Use cert hash not public key for APK authority
Previously we were using the public key of an APK as the input to the
authority hash for the VM, and as the authority hash in its
Subcomponent - as we do for an APEX.
Instead, use a hash of the certificate. Android has always required
the certificate to be consistent over versions of an APK, not just the
public key, and a hash of the certificate (with the package name) is
widely used to uniquely identify an APK.
This triggered slightly more refactoring than was perhaps strictly
necessary. I didn't want libapkverify to force a choice of what the
relevant data was; instead we return the SignedData and let the client
request what they want.
I removed the RootHash typdef, as it seemed to me it was hiding
information rather than making it clear.
Bug: 305925597
Test: atest libapkverify.test libapkverify.integration_test
Test: atest microdroid_manager_test
Test: atest MicrodroidTests
Change-Id: I7669fc468802d25a422e81d344e6655df5b0e636
diff --git a/libs/apkverify/Android.bp b/libs/apkverify/Android.bp
index 1c18d2d..4c5a622 100644
--- a/libs/apkverify/Android.bp
+++ b/libs/apkverify/Android.bp
@@ -48,10 +48,12 @@
test_suites: ["general-tests"],
rustlibs: [
"libandroid_logger",
+ "libanyhow",
"libapkverify",
"libapkzip",
"libbyteorder",
"liblog_rust",
+ "libopenssl",
"libzip",
],
data: ["tests/data/*"],