v3 APK verification: reset por signedData after verification.

During the proof-of-rotation additional attribute parsing, each
new certificate needs to be verified by the last.  When doing this
verification, the ByteBuffer position is advanced to its limit, but
it needs to be read again to extract the certificate.  Reset the
signedData ByteBuffer to its original position.

Bug: 64686581
Test: Builds, boots, v3 signed app with rotated cert installs.
Change-Id: Ie95e4c7e99e3cfb9a987638a0c641456af2f34d9

diff --git a/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
index 1b04eb2..a17b04a 100644 (file)
--- a/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
+++ b/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
@@ -477,6 +477,7 @@ public class ApkSignatureSchemeV3Verifier {
                     }
                 }
 
+                signedData.rewind();
                 byte[] encodedCert = readLengthPrefixedByteArray(signedData);
                 int signedSigAlgorithm = signedData.getInt();
                 if (lastCert != null && lastSigAlgorithm != signedSigAlgorithm) {