V2签名预装失败原因及解决方案

2023-11-23 18:25:28

GOOGLE最新的GTS要求targetSdkVersion 大于30的APK必须使用V2及以上签名。

但实际在预装过程中,GTS测试会失败。

后面发现这是由于预装方式的原因造成的。原来的预装方式是使用APK,指定APK使用预签名的方式。Android.mk如下:

LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := DKTest
LOCAL_MODULE_CLASS := APPS
LOCAL_MODULE_TAGS := optional
#LOCAL_BUILT_MODULE_STEM := DKTest.apk
LOCAL_MODULE_SUFFIX := $(COMMON_ANDROID_PACKAGE_SUFFIX)
#LOCAL_PRIVILEGED_MODULE := true
LOCAL_CERTIFICATE := PRESIGNED
#PRESIGNED platform
LOCAL_SRC_FILES := $(LOCAL_MODULE).apk
#LOCAL_REQUIRED_MODULES :=
#LOCAL_PREBUILT_JNI_LIBS :=
#LOCAL_DEX_PREOPT := false
$(shell cp $(LOCAL_PATH)/../DKAsphaltNitro/*.apk $(TARGET_OUT)/system/app/)
include $(BUILD_PREBUILT)

但是编译出来,从手机中PULL出来的APK,验证签名结果如下:

~/Android/Sdk/build-tools/28.0.3$ ./apksigner verify -v a.apk
DOES NOT VERIFY
ERROR: JAR signer CERT.RSA: JAR signature META-INF/CERT.SF indicates the APK is signed using APK Signature Scheme v2 but no such signature was found. Signature stripped?
 

而没有编译之前的APK签名验证是OK的,结果如下:

~/Android/Sdk/build-tools/28.0.3$ ./apksigner verify -v a.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Number of signers: 1

所以,判定是预装方式造成的。

由于v2是对apk整体签名,对APK中任何一个文件的修改,都会导致V2签名被破坏。

最终处理的方案是使用cp的预装方式来解决。如:

LOCAL_PATH:= $(call my-dir)

copy_files :=

ifeq ($(strip $(SILENT_INSTALL)), yes)
$(foreach file, $(patsubst $(LOCAL_PATH)/%, %, $(shell find $(LOCAL_PATH) -name *.apk.1)), \
    $(eval copy_files += $(LOCAL_PATH)/$(file):$(dir system/install/apk/$(file))))
endif

$(call smart-copy-file-to-target, $(copy_files))


define smart-copy-file-to-target
$(eval unique_copy_files_destinations :=) \
$(foreach cf,$(1), \
    $(eval _dest := $(lastword $(subst :, ,$(cf)))) \
    $(if $(filter $(DEST_NULL_PATH), $(_dest)), ,\
        $(eval _src := $(wildcard $(firstword $(subst :, ,$(cf))))) \
        $(foreach __src, $(_src), \
            $(eval __dest := $(subst //,/,$(PRODUCT_OUT)/$(_dest)/$(notdir $(__src)))) \
            $(if $(filter $(unique_copy_files_destinations),$(__dest)), \
                $(error discovered $(__dest) comes from serveral different location, please fix it), \
                $(eval $(call copy-one-file,$(__src),$(__dest))) $(eval ALL_DEFAULT_INSTALLED_MODULES += $(__dest)) \
                $(eval unique_copy_files_destinations += $(__dest))) \
        ) \
    ) \
) \
$(eval unique_copy_files_destinations :=)
endef

上一篇:C++ 提高教程 STL --vector容器-赋值操作


下一篇:动手学深度学习v2-10-3-线性回归的简洁实现