Merge "Merge logic of DICE HAL and diced in to dice-service"
diff --git a/.prebuilt_info/prebuilt_info_pvmfw_pvmfw_img.asciipb b/.prebuilt_info/prebuilt_info_pvmfw_pvmfw_img.asciipb
index 2fa867a..ba1e6b9 100644
--- a/.prebuilt_info/prebuilt_info_pvmfw_pvmfw_img.asciipb
+++ b/.prebuilt_info/prebuilt_info_pvmfw_pvmfw_img.asciipb
@@ -1,6 +1,6 @@
drops {
android_build_drop {
- build_id: "8966862"
+ build_id: "9107967"
target: "u-boot_pvmfw"
source_file: "pvmfw.img"
}
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 8cce099..11648c4 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -47,9 +47,6 @@
"path": "packages/modules/Virtualization/libs/apkverify"
},
{
- "path": "packages/modules/Virtualization/libs/idsig"
- },
- {
"path": "packages/modules/Virtualization/libs/vbmeta"
},
{
diff --git a/apkdmverity/Android.bp b/apkdmverity/Android.bp
index 51ef4dd..4346089 100644
--- a/apkdmverity/Android.bp
+++ b/apkdmverity/Android.bp
@@ -10,10 +10,10 @@
prefer_rlib: true,
rustlibs: [
"libanyhow",
+ "libapkverify",
"libbitflags",
"libclap",
"libdata_model",
- "libidsig",
"libitertools",
"liblibc",
"libnix",
diff --git a/apkdmverity/src/main.rs b/apkdmverity/src/main.rs
index b99ed1c..bce25e8 100644
--- a/apkdmverity/src/main.rs
+++ b/apkdmverity/src/main.rs
@@ -26,8 +26,8 @@
mod util;
use anyhow::{bail, Context, Result};
+use apkverify::{HashAlgorithm, V4Signature};
use clap::{App, Arg};
-use idsig::{HashAlgorithm, V4Signature};
use itertools::Itertools;
use std::fmt::Debug;
use std::fs;
diff --git a/libs/idsig/src/hashtree.rs b/libs/apkverify/src/hashtree.rs
similarity index 96%
rename from libs/idsig/src/hashtree.rs
rename to libs/apkverify/src/hashtree.rs
index 038f839..00d8292 100644
--- a/libs/idsig/src/hashtree.rs
+++ b/libs/apkverify/src/hashtree.rs
@@ -200,10 +200,10 @@
// The golden outputs are generated by using the `fsverity` utility.
let sizes = ["512", "4K", "1M", "10000000", "272629760"];
for size in sizes.iter() {
- let input_name = format!("testdata/input.{}", size);
+ let input_name = format!("tests/data/input.{}", size);
let mut input = File::open(&input_name)?;
- let golden_hash_tree = fs::read(format!("testdata/input.{}.hash", size))?;
- let golden_descriptor = fs::read(format!("testdata/input.{}.descriptor", size))?;
+ let golden_hash_tree = fs::read(format!("{}.hash", input_name))?;
+ let golden_descriptor = fs::read(format!("{}.descriptor", input_name))?;
let golden_root_hash = &golden_descriptor[16..16 + 32];
let size = std::fs::metadata(&input_name)?.len() as usize;
diff --git a/libs/apkverify/src/lib.rs b/libs/apkverify/src/lib.rs
index 1e0bd77..359d963 100644
--- a/libs/apkverify/src/lib.rs
+++ b/libs/apkverify/src/lib.rs
@@ -18,6 +18,7 @@
mod algorithms;
mod bytes_ext;
+mod hashtree;
mod sigutil;
#[allow(dead_code)]
pub mod testing;
@@ -27,4 +28,4 @@
pub use algorithms::SignatureAlgorithmID;
pub use v3::{get_public_key_der, verify};
-pub use v4::get_apk_digest;
+pub use v4::{get_apk_digest, HashAlgorithm, V4Signature};
diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index fac0a7f..db7d8cc 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -76,9 +76,9 @@
}
#[derive(Debug)]
-struct Signature {
+pub(crate) struct Signature {
/// Option is used here to allow us to ignore unsupported algorithm.
- signature_algorithm_id: Option<SignatureAlgorithmID>,
+ pub(crate) signature_algorithm_id: Option<SignatureAlgorithmID>,
signature: LengthPrefixed<Bytes>,
}
@@ -127,9 +127,9 @@
}
impl Signer {
- /// Select the signature that uses the strongest algorithm according to the preferences of the
- /// v4 signing scheme.
- fn strongest_signature(&self) -> Result<&Signature> {
+ /// Selects the signature that has the strongest supported `SignatureAlgorithmID`.
+ /// The strongest signature is used in both v3 verification and v4 apk digest computation.
+ pub(crate) fn strongest_signature(&self) -> Result<&Signature> {
Ok(self
.signatures
.iter()
@@ -138,14 +138,13 @@
.context("No supported signatures found")?)
}
- pub(crate) fn pick_v4_apk_digest(&self) -> Result<(SignatureAlgorithmID, Box<[u8]>)> {
- let strongest_algorithm_id = self
- .strongest_signature()?
- .signature_algorithm_id
- .context("Strongest signature should contain a valid signature algorithm.")?;
+ pub(crate) fn find_digest_by_algorithm(
+ &self,
+ algorithm_id: SignatureAlgorithmID,
+ ) -> Result<Box<[u8]>> {
let signed_data: SignedData = self.signed_data.slice(..).read()?;
- let digest = signed_data.find_digest_by_algorithm(strongest_algorithm_id)?;
- Ok((strongest_algorithm_id, digest.digest.as_ref().to_vec().into_boxed_slice()))
+ let digest = signed_data.find_digest_by_algorithm(algorithm_id)?;
+ Ok(digest.digest.as_ref().to_vec().into_boxed_slice())
}
/// Verifies the strongest signature from signatures against signed data using public key.
diff --git a/libs/apkverify/src/v4.rs b/libs/apkverify/src/v4.rs
index d0522a7..33e666f 100644
--- a/libs/apkverify/src/v4.rs
+++ b/libs/apkverify/src/v4.rs
@@ -18,10 +18,16 @@
//!
