No. For our proof-of-concept work we just hacked the framework code with
the patch below to make the apps install. I have not tested if the problem
still exist in aosp master, nor have I investigated proper fix.
On Wednesday, May 3, 2023 at 10:54:12 PM UTC+3 TblS wrote:
> Were you able to solve this problem? I have the same issue with AOSP 13 on
> Pixel 6 and WhatsApp (and some other apps)
>
> On Thursday, 25 August 2022 at 00:49:26 UTC+3 Mikko Koivisto wrote:
>
>> I’m trying to include WhatsApp.apk to the image of Cuttlefish virtual
>> device. The rule looks like this:
>> android_app_import {
>> name: "WhatsApp",
>> apk: "WhatsApp.apk",
>> presigned: true,
>> product_specific: true,
>> dex_preopt: {
>> enabled: false,
>> },
>> }
>>
>> However, when doing the device build (lunch
>> aosp_cf_x86_64_phone-userdebug) the signature changes:
>> mikko_koivisto@cf-dev-mikko:~/aosp/out$ apksigner verify -v
>> target/product/vsoc_x86_64/product/app/WhatsApp/WhatsApp.apk
>> DOES NOT VERIFY
>> ERROR: JAR signer WHATSAPP.DSA: JAR signature META-INF/WHATSAPP.SF
>> indicates the APK is signed using APK Signature Scheme v2 but no such
>> signature was found. Signature stripped?
>>
>> The app in the original location shows:
>> mikko_koivisto@cf-dev-mikko:~/aosp$ apksigner verify -v
>> device/google/cuttlefish/guest/prebuilts/WhatsApp.apk
>> Verifies
>> Verified using v1 scheme (JAR signing): true
>> Verified using v2 scheme (APK Signature Scheme v2): true
>> Verified using v3 scheme (APK Signature Scheme v3): false
>> Verified using v3.1 scheme (APK Signature Scheme v3.1): false
>> Verified using v4 scheme (APK Signature Scheme v4): false
>> Verified for SourceStamp: false
>> Number of signers: 1
>>
>> Missing signature makes PackageManager to reject the app included in the
>> image and it won't be visible in launcher.
>> I believe the behavior has changed in aosp master during last couple of
>> weeks. The behavior is also apk-dependent since some apks (with similar
>> android_app_import parameters) build just fine.
>> Best Regards,
>> Mikko
>>
>
--
--
You received this message because you are subscribed to the "Android Building"
mailing list.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-building/eb837b14-4c31-4b5c-a4dd-d1ce2ac9d2f0n%40googlegroups.com.
>From 1fee86e24332392a2e9ed1838fb77dbe95faf982 Mon Sep 17 00:00:00 2001
From: Mikko Koivisto <[email protected]>
Date: Wed, 24 Aug 2022 13:53:13 +0000
Subject: [PATCH] Lower required signature scheme version
Change-Id: Ia2f50260be3a336eb053c335bba8a4d376ac3926
---
core/java/android/util/apk/ApkSignatureVerifier.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/core/java/android/util/apk/ApkSignatureVerifier.java b/core/java/android/util/apk/ApkSignatureVerifier.java
index d2a18dd84313..bef8ea6159af 100644
--- a/core/java/android/util/apk/ApkSignatureVerifier.java
+++ b/core/java/android/util/apk/ApkSignatureVerifier.java
@@ -512,7 +512,10 @@ public class ApkSignatureVerifier {
* {@code targetSdk}.
*/
public static int getMinimumSignatureSchemeVersionForTargetSdk(int targetSdk) {
- if (targetSdk >= Build.VERSION_CODES.R) {
+ final boolean OVERRIDE_SDK_CHECK = true;
+ if (OVERRIDE_SDK_CHECK) {
+ return SignatureSchemeVersion.JAR;
+ } else if (targetSdk >= Build.VERSION_CODES.R) {
return SignatureSchemeVersion.SIGNING_BLOCK_V2;
}
return SignatureSchemeVersion.JAR;
--
2.25.1
