[go: nahoru, domu]
Google Git
Sign in
android / platform / frameworks / support / b309cdeb976c33a91306dbc6ff7851398b4f71c6^! / . / settings.gradle
commitb309cdeb976c33a91306dbc6ff7851398b4f71c6[log] [tgz]
authorWinson <chiuwinson@google.com>Wed Sep 23 10:52:42 2020 -0700
committerWinson <chiuwinson@google.com>Mon Nov 02 11:18:06 2020 -0800
treef3cd80526ac80d4af920f808aba12eec4018460b
parentd4ddf7a33292a10c3b1c5fa8bf24fc64c49b117b [diff] [blame]
Add PackageInfoCompat signature verification APIs

Create methods for retrieving the Signature[] for a package on device,
as well as verifying that a package has a set of certificates.

Checking by app UID is not supported. Callers must use package name.
This is done to ensure the system doesn't arbitrarily choose a package
to check against.

A matchExact parameter is provided to address compatibility for
un-patched devices that are affected by the certificate reference fake
ID vulnerability. For such devices, all certificates of the package
being checked must be verified.

Bug: 159831205

Test: androidx.core.content.pm.PackageInfoCompatSignaturesTest
Test: androidx.core.content.pm.PackageInfoCompatTest

Relnote: "Added PackageInfoCompat#getSignatures for retrieving the
    certificate array for a package"
Relnote: "Added PackageInfoCompat#hasSignatures for verifying package
    ceritificates"

Change-Id: I8e9a3ece2d45416abbcbaaa0cf2a0485180997d3

diff --git a/settings.gradle b/settings.gradle
index b19943d..fe0f50a 100644
--- a/settings.gradle
+++ b/settings.gradle

@@ -560,6 +560,7 @@
 includeProject(":internal-testutils-navigation", "testutils/testutils-navigation", [BuildType.MAIN, BuildType.FLAN])
 includeProject(":internal-testutils-paging", "testutils/testutils-paging", [BuildType.MAIN])
 includeProject(":internal-testutils-gradle-plugin", "testutils/testutils-gradle-plugin", [BuildType.MAIN, BuildType.FLAN])
+includeProject(":internal-testutils-mockito", "testutils/testutils-mockito", [BuildType.MAIN])
 
 /////////////////////////////
 //