//! [v4]: https://source.android.com/security/apksigning/v4
-use anyhow::{ensure, Result};
-use std::io::{Read, Seek};
+use anyhow::{anyhow, bail, ensure, Context, Result};
+use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
+use num_derive::{FromPrimitive, ToPrimitive};
+use num_traits::{FromPrimitive, ToPrimitive};
+use std::fs;
+use std::io::{copy, Cursor, Read, Seek, SeekFrom, Write};
+use std::path::Path;
use crate::algorithms::SignatureAlgorithmID;
+use crate::hashtree::*;
use crate::v3::extract_signer_and_apk_sections;
/// Gets the v4 [apk_digest]. If `verify` is true, we verify that digest computed
@@ -34,13 +40,367 @@
verify: bool,
) -> Result<(SignatureAlgorithmID, Box<[u8]>)> {
let (signer, mut sections) = extract_signer_and_apk_sections(apk)?;
- let (signature_algorithm_id, extracted_digest) = signer.pick_v4_apk_digest()?;
+ let strongest_algorithm_id = signer
+ .strongest_signature()?
+ .signature_algorithm_id
+ .context("Strongest signature should contain a valid signature algorithm.")?;
+ let extracted_digest = signer.find_digest_by_algorithm(strongest_algorithm_id)?;
if verify {
- let computed_digest = sections.compute_digest(signature_algorithm_id)?;
+ let computed_digest = sections.compute_digest(strongest_algorithm_id)?;
ensure!(
computed_digest == extracted_digest.as_ref(),
"Computed digest does not match the extracted digest."
);
}
- Ok((signature_algorithm_id, extracted_digest))
+ Ok((strongest_algorithm_id, extracted_digest))
+}
+
+/// `V4Signature` provides access to the various fields in an idsig file.
+#[derive(Default)]
+pub struct V4Signature<R: Read + Seek> {
+ /// Version of the header. Should be 2.
+ pub version: Version,
+ /// Provides access to the information about how the APK is hashed.
+ pub hashing_info: HashingInfo,
+ /// Provides access to the information that can be used to verify this file
+ pub signing_info: SigningInfo,
+ /// Total size of the merkle tree
+ pub merkle_tree_size: u32,
+ /// Offset of the merkle tree in the idsig file
+ pub merkle_tree_offset: u64,
+
+ // Provides access to the underlying data
+ data: R,
+}
+
+/// `HashingInfo` provides information about how the APK is hashed.
+#[derive(Default)]
+pub struct HashingInfo {
+ /// Hash algorithm used when creating the merkle tree for the APK.
+ pub hash_algorithm: HashAlgorithm,
+ /// The log size of a block used when creating the merkle tree. 12 if 4k block was used.
+ pub log2_blocksize: u8,
+ /// The salt used when creating the merkle tree. 32 bytes max.
+ pub salt: Box<[u8]>,
+ /// The root hash of the merkle tree created.
+ pub raw_root_hash: Box<[u8]>,
+}
+
+/// `SigningInfo` provides information that can be used to verify the idsig file.
+#[derive(Default)]
+pub struct SigningInfo {
+ /// Digest of the APK that this idsig file is for.
+ pub apk_digest: Box<[u8]>,
+ /// Certificate of the signer that signed this idsig file. ASN.1 DER form.
+ pub x509_certificate: Box<[u8]>,
+ /// A free-form binary data
+ pub additional_data: Box<[u8]>,
+ /// Public key of the signer in ASN.1 DER form. This must match the `x509_certificate` field.
+ pub public_key: Box<[u8]>,
+ /// Signature algorithm used to sign this file.
+ pub signature_algorithm_id: SignatureAlgorithmID,
+ /// The signature of this file.
+ pub signature: Box<[u8]>,
+}
+
+/// Version of the idsig file format
+#[derive(Debug, PartialEq, Eq, FromPrimitive, ToPrimitive)]
+#[repr(u32)]
+pub enum Version {
+ /// Version 2, the only supported version.
+ V2 = 2,
+}
+
+impl Version {
+ fn from(val: u32) -> Result<Version> {
+ Self::from_u32(val).ok_or_else(|| anyhow!("{} is an unsupported version", val))
+ }
+}
+
+impl Default for Version {
+ fn default() -> Self {
+ Version::V2
+ }
+}
+
+/// Hash algorithm that can be used for idsig file.
+#[derive(Debug, PartialEq, Eq, FromPrimitive, ToPrimitive)]
+#[repr(u32)]
+pub enum HashAlgorithm {
+ /// SHA2-256
+ SHA256 = 1,
+}
+
+impl HashAlgorithm {
+ fn from(val: u32) -> Result<HashAlgorithm> {
+ Self::from_u32(val).ok_or_else(|| anyhow!("{} is an unsupported hash algorithm", val))
+ }
+}
+
+impl Default for HashAlgorithm {
+ fn default() -> Self {
+ HashAlgorithm::SHA256
+ }
+}
+
+impl V4Signature<fs::File> {
+ /// Creates a `V4Signature` struct from the given idsig path.
+ pub fn from_idsig_path<P: AsRef<Path>>(idsig_path: P) -> Result<Self> {
+ let idsig = fs::File::open(idsig_path).context("Cannot find idsig file")?;
+ Self::from_idsig(idsig)
+ }
+}
+
+impl<R: Read + Seek> V4Signature<R> {
+ /// Consumes a stream for an idsig file into a `V4Signature` struct.
+ pub fn from_idsig(mut r: R) -> Result<V4Signature<R>> {
+ Ok(V4Signature {
+ version: Version::from(r.read_u32::<LittleEndian>()?)?,
+ hashing_info: HashingInfo::from(&mut r)?,
+ signing_info: SigningInfo::from(&mut r)?,
+ merkle_tree_size: r.read_u32::<LittleEndian>()?,
+ merkle_tree_offset: r.stream_position()?,
+ data: r,
+ })
+ }
+
+ /// Read a stream for an APK file and creates a corresponding `V4Signature` struct that digests
+ /// the APK file. Note that the signing is not done.
