[modules] Verify module signature when faking on-demand install

To make this work this CL adds a specific build of the Play Core SDK
that exposes a verification method.

Bug: 901920
Change-Id: Icbf15a17f9345085d8ccd812d50d208f5279fe49
Reviewed-on: https://chromium-review.googlesource.com/c/1338563Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: agrieve <agrieve@chromium.org>
Commit-Queue: Tibor Goldschwendt <tiborg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608991}

DEPS

@@ -1201,6 +1201,17 @@ deps = {
     'condition': 'checkout_src_internal',
   },
 
+  'src/third_party/google_android_play_core': {
+      'packages': [
+          {
+              'package': 'chromium/third_party/android_deps/libs/com_google_android_play_core_verification',
+              'version': 'version:1.3.6-cr1',
+          },
+      ],
+      'condition': 'checkout_android',
+      'dep_type': 'cipd',
+  },
+
   # === ANDROID_DEPS Generated Code Start ===
   # Generated by //tools/android/roll/android_deps/fetch_all.py
   'src/third_party/android_deps/libs/android_arch_core_common': {
@@ -1709,17 +1720,6 @@ deps = {
       'dep_type': 'cipd',
   },
 
-  'src/third_party/android_deps/libs/com_google_android_play_core': {
-      'packages': [
-          {
-              'package': 'chromium/third_party/android_deps/libs/com_google_android_play_core',
-              'version': 'version:1.3.5-cr0',
-          },
-      ],
-      'condition': 'checkout_android',
-      'dep_type': 'cipd',
-  },
-
   'src/third_party/android_deps/libs/com_google_code_findbugs_jsr305': {
       'packages': [
           {

components/module_installer/android/BUILD.gn

@@ -13,6 +13,6 @@ android_library("module_installer_java") {
   ]
   deps = [
     "//base:base_java",
-    "//third_party/android_deps:com_google_android_play_core_java",
+    "//third_party/google_android_play_core:com_google_android_play_core_java",
   ]
 }

components/module_installer/android/java/src/org/chromium/components/module_installer/FakeModuleInstallerBackend.java

@@ -7,6 +7,7 @@ package org.chromium.components.module_installer;
 import android.content.Context;
 
 import com.google.android.play.core.splitcompat.SplitCompat;
+import com.google.android.play.core.splitcompat.ingestion.Verifier;
 
 import org.chromium.base.BuildInfo;
 import org.chromium.base.ContextUtils;
@@ -69,10 +70,17 @@ class FakeModuleInstallerBackend extends ModuleInstallerBackend {
         // Path where SplitCompat looks for downloaded modules. May change in future releases of
         // the Play Core SDK.
         File dstModuleFile = joinPaths(context.getFilesDir().getPath(), "splitcompat",
-                Integer.toString(versionCode), "verified-splits", moduleName + ".apk");
+                Integer.toString(versionCode), "unverified-splits", moduleName + ".apk");
         File srcModuleFile = joinPaths(MODULES_SRC_DIRECTORY_PATH, moduleName + ".apk");
 
         // NOTE: Need to give Chrome storage permission for this to work.
+        try {
+            dstModuleFile.getParentFile().mkdirs();
+        } catch (SecurityException e) {
+            Log.e(TAG, "Failed to create module dir", e);
+            return false;
+        }
+
         try (FileInputStream istream = new FileInputStream(srcModuleFile);
                 FileOutputStream ostream = new FileOutputStream(dstModuleFile)) {
             ostream.getChannel().transferFrom(istream.getChannel(), 0, istream.getChannel().size());
@@ -81,10 +89,14 @@ class FakeModuleInstallerBackend extends ModuleInstallerBackend {
             return false;
         }
 
