Actor signature overlayable policy There are cases where an app can ship overlays for itself, but the "signature" policy as described would open up a vulnerability by allowing the system actor to create and sign any arbitrary overlay that will apply to the target. To prevent this, redefine "signature" as target package only, and introduce "actor" for checking against the actor signature. Any app that wishes to use both can include both policies. Bug: 130563563 Test: m aapt2_tests idmapt2_tests and run from host test output Test: atest libandroidfw_tests Change-Id: I1c583a5b37f4abbeb18fc6a35c502377d8977a41

commit: f56ade365aa22e55655f0149cf47181cb3da6e8d [log] [tgz]
author: Winson <chiuwinson@google.com> Wed Dec 04 11:32:41 2019 -0800
committer: Winson <chiuwinson@google.com> Wed Feb 26 15:59:44 2020 -0800
tree: b20f400f7b598641a8731d3c9624c25ec4491d4b
parent: 62ac8b56a9f7cf75f3f0677ec37d8acb8def475c [diff] [blame]
diff --git a/cmds/idmap2/tests/TestConstants.h b/cmds/idmap2/tests/TestConstants.h
index c874dc9..6bc924e 100644
--- a/cmds/idmap2/tests/TestConstants.h
+++ b/cmds/idmap2/tests/TestConstants.h

@@ -19,8 +19,8 @@
 
 namespace android::idmap2::TestConstants {
 
-constexpr const auto TARGET_CRC = 0x76a20829;
-constexpr const auto TARGET_CRC_STRING = "76a20829";
+constexpr const auto TARGET_CRC = 0x41c60c8c;
+constexpr const auto TARGET_CRC_STRING = "41c60c8c";
 
 constexpr const auto OVERLAY_CRC = 0xc054fb26;
 constexpr const auto OVERLAY_CRC_STRING = "c054fb26";
commit	f56ade365aa22e55655f0149cf47181cb3da6e8d	[log] [tgz]
author	Winson <chiuwinson@google.com>	Wed Dec 04 11:32:41 2019 -0800
committer	Winson <chiuwinson@google.com>	Wed Feb 26 15:59:44 2020 -0800
tree	b20f400f7b598641a8731d3c9624c25ec4491d4b
parent	62ac8b56a9f7cf75f3f0677ec37d8acb8def475c [diff] [blame]