+ pub fn create(
+ mut apk: &mut R,
+ block_size: usize,
+ salt: &[u8],
+ algorithm: HashAlgorithm,
+ ) -> Result<V4Signature<Cursor<Vec<u8>>>> {
+ // Determine the size of the apk
+ let start = apk.stream_position()?;
+ let size = apk.seek(SeekFrom::End(0))? as usize;
+ apk.seek(SeekFrom::Start(start))?;
+
+ // Create hash tree (and root hash)
+ let algorithm = match algorithm {
+ HashAlgorithm::SHA256 => openssl::hash::MessageDigest::sha256(),
+ };
+ let hash_tree = HashTree::from(&mut apk, size, salt, block_size, algorithm)?;
+
+ let mut ret = V4Signature {
+ version: Version::default(),
+ hashing_info: HashingInfo::default(),
+ signing_info: SigningInfo::default(),
+ merkle_tree_size: hash_tree.tree.len() as u32,
+ merkle_tree_offset: 0, // merkle tree starts from the beginning of `data`
+ data: Cursor::new(hash_tree.tree),
+ };
+ ret.hashing_info.raw_root_hash = hash_tree.root_hash.into_boxed_slice();
+ ret.hashing_info.log2_blocksize = log2(block_size);
+
+ apk.seek(SeekFrom::Start(start))?;
+ let (signature_algorithm_id, apk_digest) = get_apk_digest(apk, /*verify=*/ false)?;
+ ret.signing_info.signature_algorithm_id = signature_algorithm_id;
+ ret.signing_info.apk_digest = apk_digest;
+ // TODO(jiyong): add a signature to the signing_info struct
+
+ Ok(ret)
+ }
+
+ /// Writes the data into a writer
+ pub fn write_into<W: Write + Seek>(&mut self, mut w: &mut W) -> Result<()> {
+ // Writes the header part
+ w.write_u32::<LittleEndian>(self.version.to_u32().unwrap())?;
+ self.hashing_info.write_into(&mut w)?;
+ self.signing_info.write_into(&mut w)?;
+ w.write_u32::<LittleEndian>(self.merkle_tree_size)?;
+
+ // Writes the merkle tree
+ self.data.seek(SeekFrom::Start(self.merkle_tree_offset))?;
+ let copied_size = copy(&mut self.data, &mut w)?;
+ if copied_size != self.merkle_tree_size as u64 {
+ bail!(
+ "merkle tree is {} bytes, but only {} bytes are written.",
+ self.merkle_tree_size,
+ copied_size
+ );
+ }
+ Ok(())
+ }
+
+ /// Returns the bytes that represents the merkle tree
+ pub fn merkle_tree(&mut self) -> Result<Vec<u8>> {
+ self.data.seek(SeekFrom::Start(self.merkle_tree_offset))?;
+ let mut out = Vec::new();
+ self.data.read_to_end(&mut out)?;
+ Ok(out)
+ }
+}
+
+impl HashingInfo {
+ fn from(mut r: &mut dyn Read) -> Result<HashingInfo> {
+ // Size of the entire hashing_info struct. We don't need this because each variable-sized
+ // fields in the struct are also length encoded.
+ r.read_u32::<LittleEndian>()?;
+ Ok(HashingInfo {
+ hash_algorithm: HashAlgorithm::from(r.read_u32::<LittleEndian>()?)?,
+ log2_blocksize: r.read_u8()?,
+ salt: read_sized_array(&mut r)?,
+ raw_root_hash: read_sized_array(&mut r)?,
+ })
+ }
+
+ fn write_into<W: Write + Seek>(&self, mut w: &mut W) -> Result<()> {
+ let start = w.stream_position()?;
+ // Size of the entire hashing_info struct. Since we don't know the size yet, fill the place
+ // with 0. The exact size will then be written below.
+ w.write_u32::<LittleEndian>(0)?;
+
+ w.write_u32::<LittleEndian>(self.hash_algorithm.to_u32().unwrap())?;
+ w.write_u8(self.log2_blocksize)?;
+ write_sized_array(&mut w, &self.salt)?;
+ write_sized_array(&mut w, &self.raw_root_hash)?;
+
+ // Determine the size of hashing_info, and write it in front of the struct where the value
+ // was initialized to zero.
+ let end = w.stream_position()?;
+ let size = end - start - std::mem::size_of::<u32>() as u64;
+ w.seek(SeekFrom::Start(start))?;
+ w.write_u32::<LittleEndian>(size as u32)?;
+ w.seek(SeekFrom::Start(end))?;
+ Ok(())
+ }
+}
+
+impl SigningInfo {
+ fn from(mut r: &mut dyn Read) -> Result<SigningInfo> {
+ // Size of the entire signing_info struct. We don't need this because each variable-sized
+ // fields in the struct are also length encoded.
+ r.read_u32::<LittleEndian>()?;
+ Ok(SigningInfo {
+ apk_digest: read_sized_array(&mut r)?,
+ x509_certificate: read_sized_array(&mut r)?,
+ additional_data: read_sized_array(&mut r)?,
+ public_key: read_sized_array(&mut r)?,
+ signature_algorithm_id: SignatureAlgorithmID::from_u32(r.read_u32::<LittleEndian>()?)
+ .context("Unsupported signature algorithm")?,
+ signature: read_sized_array(&mut r)?,
+ })
+ }
+
+ fn write_into<W: Write + Seek>(&self, mut w: &mut W) -> Result<()> {
+ let start = w.stream_position()?;
+ // Size of the entire signing_info struct. Since we don't know the size yet, fill the place
+ // with 0. The exact size will then be written below.
+ w.write_u32::<LittleEndian>(0)?;
+
+ write_sized_array(&mut w, &self.apk_digest)?;
+ write_sized_array(&mut w, &self.x509_certificate)?;
+ write_sized_array(&mut w, &self.additional_data)?;
+ write_sized_array(&mut w, &self.public_key)?;
+ w.write_u32::<LittleEndian>(self.signature_algorithm_id.to_u32())?;
+ write_sized_array(&mut w, &self.signature)?;
+
+ // Determine the size of signing_info, and write it in front of the struct where the value
+ // was initialized to zero.
+ let end = w.stream_position()?;
+ let size = end - start - std::mem::size_of::<u32>() as u64;
+ w.seek(SeekFrom::Start(start))?;
+ w.write_u32::<LittleEndian>(size as u32)?;
+ w.seek(SeekFrom::Start(end))?;
+ Ok(())
+ }
+}
+
+fn read_sized_array(r: &mut dyn Read) -> Result<Box<[u8]>> {
+ let size = r.read_u32::<LittleEndian>()?;
+ let mut data = vec![0; size as usize];
+ r.read_exact(&mut data)?;
+ Ok(data.into_boxed_slice())
+}
+
+fn write_sized_array(w: &mut dyn Write, data: &[u8]) -> Result<()> {
+ w.write_u32::<LittleEndian>(data.len() as u32)?;
+ Ok(w.write_all(data)?)
