commit 2b12e7c84a89f71e3869d8f0186d1946b8703081
author Orion Hodson <oth@google.com> Thu Jul 01 12:12:40 2021 +0100
committer Orion Hodson <oth@google.com> Thu Jul 01 12:12:40 2021 +0100
tree ed3cb64cbe581326cbc80dd90a29a812eceb3a1a
parent 7716e351eab610e41e454624937f8f1839aba027

installd: pass verification state from odsign to ART tools

Bug: 192049377
Test: manual
Change-Id: I10094499b6141e134cb873d6c6590a1731e5910b

cmds/installd/dexopt.cpp

diff --git a/cmds/installd/dexopt.cpp b/cmds/installd/dexopt.cpp
index 15f0c5b..cd5c36f 100644
--- a/cmds/installd/dexopt.cpp
+++ b/cmds/installd/dexopt.cpp
@@ -492,6 +492,14 @@
                  std::to_string(min_new_methods_percent_change));
         }
 
+        // On-device signing related. odsign sets the system property odsign.verification.success if
+        // AOT artifacts have the expected signatures.
+        const bool trust_art_apex_data_files =
+                ::android::base::GetBoolProperty("odsign.verification.success", false);
+        if (!trust_art_apex_data_files) {
+            AddRuntimeArg("-Xdeny-art-apex-data-files");
+        }
+
         // Do not add after dex2oat_flags, they should override others for debugging.
         PrepareArgs(profman_bin);
     }
@@ -1231,6 +1239,14 @@
             }
         }
 
+        // On-device signing related. odsign sets the system property odsign.verification.success if
+        // AOT artifacts have the expected signatures.
+        const bool trust_art_apex_data_files =
+                ::android::base::GetBoolProperty("odsign.verification.success", false);
+        if (!trust_art_apex_data_files) {
+            AddRuntimeArg("-Xdeny-art-apex-data-files");
+        }
+
         PrepareArgs(dexoptanalyzer_bin);
     }