Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / d7472d0ff6b2234c2816e2390b0a39337e4fff4c
commitd7472d0ff6b2234c2816e2390b0a39337e4fff4c[log] [tgz]
authorMohammad Samiul Islam <samiul@google.com>Mon Nov 11 17:53:47 2019 +0000
committerMohammad Samiul Islam <samiul@google.com>Mon Nov 11 18:14:26 2019 +0000
tree93aa9d6defb225ec38fe0caba8914f8ed669e52e
parenta3eb42784774daaac8bb2872c0794de6386c4f93 [diff]
Allow apex packages to be signed with key that has rollback capability

When a key is rotated with a new key, it may continue to trust the old
one. As such, trusted old key should be able to update.

We no longer need to handle "key-downgrade" separately in any situation.
An update will be installed iff it is signed by a trusted key (even
during Rollbacks/Downgrades).

Bug: 136002636
Test: atest StagedInstallTest#testTrustedOldKeyIsAccepted
Change-Id: I3455bd00e13a9271fe25cfaac1476ad7e55eb5f3
1 file changed
tree: 93aa9d6defb225ec38fe0caba8914f8ed669e52e
  1. apct-tests/
  2. apex/
  3. api/
  4. cmds/
  5. config/
  6. core/
  7. data/
  8. docs/
  9. drm/
  10. graphics/
  11. keystore/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. mime/
  17. mms/
  18. native/
  19. nfc-extras/
  20. obex/
  21. opengl/
  22. packages/
  23. proto/
  24. rs/
  25. samples/
  26. sax/
  27. services/
  28. startop/
  29. telecomm/
  30. telephony/
  31. test-base/
  32. test-legacy/
  33. test-mock/
  34. test-runner/
  35. tests/
  36. tools/
  37. wifi/
  38. .gitignore
  39. .mailmap
  40. Android.bp
  41. Android.mk
  42. CleanSpec.mk
  43. jarjar_rules_hidl.txt
  44. MODULE_LICENSE_APACHE2
  45. NOTICE
  46. pathmap.mk
  47. PREUPLOAD.cfg