+}
+
+fn log2(n: usize) -> u8 {
+ let num_bits = std::mem::size_of::<usize>() * 8;
+ (num_bits as u32 - n.leading_zeros() - 1) as u8
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use std::io::Cursor;
+
+ const TEST_APK_PATH: &str = "tests/data/v4-digest-v3-Sha256withEC.apk";
+
+ fn hexstring_from(s: &[u8]) -> String {
+ s.iter().map(|byte| format!("{:02x}", byte)).reduce(|i, j| i + &j).unwrap_or_default()
+ }
+
+ #[test]
+ fn parse_idsig_file() {
+ let parsed = V4Signature::from_idsig_path(format!("{}.idsig", TEST_APK_PATH)).unwrap();
+
+ assert_eq!(Version::V2, parsed.version);
+
+ let hi = parsed.hashing_info;
+ assert_eq!(HashAlgorithm::SHA256, hi.hash_algorithm);
+ assert_eq!(12, hi.log2_blocksize);
+ assert_eq!("", hexstring_from(hi.salt.as_ref()));
+ assert_eq!(
+ "77f063b48b63f846690fa76450a8d3b61a295b6158f50592e873f76dbeeb0201",
+ hexstring_from(hi.raw_root_hash.as_ref())
+ );
+
+ let si = parsed.signing_info;
+ assert_eq!(
+ "c02fe2eddeb3078801828b930de546ea4f98d37fb98b40c7c7ed169b0d713583",
+ hexstring_from(si.apk_digest.as_ref())
+ );
+ assert_eq!("", hexstring_from(si.additional_data.as_ref()));
+ assert_eq!(
+ "3046022100fb6383ba300dc7e1e6931a25b381398a16e5575baefd82afd12ba88660d9a6\
+ 4c022100ebdcae13ab18c4e30bf6ae634462e526367e1ba26c2647a1d87a0f42843fc128",
+ hexstring_from(si.signature.as_ref())
+ );
+ assert_eq!(SignatureAlgorithmID::EcdsaWithSha256, si.signature_algorithm_id);
+
+ assert_eq!(4096, parsed.merkle_tree_size);
+ assert_eq!(648, parsed.merkle_tree_offset);
+ }
+
+ /// Parse an idsig file into V4Signature and write it. The written date must be the same as
+ /// the input file.
+ #[test]
+ fn parse_and_compose() {
+ let idsig_path = format!("{}.idsig", TEST_APK_PATH);
+ let mut v4_signature = V4Signature::from_idsig_path(&idsig_path).unwrap();
+
+ let mut output = Cursor::new(Vec::new());
+ v4_signature.write_into(&mut output).unwrap();
+
+ assert_eq!(fs::read(&idsig_path).unwrap(), output.get_ref().as_slice());
+ }
+
+ /// Create V4Signature by hashing an APK. Merkle tree and the root hash should be the same
+ /// as those in the idsig file created by the signapk tool.
+ #[test]
+ fn digest_from_apk() {
+ let mut input = Cursor::new(include_bytes!("../tests/data/v4-digest-v3-Sha256withEC.apk"));
+ let mut created =
+ V4Signature::create(&mut input, 4096, &[], HashAlgorithm::SHA256).unwrap();
+
+ let mut golden = V4Signature::from_idsig_path(format!("{}.idsig", TEST_APK_PATH)).unwrap();
+
+ // Compare the root hash
+ assert_eq!(
+ created.hashing_info.raw_root_hash.as_ref(),
+ golden.hashing_info.raw_root_hash.as_ref()
+ );
+
+ // Compare the merkle tree
+ assert_eq!(
+ created.merkle_tree().unwrap().as_slice(),
+ golden.merkle_tree().unwrap().as_slice()
+ );
+ }
}
diff --git a/libs/idsig/testdata/create.sh b/libs/apkverify/tests/data/create.sh
similarity index 100%
rename from libs/idsig/testdata/create.sh
rename to libs/apkverify/tests/data/create.sh
diff --git a/libs/idsig/testdata/input.10000000 b/libs/apkverify/tests/data/input.10000000
similarity index 100%
rename from libs/idsig/testdata/input.10000000
rename to libs/apkverify/tests/data/input.10000000
Binary files differ
diff --git a/libs/idsig/testdata/input.10000000.descriptor b/libs/apkverify/tests/data/input.10000000.descriptor
similarity index 100%
rename from libs/idsig/testdata/input.10000000.descriptor
rename to libs/apkverify/tests/data/input.10000000.descriptor
Binary files differ
diff --git a/libs/idsig/testdata/input.10000000.hash b/libs/apkverify/tests/data/input.10000000.hash
similarity index 100%
rename from libs/idsig/testdata/input.10000000.hash
rename to libs/apkverify/tests/data/input.10000000.hash
Binary files differ
diff --git a/libs/idsig/testdata/input.1M b/libs/apkverify/tests/data/input.1M
similarity index 100%
rename from libs/idsig/testdata/input.1M
rename to libs/apkverify/tests/data/input.1M
Binary files differ
diff --git a/libs/idsig/testdata/input.1M.descriptor b/libs/apkverify/tests/data/input.1M.descriptor
similarity index 100%
rename from libs/idsig/testdata/input.1M.descriptor
rename to libs/apkverify/tests/data/input.1M.descriptor
Binary files differ
diff --git a/libs/idsig/testdata/input.1M.hash b/libs/apkverify/tests/data/input.1M.hash
similarity index 100%
rename from libs/idsig/testdata/input.1M.hash
rename to libs/apkverify/tests/data/input.1M.hash
Binary files differ
diff --git a/libs/idsig/testdata/input.272629760 b/libs/apkverify/tests/data/input.272629760
similarity index 100%
rename from libs/idsig/testdata/input.272629760
rename to libs/apkverify/tests/data/input.272629760
Binary files differ
diff --git a/libs/idsig/testdata/input.272629760.descriptor b/libs/apkverify/tests/data/input.272629760.descriptor
similarity index 100%
rename from libs/idsig/testdata/input.272629760.descriptor
rename to libs/apkverify/tests/data/input.272629760.descriptor
Binary files differ
diff --git a/libs/idsig/testdata/input.272629760.hash b/libs/apkverify/tests/data/input.272629760.hash
similarity index 100%
rename from libs/idsig/testdata/input.272629760.hash
rename to libs/apkverify/tests/data/input.272629760.hash
Binary files differ
diff --git a/libs/idsig/testdata/input.4K b/libs/apkverify/tests/data/input.4K
similarity index 100%
rename from libs/idsig/testdata/input.4K
rename to libs/apkverify/tests/data/input.4K
Binary files differ
diff --git a/libs/idsig/testdata/input.4K.descriptor b/libs/apkverify/tests/data/input.4K.descriptor
similarity index 100%
rename from libs/idsig/testdata/input.4K.descriptor
rename to libs/apkverify/tests/data/input.4K.descriptor
Binary files differ
diff --git a/libs/idsig/testdata/input.4K.hash b/libs/apkverify/tests/data/input.4K.hash