-        // Tell SplitCompat to do a full emulation of the module. The method name is obfuscated
-        // since it is not part of the public API. We are using it here since this backend is for
-        // testing purposes only.
-        return SplitCompat.a(context);
+        // Check that the module's signature matches Chrome's.
+        Verifier verifier = new Verifier(context);
+        if (!verifier.verifySplits()) {
+            return false;
+        }
+
+        // Tell SplitCompat to do a full emulation of the module.
+        return SplitCompat.fullInstall(context);
     }
 
     private File joinPaths(String... paths) {

third_party/.gitignore

@@ -82,6 +82,7 @@
 /glslang-angle/src
 /gn/
 /gnu_binutils/
+/google_android_play_core/core-*.aar
 /google_appengine_cloudstorage
 /google_toolbox_for_mac/src
 /googlemac

third_party/android_deps/BUILD.gn

@@ -535,12 +535,6 @@ android_aar_prebuilt(
   ]
 }
 
-android_aar_prebuilt("com_google_android_play_core_java") {
-  aar_path = "libs/com_google_android_play_core/core-1.3.5.aar"
-  info_path =
-      "libs/com_google_android_play_core/com_google_android_play_core.info"
-}
-
 java_prebuilt("com_google_dagger_dagger_java") {
   jar_path = "libs/com_google_dagger_dagger/dagger-2.17.jar"
   output_name = "com_google_dagger_dagger"

third_party/android_deps/additional_readme_paths.json

@@ -45,7 +45,6 @@
     "libs/com_google_android_gms_play_services_tasks",
     "libs/com_google_android_gms_play_services_vision",
     "libs/com_google_android_gms_play_services_vision_common",
-    "libs/com_google_android_play_core",
     "libs/com_google_code_findbugs_jsr305",
     "libs/com_google_dagger_dagger",
     "libs/com_google_dagger_dagger_compiler",

third_party/android_deps/libs/com_google_android_play_core/OWNERS

-file://third_party/android_deps/OWNERS
\ No newline at end of file

third_party/google_android_play_core/BUILD.gn

+# Copyright 2018 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import("//build/config/android/rules.gni")
+
+android_aar_prebuilt("com_google_android_play_core_java") {
+  aar_path = "core-1.3.6.aar"
+  info_path = "com_google_android_play_core.info"
+}

third_party/google_android_play_core/OWNERS

+agrieve@chromium.org
+tiborg@chromium.org

third_party/android_deps/libs/com_google_android_play_core/README.chromium → third_party/google_android_play_core/README.chromium

-Name: 
-Short Name: core
+Name: Goole Android Play Core
+Short Name: Play Core
 URL: https://developers.google.com/android/guides/setup
-Version: 1.3.5
+Version: 1.3.6
 License: Android Software Development Kit License
 License File: LICENSE
 Security Critical: yes
@@ -10,4 +10,4 @@ Description:
 
 
 Local Modifications:
-No modifications.
+Unproguarded verification API.

third_party/android_deps/libs/com_google_android_play_core/cipd.yaml → third_party/google_android_play_core/cipd.yaml

@@ -3,8 +3,8 @@
 # found in the LICENSE file.
 
 # To create CIPD package run the following command.
-# cipd create --pkg-def cipd.yaml -tag version:1.3.5-cr0
-package: chromium/third_party/android_deps/libs/com_google_android_play_core
+# cipd create --pkg-def cipd.yaml -tag version:1.3.6-cr1
+package: chromium/third_party/android_deps/libs/com_google_android_play_core_verification
 description: ""
 data:
-- file: core-1.3.5.aar
+- file: core-1.3.6.aar
\ No newline at end of file

tools/android/roll/android_deps/build.gradle

@@ -39,8 +39,6 @@ dependencies {
     compile "com.google.android.gms:play-services-vision:${gmsVersion}"
     compile "com.google.android.gms:play-services-fido:${gmsVersion}"
 
-    compile "com.google.android.play:core:1.3.5"
-
     // Support v4 libraries
     def supportLibVersion = '27.0.0'
     compile "com.android.support:support-v4:${supportLibVersion}"