Add flag extend_vb_chain_to_updated_apk as read-only Due to a limitation in the current flag infra (b/299647580; device config not yet initialized for the code to be flagged in package manager), the only way forward is to make the flag read-only. It effectively turns the flag into a build-time flag, and remains to be off until Gantry ramp-up. Bug: 277344944 Test: Use the flag in package manager, it doesn't crash in the flag infra Change-Id: I059980ca0e15c24b54c3fece7bc69a8301246c7a

commit: 8c6d8c87b6f0dd16d4a1b3c06d2134b76792d165 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Thu Sep 07 13:39:22 2023 -0700
committer: Victor Hsieh <victorhsieh@google.com> Mon Sep 18 12:25:52 2023 -0700
tree: 00ce8ac46ce542c45fe170950ad57435f9e26dad
parent: 20dfc57ae9d5ef9e20982d82e49e5f3adba7c274 [diff]
diff --git a/core/java/android/security/flags.aconfig b/core/java/android/security/flags.aconfig
index cfc6f48..800149c 100644
--- a/core/java/android/security/flags.aconfig
+++ b/core/java/android/security/flags.aconfig

@@ -20,3 +20,11 @@
     description: "Feature flag for deprecating .fsv_sig"
     bug: "277916185"
 }
+
+flag {
+    name: "extend_vb_chain_to_updated_apk"
+    namespace: "hardware_backed_security"
+    description: "Use v4 signature and fs-verity to chain verification of allowlisted APKs to Verified Boot"
+    bug: "277916185"
+    is_fixed_read_only: true
+}
commit	8c6d8c87b6f0dd16d4a1b3c06d2134b76792d165	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Thu Sep 07 13:39:22 2023 -0700
committer	Victor Hsieh <victorhsieh@google.com>	Mon Sep 18 12:25:52 2023 -0700
tree	00ce8ac46ce542c45fe170950ad57435f9e26dad
parent	20dfc57ae9d5ef9e20982d82e49e5f3adba7c274 [diff]