similarity index 100%
rename from libs/idsig/testdata/input.4K.hash
rename to libs/apkverify/tests/data/input.4K.hash
diff --git a/libs/idsig/testdata/input.512 b/libs/apkverify/tests/data/input.512
similarity index 100%
rename from libs/idsig/testdata/input.512
rename to libs/apkverify/tests/data/input.512
Binary files differ
diff --git a/libs/idsig/testdata/input.512.descriptor b/libs/apkverify/tests/data/input.512.descriptor
similarity index 100%
rename from libs/idsig/testdata/input.512.descriptor
rename to libs/apkverify/tests/data/input.512.descriptor
Binary files differ
diff --git a/libs/idsig/testdata/input.512.hash b/libs/apkverify/tests/data/input.512.hash
similarity index 100%
rename from libs/idsig/testdata/input.512.hash
rename to libs/apkverify/tests/data/input.512.hash
diff --git a/libs/idsig/testdata/v4-digest-v3-Sha256withEC.apk b/libs/apkverify/tests/data/v4-digest-v3-Sha256withEC.apk
similarity index 100%
rename from libs/idsig/testdata/v4-digest-v3-Sha256withEC.apk
rename to libs/apkverify/tests/data/v4-digest-v3-Sha256withEC.apk
Binary files differ
diff --git a/libs/idsig/testdata/v4-digest-v3-Sha256withEC.apk.idsig b/libs/apkverify/tests/data/v4-digest-v3-Sha256withEC.apk.idsig
similarity index 100%
rename from libs/idsig/testdata/v4-digest-v3-Sha256withEC.apk.idsig
rename to libs/apkverify/tests/data/v4-digest-v3-Sha256withEC.apk.idsig
Binary files differ
diff --git a/libs/idsig/Android.bp b/libs/idsig/Android.bp
deleted file mode 100644
index 615d70e..0000000
--- a/libs/idsig/Android.bp
+++ /dev/null
@@ -1,37 +0,0 @@
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-rust_defaults {
- name: "libidsig.defaults",
- crate_name: "idsig",
- srcs: ["src/lib.rs"],
- edition: "2021",
- prefer_rlib: true,
- rustlibs: [
- "libanyhow",
- "libapkverify",
- "libbyteorder",
- "libnum_traits",
- "libopenssl",
- ],
- proc_macros: ["libnum_derive"],
-}
-
-rust_library {
- name: "libidsig",
- defaults: ["libidsig.defaults"],
- apex_available: ["com.android.virt"],
-}
-
-rust_test {
- name: "libidsig.test",
- defaults: ["libidsig.defaults"],
- test_suites: ["general-tests"],
- compile_multilib: "first",
- data: [
- "testdata/input.*",
- "testdata/*.apk",
- "testdata/*.idsig",
- ],
-}
diff --git a/libs/idsig/Cargo.toml b/libs/idsig/Cargo.toml
deleted file mode 100644
index 49ae18d..0000000
--- a/libs/idsig/Cargo.toml
+++ /dev/null
@@ -1,12 +0,0 @@
-[package]
-name = "idsig"
-version = "0.1.0"
-authors = ["Jiyong Park <jiyong@google.com>"]
-edition = "2018"
-
-[dependencies]
-anyhow = "1.0"
-byteorder = "1.1"
-ring = "0.16"
-num-derive = "0.3"
-num-traits = "0.2"
diff --git a/libs/idsig/TEST_MAPPING b/libs/idsig/TEST_MAPPING
deleted file mode 100644
index eb57380..0000000
--- a/libs/idsig/TEST_MAPPING
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "avf-presubmit" : [
- {
- "name" : "libidsig.test"
- }
- ]
-}
diff --git a/libs/idsig/src/apksigv4.rs b/libs/idsig/src/apksigv4.rs
deleted file mode 100644
index 3f73df3..0000000
--- a/libs/idsig/src/apksigv4.rs
+++ /dev/null
@@ -1,379 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-use anyhow::{anyhow, bail, Context, Result};
-use apkverify::{get_apk_digest, SignatureAlgorithmID};
-use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
-use num_derive::{FromPrimitive, ToPrimitive};
-use num_traits::{FromPrimitive, ToPrimitive};
-use std::fs;
-use std::io::{copy, Cursor, Read, Seek, SeekFrom, Write};
-use std::path::Path;
-
-use crate::hashtree::*;
-
-// `apksigv4` module provides routines to decode and encode the idsig file as defined in [APK
-// signature scheme v4] (https://source.android.com/security/apksigning/v4).
-
-/// `V4Signature` provides access to the various fields in an idsig file.
-#[derive(Default)]
-pub struct V4Signature<R: Read + Seek> {
- /// Version of the header. Should be 2.
- pub version: Version,
- /// Provides access to the information about how the APK is hashed.
- pub hashing_info: HashingInfo,
- /// Provides access to the information that can be used to verify this file
- pub signing_info: SigningInfo,
- /// Total size of the merkle tree
- pub merkle_tree_size: u32,
- /// Offset of the merkle tree in the idsig file
- pub merkle_tree_offset: u64,
-
- // Provides access to the underlying data
- data: R,
-}
-
-/// `HashingInfo` provides information about how the APK is hashed.
-#[derive(Default)]
-pub struct HashingInfo {
- /// Hash algorithm used when creating the merkle tree for the APK.
- pub hash_algorithm: HashAlgorithm,
- /// The log size of a block used when creating the merkle tree. 12 if 4k block was used.
- pub log2_blocksize: u8,
- /// The salt used when creating the merkle tree. 32 bytes max.
- pub salt: Box<[u8]>,
- /// The root hash of the merkle tree created.
- pub raw_root_hash: Box<[u8]>,
-}
-
-/// `SigningInfo` provides information that can be used to verify the idsig file.
-#[derive(Default)]
-pub struct SigningInfo {
- /// Digest of the APK that this idsig file is for.
- pub apk_digest: Box<[u8]>,
- /// Certificate of the signer that signed this idsig file. ASN.1 DER form.
- pub x509_certificate: Box<[u8]>,
- /// A free-form binary data
- pub additional_data: Box<[u8]>,
- /// Public key of the signer in ASN.1 DER form. This must match the `x509_certificate` field.
- pub public_key: Box<[u8]>,
- /// Signature algorithm used to sign this file.
- pub signature_algorithm_id: SignatureAlgorithmID,
- /// The signature of this file.
- pub signature: Box<[u8]>,
-}
-
-/// Version of the idsig file format
-#[derive(Debug, PartialEq, Eq, FromPrimitive, ToPrimitive)]
-#[repr(u32)]
-pub enum Version {
- /// Version 2, the only supported version.
