new {@code SignerConfig} instance configured based on the configuration of
* this builder.
*/