diff options
author | Michael Groover <mpgroover@google.com> | 2022-04-27 05:30:53 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-04-27 05:30:53 +0000 |
commit | 52d2a0536fc31b4a75343936c672303283092e8e (patch) | |
tree | 6c20a33b3909f7b814b3e2fb1308e605d83c82ac | |
parent | 45343b234b5c563e424177c66e6c6021edc7a013 (diff) | |
parent | 8083582d084031424d959afb679a2114c9a5d4ac (diff) | |
download | apksig-52d2a0536fc31b4a75343936c672303283092e8e.tar.gz |
Ensure v3.0 signer returned when app min SDK equals rotation min SDK am: 8083582d08
Original change: https://googleplex-android-review.googlesource.com/c/platform/tools/apksig/+/17968716
Change-Id: Ib8ee1b67aa54cbf00ee91f90e2ccaaabd4a74f4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | src/main/java/com/android/apksig/DefaultApkSignerEngine.java | 9 | ||||
-rw-r--r-- | src/test/java/com/android/apksig/ApkSignerTest.java | 31 | ||||
-rw-r--r-- | src/test/resources/com/android/apksig/original-minSdk32.apk | bin | 0 -> 12695 bytes |
3 files changed, 39 insertions, 1 deletions
diff --git a/src/main/java/com/android/apksig/DefaultApkSignerEngine.java b/src/main/java/com/android/apksig/DefaultApkSignerEngine.java index 6423804..62c24bc 100644 --- a/src/main/java/com/android/apksig/DefaultApkSignerEngine.java +++ b/src/main/java/com/android/apksig/DefaultApkSignerEngine.java @@ -426,7 +426,14 @@ public class DefaultApkSignerEngine implements ApkSignerEngine { // at this point (and likely only one will be needed processedConfigs.add(config); currentMinSdk = config.minSdkVersion; - if (currentMinSdk <= mMinSdkVersion || currentMinSdk <= AndroidSdkVersion.P) { + // If the rotation is targeting a development release and this is the v3.1 signer, then + // the minSdkVersion of this signer should equal the maxSdkVersion of the next signer; + // this ensures a package with the minSdkVersion set to the rotationMinSdkVersion has + // a v3.0 block with the min / max SDK version set to this same minSdkVersion from the + // v3.1 block. + if ((mRotationTargetsDevRelease && currentMinSdk < mMinSdkVersion) + || (!mRotationTargetsDevRelease && currentMinSdk <= mMinSdkVersion) + || currentMinSdk <= AndroidSdkVersion.P) { // this satisfies all we need, stop here break; } diff --git a/src/test/java/com/android/apksig/ApkSignerTest.java b/src/test/java/com/android/apksig/ApkSignerTest.java index 46126bb..adc3a38 100644 --- a/src/test/java/com/android/apksig/ApkSignerTest.java +++ b/src/test/java/com/android/apksig/ApkSignerTest.java @@ -1804,6 +1804,37 @@ public class ApkSignerTest { } @Test + public void testV31_rotationMinSdkVersionEqualsMinSdkVersion_v3SignerPresent() + throws Exception { + // The SDK version for Sv2 (32) is used as the minSdkVersion for the V3.1 signature + // scheme to allow rotation to target the T development platform; this will be updated + // to the real SDK version of T once its SDK is finalized. This test verifies if a + // package has Sv2 as its minSdkVersion, the signing can complete as expected with the + // v3 block signed by the original signer and targeting just Sv2, and the v3.1 block + // signed by the rotated signer and targeting the dev release of Sv2 and all later releases. + List<ApkSigner.SignerConfig> rsa2048SignerConfigWithLineage = + Arrays.asList( + getDefaultSignerConfigFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME), + getDefaultSignerConfigFromResources(SECOND_RSA_2048_SIGNER_RESOURCE_NAME)); + SigningCertificateLineage lineage = + Resources.toSigningCertificateLineage( + ApkSignerTest.class, LINEAGE_RSA_2048_2_SIGNERS_RESOURCE_NAME); + + File signedApk = sign("original-minSdk32.apk", + new ApkSigner.Builder(rsa2048SignerConfigWithLineage) + .setV1SigningEnabled(true) + .setV2SigningEnabled(true) + .setV3SigningEnabled(true) + .setV4SigningEnabled(false) + .setMinSdkVersionForRotation(V3SchemeConstants.MIN_SDK_WITH_V31_SUPPORT) + .setSigningCertificateLineage(lineage)); + ApkVerifier.Result result = verify(signedApk, null); + + assertVerified(result); + assertEquals(AndroidSdkVersion.Sv2, result.getV3SchemeSigners().get(0).getMaxSdkVersion()); + } + + @Test public void testV31_rotationMinSdkVersionTWithoutLineage_v30VerificationSucceeds() throws Exception { // apksig allows setting a rotation-min-sdk-version without providing a rotated signing diff --git a/src/test/resources/com/android/apksig/original-minSdk32.apk b/src/test/resources/com/android/apksig/original-minSdk32.apk Binary files differnew file mode 100644 index 0000000..1d50f27 --- /dev/null +++ b/src/test/resources/com/android/apksig/original-minSdk32.apk |