- V2 = 2,
-}
-
-impl Version {
- fn from(val: u32) -> Result<Version> {
- Self::from_u32(val).ok_or_else(|| anyhow!("{} is an unsupported version", val))
- }
-}
-
-impl Default for Version {
- fn default() -> Self {
- Version::V2
- }
-}
-
-/// Hash algorithm that can be used for idsig file.
-#[derive(Debug, PartialEq, Eq, FromPrimitive, ToPrimitive)]
-#[repr(u32)]
-pub enum HashAlgorithm {
- /// SHA2-256
- SHA256 = 1,
-}
-
-impl HashAlgorithm {
- fn from(val: u32) -> Result<HashAlgorithm> {
- Self::from_u32(val).ok_or_else(|| anyhow!("{} is an unsupported hash algorithm", val))
- }
-}
-
-impl Default for HashAlgorithm {
- fn default() -> Self {
- HashAlgorithm::SHA256
- }
-}
-
-impl V4Signature<fs::File> {
- /// Creates a `V4Signature` struct from the given idsig path.
- pub fn from_idsig_path<P: AsRef<Path>>(idsig_path: P) -> Result<Self> {
- let idsig = fs::File::open(idsig_path).context("Cannot find idsig file")?;
- Self::from_idsig(idsig)
- }
-}
-
-impl<R: Read + Seek> V4Signature<R> {
- /// Consumes a stream for an idsig file into a `V4Signature` struct.
- pub fn from_idsig(mut r: R) -> Result<V4Signature<R>> {
- Ok(V4Signature {
- version: Version::from(r.read_u32::<LittleEndian>()?)?,
- hashing_info: HashingInfo::from(&mut r)?,
- signing_info: SigningInfo::from(&mut r)?,
- merkle_tree_size: r.read_u32::<LittleEndian>()?,
- merkle_tree_offset: r.stream_position()?,
- data: r,
- })
- }
-
- /// Read a stream for an APK file and creates a corresponding `V4Signature` struct that digests
- /// the APK file. Note that the signing is not done.
- pub fn create(
- mut apk: &mut R,
- block_size: usize,
- salt: &[u8],
- algorithm: HashAlgorithm,
- ) -> Result<V4Signature<Cursor<Vec<u8>>>> {
- // Determine the size of the apk
- let start = apk.stream_position()?;
- let size = apk.seek(SeekFrom::End(0))? as usize;
- apk.seek(SeekFrom::Start(start))?;
-
- // Create hash tree (and root hash)
- let algorithm = match algorithm {
- HashAlgorithm::SHA256 => openssl::hash::MessageDigest::sha256(),
- };
- let hash_tree = HashTree::from(&mut apk, size, salt, block_size, algorithm)?;
-
- let mut ret = V4Signature {
- version: Version::default(),
- hashing_info: HashingInfo::default(),
- signing_info: SigningInfo::default(),
- merkle_tree_size: hash_tree.tree.len() as u32,
- merkle_tree_offset: 0, // merkle tree starts from the beginning of `data`
- data: Cursor::new(hash_tree.tree),
- };
- ret.hashing_info.raw_root_hash = hash_tree.root_hash.into_boxed_slice();
- ret.hashing_info.log2_blocksize = log2(block_size);
-
- apk.seek(SeekFrom::Start(start))?;
- let (signature_algorithm_id, apk_digest) = get_apk_digest(apk, /*verify=*/ false)?;
- ret.signing_info.signature_algorithm_id = signature_algorithm_id;
- ret.signing_info.apk_digest = apk_digest;
- // TODO(jiyong): add a signature to the signing_info struct
-
- Ok(ret)
- }
-
- /// Writes the data into a writer
- pub fn write_into<W: Write + Seek>(&mut self, mut w: &mut W) -> Result<()> {
- // Writes the header part
- w.write_u32::<LittleEndian>(self.version.to_u32().unwrap())?;
- self.hashing_info.write_into(&mut w)?;
- self.signing_info.write_into(&mut w)?;
- w.write_u32::<LittleEndian>(self.merkle_tree_size)?;
-
- // Writes the merkle tree
- self.data.seek(SeekFrom::Start(self.merkle_tree_offset))?;
- let copied_size = copy(&mut self.data, &mut w)?;
- if copied_size != self.merkle_tree_size as u64 {
- bail!(
- "merkle tree is {} bytes, but only {} bytes are written.",
- self.merkle_tree_size,
- copied_size
- );
- }
- Ok(())
- }
-
- /// Returns the bytes that represents the merkle tree
- pub fn merkle_tree(&mut self) -> Result<Vec<u8>> {
- self.data.seek(SeekFrom::Start(self.merkle_tree_offset))?;
- let mut out = Vec::new();
- self.data.read_to_end(&mut out)?;
- Ok(out)
- }
-}
-
-impl HashingInfo {
- fn from(mut r: &mut dyn Read) -> Result<HashingInfo> {
- // Size of the entire hashing_info struct. We don't need this because each variable-sized
- // fields in the struct are also length encoded.
- r.read_u32::<LittleEndian>()?;
- Ok(HashingInfo {
- hash_algorithm: HashAlgorithm::from(r.read_u32::<LittleEndian>()?)?,
- log2_blocksize: r.read_u8()?,
- salt: read_sized_array(&mut r)?,
- raw_root_hash: read_sized_array(&mut r)?,
- })
- }
-
- fn write_into<W: Write + Seek>(&self, mut w: &mut W) -> Result<()> {
- let start = w.stream_position()?;
- // Size of the entire hashing_info struct. Since we don't know the size yet, fill the place
- // with 0. The exact size will then be written below.
- w.write_u32::<LittleEndian>(0)?;
-
- w.write_u32::<LittleEndian>(self.hash_algorithm.to_u32().unwrap())?;
- w.write_u8(self.log2_blocksize)?;
- write_sized_array(&mut w, &self.salt)?;
- write_sized_array(&mut w, &self.raw_root_hash)?;
-
- // Determine the size of hashing_info, and write it in front of the struct where the value
- // was initialized to zero.
- let end = w.stream_position()?;
- let size = end - start - std::mem::size_of::<u32>() as u64;
- w.seek(SeekFrom::Start(start))?;
- w.write_u32::<LittleEndian>(size as u32)?;
- w.seek(SeekFrom::Start(end))?;
- Ok(())
- }
-}
-
-impl SigningInfo {
- fn from(mut r: &mut dyn Read) -> Result<SigningInfo> {
- // Size of the entire signing_info struct. We don't need this because each variable-sized
- // fields in the struct are also length encoded.
