Parse APK manifest to extract version etc
Add libapkmanifest to encapsulate the parsing, with a small C++
library on top of libandroidfw.
Extract the zip-handling code from libapkverify into a separate
libapkzip, and fix up a bunch of tests tests, to keep the build happy.
We don't do anything with the manifest information except log it; more
to come in another CL.
Bug: 299591171
Test: atest libapkzip.test libapkverify.integration_test
libapkverify.test
Test: Manual - run VM, inspect logs.
Change-Id: I56d3bb7309d43ecb598a33320705d31948710f83
diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 6082422..8a8ad73 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -29,7 +29,7 @@
use crate::algorithms::SignatureAlgorithmID;
use crate::bytes_ext::{BytesExt, LengthPrefixed, ReadFromBytes};
-use crate::sigutil::*;
+use crate::sigutil::ApkSections;
pub const APK_SIGNATURE_SCHEME_V3_BLOCK_ID: u32 = 0xf05368c0;
@@ -161,7 +161,8 @@
// 1. Choose the strongest supported signature algorithm ID from signatures.
let strongest = self.strongest_signature()?;
- // 2. Verify the corresponding signature from signatures against signed data using public key.
+ // 2. Verify the corresponding signature from signatures against signed data using public
+ // key.
let verified_signed_data = self.verify_signature(strongest)?;
// 3. Verify the min and max SDK versions in the signed data match those specified for the
@@ -196,8 +197,8 @@
hex::encode(digest.digest.as_ref()),
);
- // 7. Verify that public key of the first certificate of certificates is identical
- // to public key.
+ // 7. Verify that public key of the first certificate of certificates is identical to public
+ // key.
let cert = verified_signed_data.certificates.first().context("No certificates listed")?;
let cert = X509::from_der(cert.as_ref())?;
ensure!(