1 files changed, 26 insertions, 3 deletions

diff --git a/android/util/jar/StrictJarVerifier.java b/android/util/jar/StrictJarVerifier.java
index debc170f..45254908 100644
--- a/android/util/jar/StrictJarVerifier.java
+++ b/android/util/jar/StrictJarVerifier.java
@@ -18,6 +18,8 @@
 package android.util.jar;
 
 import android.util.apk.ApkSignatureSchemeV2Verifier;
+import android.util.apk.ApkSignatureSchemeV3Verifier;
+
 import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
@@ -36,6 +38,7 @@ import java.util.Map;
 import java.util.StringTokenizer;
 import java.util.jar.Attributes;
 import java.util.jar.JarFile;
+
 import sun.security.jca.Providers;
 import sun.security.pkcs.PKCS7;
 import sun.security.pkcs.SignerInfo;
@@ -56,6 +59,15 @@ import sun.security.pkcs.SignerInfo;
  */
 class StrictJarVerifier {
     /**
+     * {@code .SF} file header section attribute indicating that the APK is signed not just with
+     * JAR signature scheme but also with APK Signature Scheme v2 or newer. This attribute
+     * facilitates v2 signature stripping detection.
+     *
+     * <p>The attribute contains a comma-separated set of signature scheme IDs.
+     */
+    private static final String SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME = "X-Android-APK-Signed";
+
+    /**
      * List of accepted digest algorithms. This list is in order from most
      * preferred to least preferred.
      */
@@ -373,17 +385,17 @@ class StrictJarVerifier {
             return;
         }
 
-        // If requested, check whether APK Signature Scheme v2 signature was stripped.
+        // If requested, check whether a newer APK Signature Scheme signature was stripped.
         if (signatureSchemeRollbackProtectionsEnforced) {
             String apkSignatureSchemeIdList =
-                    attributes.getValue(
-                            ApkSignatureSchemeV2Verifier.SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME);
+                    attributes.getValue(SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME);
             if (apkSignatureSchemeIdList != null) {
                 // This field contains a comma-separated list of APK signature scheme IDs which
                 // were used to sign this APK. If an ID is known to us, it means signatures of that
                 // scheme were stripped from the APK because otherwise we wouldn't have fallen back
                 // to verifying the APK using the JAR signature scheme.
                 boolean v2SignatureGenerated = false;
+                boolean v3SignatureGenerated = false;
                 StringTokenizer tokenizer = new StringTokenizer(apkSignatureSchemeIdList, ",");
                 while (tokenizer.hasMoreTokens()) {
                     String idText = tokenizer.nextToken().trim();
@@ -402,6 +414,12 @@ class StrictJarVerifier {
                         v2SignatureGenerated = true;
                         break;
                     }
+                    if (id == ApkSignatureSchemeV3Verifier.SF_ATTRIBUTE_ANDROID_APK_SIGNED_ID) {
+                        // This APK was supposed to be signed with APK Signature Scheme v3 but no
+                        // such signature was found.
+                        v3SignatureGenerated = true;
+                        break;
+                    }
                 }
 
                 if (v2SignatureGenerated) {
@@ -409,6 +427,11 @@ class StrictJarVerifier {
                             + " is signed using APK Signature Scheme v2, but no such signature was"
                             + " found. Signature stripped?");
                 }
+                if (v3SignatureGenerated) {
+                    throw new SecurityException(signatureFile + " indicates " + jarName
+                            + " is signed using APK Signature Scheme v3, but no such signature was"
+                            + " found. Signature stripped?");
+                }
             }
         }