2023-07-07 19:59:49 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
2023-07-07 13:39:05 -04:00
|
|
|
From: Michael Groover <mpgroover@google.com>
|
|
|
|
Date: Fri, 31 Mar 2023 21:31:22 +0000
|
|
|
|
Subject: [PATCH] Limit the number of supported v1 and v2 signers
|
|
|
|
|
|
|
|
The v1 and v2 APK Signature Schemes support multiple signers; this
|
|
|
|
was intended to allow multiple entities to sign an APK. Previously,
|
|
|
|
the platform had no limits placed on the number of signers supported
|
|
|
|
in an APK, but this commit sets a hard limit of 10 supported signers
|
|
|
|
for these signature schemes to ensure a large number of signers
|
|
|
|
does not place undue burden on the platform.
|
|
|
|
|
|
|
|
Bug: 266580022
|
|
|
|
Test: Manually verified the platform only allowed an APK with the
|
|
|
|
maximum number of supported signers.
|
|
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6f6ee8a55f37c2b8c0df041b2bd53ec928764597)
|
|
|
|
Merged-In: I6aa86b615b203cdc69d58a593ccf8f18474ca091
|
|
|
|
Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091
|
|
|
|
---
|
|
|
|
.../util/apk/ApkSignatureSchemeV2Verifier.java | 10 ++++++++++
|
|
|
|
core/java/android/util/jar/StrictJarVerifier.java | 11 +++++++++++
|
|
|
|
2 files changed, 21 insertions(+)
|
|
|
|
|
|
|
|
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
2023-07-07 19:59:49 -04:00
|
|
|
index 78d3b7bf81d2..f4631c68832b 100644
|
2023-07-07 13:39:05 -04:00
|
|
|
--- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
|
|
|
+++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java
|
|
|
|
@@ -79,6 +79,11 @@ public class ApkSignatureSchemeV2Verifier {
|
|
|
|
public static final String SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME = "X-Android-APK-Signed";
|
|
|
|
public static final int SF_ATTRIBUTE_ANDROID_APK_SIGNED_ID = 2;
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
+ * The maximum number of signers supported by the v2 APK signature scheme.
|
|
|
|
+ */
|
|
|
|
+ private static final int MAX_V2_SIGNERS = 10;
|
|
|
|
+
|
|
|
|
/**
|
|
|
|
* Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature.
|
|
|
|
*
|
2023-07-07 19:59:49 -04:00
|
|
|
@@ -219,6 +224,11 @@ public class ApkSignatureSchemeV2Verifier {
|
2023-07-07 13:39:05 -04:00
|
|
|
}
|
|
|
|
while (signers.hasRemaining()) {
|
|
|
|
signerCount++;
|
|
|
|
+ if (signerCount > MAX_V2_SIGNERS) {
|
|
|
|
+ throw new SecurityException(
|
|
|
|
+ "APK Signature Scheme v2 only supports a maximum of " + MAX_V2_SIGNERS
|
|
|
|
+ + " signers");
|
|
|
|
+ }
|
|
|
|
try {
|
|
|
|
ByteBuffer signer = getLengthPrefixedSlice(signers);
|
|
|
|
X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory);
|
|
|
|
diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java
|
2023-07-07 19:59:49 -04:00
|
|
|
index cb71ecc1da8b..1ce078704be3 100644
|
2023-07-07 13:39:05 -04:00
|
|
|
--- a/core/java/android/util/jar/StrictJarVerifier.java
|
|
|
|
+++ b/core/java/android/util/jar/StrictJarVerifier.java
|
|
|
|
@@ -70,6 +70,11 @@ class StrictJarVerifier {
|
|
|
|
"SHA1",
|
|
|
|
};
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
+ * The maximum number of signers supported by the JAR signature scheme.
|
|
|
|
+ */
|
|
|
|
+ private static final int MAX_JAR_SIGNERS = 10;
|
|
|
|
+
|
|
|
|
private final String jarName;
|
|
|
|
private final StrictJarManifest manifest;
|
|
|
|
private final HashMap<String, byte[]> metaEntries;
|
2023-07-07 19:59:49 -04:00
|
|
|
@@ -285,10 +290,16 @@ class StrictJarVerifier {
|
2023-07-07 13:39:05 -04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
+ int signerCount = 0;
|
|
|
|
Iterator<String> it = metaEntries.keySet().iterator();
|
|
|
|
while (it.hasNext()) {
|
|
|
|
String key = it.next();
|
|
|
|
if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
|
|
|
|
+ if (++signerCount > MAX_JAR_SIGNERS) {
|
|
|
|
+ throw new SecurityException(
|
|
|
|
+ "APK Signature Scheme v1 only supports a maximum of " + MAX_JAR_SIGNERS
|
|
|
|
+ + " signers");
|
|
|
|
+ }
|
|
|
|
verifyCertificate(key);
|
|
|
|
it.remove();
|
|
|
|
}
|