- r.read_u32::<LittleEndian>()?;
- Ok(SigningInfo {
- apk_digest: read_sized_array(&mut r)?,
- x509_certificate: read_sized_array(&mut r)?,
- additional_data: read_sized_array(&mut r)?,
- public_key: read_sized_array(&mut r)?,
- signature_algorithm_id: SignatureAlgorithmID::from_u32(r.read_u32::<LittleEndian>()?)
- .context("Unsupported signature algorithm")?,
- signature: read_sized_array(&mut r)?,
- })
- }
-
- fn write_into<W: Write + Seek>(&self, mut w: &mut W) -> Result<()> {
- let start = w.stream_position()?;
- // Size of the entire signing_info struct. Since we don't know the size yet, fill the place
- // with 0. The exact size will then be written below.
- w.write_u32::<LittleEndian>(0)?;
-
- write_sized_array(&mut w, &self.apk_digest)?;
- write_sized_array(&mut w, &self.x509_certificate)?;
- write_sized_array(&mut w, &self.additional_data)?;
- write_sized_array(&mut w, &self.public_key)?;
- w.write_u32::<LittleEndian>(self.signature_algorithm_id.to_u32())?;
- write_sized_array(&mut w, &self.signature)?;
-
- // Determine the size of signing_info, and write it in front of the struct where the value
- // was initialized to zero.
- let end = w.stream_position()?;
- let size = end - start - std::mem::size_of::<u32>() as u64;
- w.seek(SeekFrom::Start(start))?;
- w.write_u32::<LittleEndian>(size as u32)?;
- w.seek(SeekFrom::Start(end))?;
- Ok(())
- }
-}
-
-fn read_sized_array(r: &mut dyn Read) -> Result<Box<[u8]>> {
- let size = r.read_u32::<LittleEndian>()?;
- let mut data = vec![0; size as usize];
- r.read_exact(&mut data)?;
- Ok(data.into_boxed_slice())
-}
-
-fn write_sized_array(w: &mut dyn Write, data: &[u8]) -> Result<()> {
- w.write_u32::<LittleEndian>(data.len() as u32)?;
- Ok(w.write_all(data)?)
-}
-
-fn log2(n: usize) -> u8 {
- let num_bits = std::mem::size_of::<usize>() * 8;
- (num_bits as u32 - n.leading_zeros() - 1) as u8
-}
-
-#[cfg(test)]
-mod tests {
- use super::*;
- use std::io::Cursor;
-
- const TEST_APK_PATH: &str = "testdata/v4-digest-v3-Sha256withEC.apk";
-
- fn hexstring_from(s: &[u8]) -> String {
- s.iter().map(|byte| format!("{:02x}", byte)).reduce(|i, j| i + &j).unwrap_or_default()
- }
-
- #[test]
- fn parse_idsig_file() {
- let parsed = V4Signature::from_idsig_path(format!("{}.idsig", TEST_APK_PATH)).unwrap();
-
- assert_eq!(Version::V2, parsed.version);
-
- let hi = parsed.hashing_info;
- assert_eq!(HashAlgorithm::SHA256, hi.hash_algorithm);
- assert_eq!(12, hi.log2_blocksize);
- assert_eq!("", hexstring_from(hi.salt.as_ref()));
- assert_eq!(
- "77f063b48b63f846690fa76450a8d3b61a295b6158f50592e873f76dbeeb0201",
- hexstring_from(hi.raw_root_hash.as_ref())
- );
-
- let si = parsed.signing_info;
- assert_eq!(
- "c02fe2eddeb3078801828b930de546ea4f98d37fb98b40c7c7ed169b0d713583",
- hexstring_from(si.apk_digest.as_ref())
- );
- assert_eq!("", hexstring_from(si.additional_data.as_ref()));
- assert_eq!(
- "3046022100fb6383ba300dc7e1e6931a25b381398a16e5575baefd82afd12ba88660d9a6\
- 4c022100ebdcae13ab18c4e30bf6ae634462e526367e1ba26c2647a1d87a0f42843fc128",
- hexstring_from(si.signature.as_ref())
- );
- assert_eq!(SignatureAlgorithmID::EcdsaWithSha256, si.signature_algorithm_id);
-
- assert_eq!(4096, parsed.merkle_tree_size);
- assert_eq!(648, parsed.merkle_tree_offset);
- }
-
- /// Parse an idsig file into V4Signature and write it. The written date must be the same as
- /// the input file.
- #[test]
- fn parse_and_compose() {
- let idsig_path = format!("{}.idsig", TEST_APK_PATH);
- let mut v4_signature = V4Signature::from_idsig_path(&idsig_path).unwrap();
-
- let mut output = Cursor::new(Vec::new());
- v4_signature.write_into(&mut output).unwrap();
-
- assert_eq!(fs::read(&idsig_path).unwrap(), output.get_ref().as_slice());
- }
-
- /// Create V4Signature by hashing an APK. Merkle tree and the root hash should be the same
- /// as those in the idsig file created by the signapk tool.
- #[test]
- fn digest_from_apk() {
- let mut input = Cursor::new(include_bytes!("../testdata/v4-digest-v3-Sha256withEC.apk"));
- let mut created =
- V4Signature::create(&mut input, 4096, &[], HashAlgorithm::SHA256).unwrap();
-
- let mut golden = V4Signature::from_idsig_path(format!("{}.idsig", TEST_APK_PATH)).unwrap();
-
- // Compare the root hash
- assert_eq!(
- created.hashing_info.raw_root_hash.as_ref(),
- golden.hashing_info.raw_root_hash.as_ref()
- );
-
- // Compare the merkle tree
- assert_eq!(
- created.merkle_tree().unwrap().as_slice(),
- golden.merkle_tree().unwrap().as_slice()
- );
- }
-}
diff --git a/libs/idsig/src/lib.rs b/libs/idsig/src/lib.rs
deleted file mode 100644
index 7937d71..0000000
--- a/libs/idsig/src/lib.rs
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-//! `idsig` provides routines for creating the idsig file that is defined for the APK signature
-//! scheme v4 and for parsing the file.
