Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 1508df29f8cc345ca85963893eaa0eddd456702c
commit1508df29f8cc345ca85963893eaa0eddd456702c[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Mon Dec 04 11:31:21 2023 +0000
committerAlan Stokes <alanstokes@google.com>Wed Dec 06 13:52:26 2023 +0000
treeec1c0808a9cc67889bcb9824ed8bec48232913f7
parent31c401c9303fecf1b2544f96585f8e77e7d9b304 [diff]
Use cert hash not public key for APK authority

Previously we were using the public key of an APK as the input to the
authority hash for the VM, and as the authority hash in its
Subcomponent - as we do for an APEX.

Instead, use a hash of the certificate. Android has always required
the certificate to be consistent over versions of an APK, not just the
public key, and a hash of the certificate (with the package name) is
widely used to uniquely identify an APK.

This triggered slightly more refactoring than was perhaps strictly
necessary. I didn't want libapkverify to force a choice of what the
relevant data was; instead we return the SignedData and let the client
request what they want.

I removed the RootHash typdef, as it seemed to me it was hiding
information rather than making it clear.

Bug: 305925597
Test: atest libapkverify.test libapkverify.integration_test
Test: atest microdroid_manager_test
Test: atest MicrodroidTests
Change-Id: I7669fc468802d25a422e81d344e6655df5b0e636
7 files changed
tree: ec1c0808a9cc67889bcb9824ed8bec48232913f7
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. compos/
  5. demo/
  6. demo_native/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. service_vm/
  17. tests/
  18. virtualizationmanager/
  19. virtualizationservice/
  20. vm/
  21. vm_payload/
  22. vmbase/
  23. vmclient/
  24. zipfuse/
  25. .clang-format
  26. .gitignore
  27. Android.bp
  28. OWNERS
  29. PREUPLOAD.cfg
  30. README.md
  31. rustfmt.toml
  32. TEST_MAPPING
README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: