Add checks for CT public key against allowlist This CL adds a check to make sure the public key downloaded by the CTDownloader matches a known allowlist of keys. If the key does not appear in the allowlist, we cannot make guarantee that the key has not been tampered with, so we will not proceed with the downloads of the CT log list and its signature. Bug: 374719543 Test: atest NetworkSecurityUnitTests Change-Id: I185a2330d9a4d138c93522cd4b22920e8a2412a2

commit: 32c060fc81c919ed95f3d35d115876db9421211a [log] [tgz]
author: Sandro Montanari <sandrom@google.com> Wed Jan 15 09:49:10 2025 +0000
committer: Sandro Montanari <sandrom@google.com> Wed Mar 05 11:16:10 2025 +0000
tree: 240fdf2a07dea88ebcf87db3fb4554830a130177
parent: a812717d2dd3c8067aefc60f2c8caa60188f6fa4 [diff] [blame]
diff --git a/networksecurity/service/Android.bp b/networksecurity/service/Android.bp
index d7aacdb..3c964e5 100644
--- a/networksecurity/service/Android.bp
+++ b/networksecurity/service/Android.bp

@@ -32,6 +32,7 @@
         "framework-connectivity-pre-jarjar",
         "service-connectivity-pre-jarjar",
         "framework-statsd.stubs.module_lib",
+        "ServiceConnectivityResources",
     ],
 
     static_libs: [
commit	32c060fc81c919ed95f3d35d115876db9421211a	[log] [tgz]
author	Sandro Montanari <sandrom@google.com>	Wed Jan 15 09:49:10 2025 +0000
committer	Sandro Montanari <sandrom@google.com>	Wed Mar 05 11:16:10 2025 +0000
tree	240fdf2a07dea88ebcf87db3fb4554830a130177
parent	a812717d2dd3c8067aefc60f2c8caa60188f6fa4 [diff] [blame]