-
-mod apksigv4;
-mod hashtree;
-
-pub use crate::apksigv4::*;
-pub use crate::hashtree::*;
diff --git a/microdroid_manager/Android.bp b/microdroid_manager/Android.bp
index f3fa2f5..67130b4 100644
--- a/microdroid_manager/Android.bp
+++ b/microdroid_manager/Android.bp
@@ -21,7 +21,6 @@
"libbyteorder",
"libdiced_utils",
"libglob",
- "libidsig",
"libitertools",
"libkernlog",
"libkeystore2_crypto_rust",
diff --git a/microdroid_manager/src/main.rs b/microdroid_manager/src/main.rs
index c50bcbe..30521f6 100644
--- a/microdroid_manager/src/main.rs
+++ b/microdroid_manager/src/main.rs
@@ -28,11 +28,10 @@
VM_BINDER_SERVICE_PORT, VM_STREAM_SERVICE_PORT, IVirtualMachineService,
};
use anyhow::{anyhow, bail, ensure, Context, Error, Result};
-use apkverify::{get_public_key_der, verify};
+use apkverify::{get_public_key_der, verify, V4Signature};
use binder::{wait_for_interface, Strong};
use diced_utils::cbor::encode_header;
use glob::glob;
-use idsig::V4Signature;
use itertools::sorted;
use log::{error, info};
use microdroid_metadata::{write_metadata, Metadata};
diff --git a/pvmfw/pvmfw.img b/pvmfw/pvmfw.img
index dc0d4d7..7f32a9a 100644
--- a/pvmfw/pvmfw.img
+++ b/pvmfw/pvmfw.img
Binary files differ
diff --git a/tests/hostside/java/com/android/microdroid/test/MicrodroidTestCase.java b/tests/hostside/java/com/android/microdroid/test/MicrodroidTestCase.java
index 48dd1e0..c9cfd72 100644
--- a/tests/hostside/java/com/android/microdroid/test/MicrodroidTestCase.java
+++ b/tests/hostside/java/com/android/microdroid/test/MicrodroidTestCase.java
@@ -38,6 +38,7 @@
import android.cts.statsdatom.lib.ReportUtils;
import com.android.compatibility.common.util.CddTest;
+import com.android.microdroid.test.common.ProcessUtil;
import com.android.microdroid.test.host.CommandRunner;
import com.android.microdroid.test.host.MicrodroidHostTestCaseBase;
import com.android.os.AtomsProto;
@@ -700,20 +701,11 @@
shutdownMicrodroid(getDevice(), cid);
}
- private static class ProcessInfo {
- public final String mName;
- public final int mPid;
-
- ProcessInfo(String name, int pid) {
- mName = name;
- mPid = pid;
- }
- }
-
- // TODO(b/6184548): to be replaced by ProcessUtil
/**
- * @deprecated use ProcessUtil instead.
- */
+ * TODO(b/249409434): to be replaced by ProcessUtil
+ *
+ * @deprecated use ProcessUtil instead.
+ */
@Deprecated
private Map<String, Long> parseMemInfo(String file) {
Map<String, Long> stats = new HashMap<>();
@@ -727,54 +719,16 @@
return stats;
}
- // TODO(b/6184548): to be replaced by ProcessUtil
/**
- * @deprecated use ProcessUtil instead.
- */
- @Deprecated
- private String skipFirstLine(String str) {
- int index = str.indexOf("\n");
- return (index < 0) ? "" : str.substring(index + 1);
- }
-
- // TODO(b/6184548): to be replaced by ProcessUtil
- /**
- * @deprecated use ProcessUtil instead.
- */
- @Deprecated
- private List<ProcessInfo> getRunningProcessesList() {
- List<ProcessInfo> list = new ArrayList<ProcessInfo>();
- skipFirstLine(runOnMicrodroid("ps", "-Ao", "PID,NAME")).lines().forEach(ps -> {
- // Each line is ' <pid> <name>'.
- ps = ps.trim();
- int space = ps.indexOf(" ");
- list.add(new ProcessInfo(
- ps.substring(space + 1),
- Integer.parseInt(ps.substring(0, space))));
- });
-
- return list;
- }
-
- // TODO(b/6184548): to be replaced by ProcessUtil
- /**
- * @deprecated use ProcessUtil instead.
- */
+ * TODO(b/249409434): to be replaced by ProcessUtil
+ *
+ * @deprecated use ProcessUtil instead.
+ */
@Deprecated
private Map<String, Long> getProcMemInfo() {
return parseMemInfo(runOnMicrodroid("cat", "/proc/meminfo"));
}
- // TODO(b/6184548): to be replaced by ProcessUtil
- /**
- * @deprecated use ProcessUtil instead.
- */
- @Deprecated
- private Map<String, Long> getProcSmapsRollup(int pid) {
- String path = "/proc/" + pid + "/smaps_rollup";
- return parseMemInfo(skipFirstLine(runOnMicrodroid("cat", path, "||", "true")));
- }
-
@Test
public void testMicrodroidRamUsage() throws Exception {
final String configPath = "assets/vm_config.json";
@@ -798,11 +752,14 @@
stat.getValue().toString());
}
- for (ProcessInfo proc : getRunningProcessesList()) {
- for (Map.Entry<String, Long> stat : getProcSmapsRollup(proc.mPid).entrySet()) {
+ for (Map.Entry<Integer, String> proc :
+ ProcessUtil.getProcessMap(cmd -> runOnMicrodroid(cmd)).entrySet()) {
+ for (Map.Entry<String, Long> stat :
+ ProcessUtil.getProcessSmapsRollup(proc.getKey(), cmd -> runOnMicrodroid(cmd))
+ .entrySet()) {
String name = stat.getKey().toLowerCase();
mMetrics.addTestMetric(
- mMetricPrefix + "smaps/" + name + "/" + proc.mName,
+ mMetricPrefix + "smaps/" + name + "/" + proc.getValue(),
stat.getValue().toString());
}
}
diff --git a/virtualizationservice/Android.bp b/virtualizationservice/Android.bp
index 1493cb8..2f4f731 100644
--- a/virtualizationservice/Android.bp
+++ b/virtualizationservice/Android.bp
@@ -26,10 +26,10 @@
"android.os.permissions_aidl-rust",
"libandroid_logger",
"libanyhow",
+ "libapkverify",
"libbinder_rs",
"libcommand_fds",
"libdisk",
- "libidsig",
"liblazy_static",
"liblog_rust",
"libmicrodroid_metadata",
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 1eca9fe..3b75df9 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -47,7 +47,7 @@
use anyhow::{anyhow, bail, Context, Result};
use rpcbinder::run_rpc_server_with_factory;
use disk::QcowFile;
-use idsig::{HashAlgorithm, V4Signature};
+use apkverify::{HashAlgorithm, V4Signature};
use log::{debug, error, info, warn};
use microdroid_payload_config::VmPayloadConfig;
use rustutils::system_properties;