采用Signature Scheme v2签名方式的APK预置失败

[MTK FAQ原始地址]

[FAQ19857]采用Signature Scheme v2签名方式的APK预置失败
[FAQ19894]N上预置APK失败提示找不到so文件
如何知道APK是不是采用Signature Scheme v2签名？

[DESCRIPTION]

Google在N上引入了一项新的应用签名方案Signature Scheme v2，它能提供更快的应用安装时间和更多针对APK文件更改的保护
在N上预置APK时，如果APK是采用的Signature Scheme v2签名，采用原有的预置应用方式预置APK会失败：

Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed to collect certificates from /data/app/vmdl1483607312.tmp/base.apk: META-INF/CERT.SF indicates /data/app/vmdl1483607312.tmp/base.apk is signed using APK Signature Scheme v2, but no suchsignature was found. Signature stripped?]

[SOLUTION]

经过BUILD_PREBUILT后的apk与原apk是有差异的，因为v2是对apk整体签名，所以这个差异导致签名失效。
1、app预置到到工程中，用android.mk编译之后的APK是有区别的，android编译系统会用zipalign对APK进行字节对齐等操作。
2、APK Signature Scheme v2这个是Google在N上新引入的签名方式。v2 签名将验证归档中每个文件的已压缩文件内容，如有任何自定义任务篡改 APK 文件或对其进行后处理（无论以任何方式），那么v2 签名会有作废的风险。

在预置APK build进系统时候不让其走编译流程，在其他模块的android.mk加入下面的cp脚本：

$(shell cp $(LOCAL_PATH)/***/*.apk $(TARGET_OUT)/vendor/operator/app)

PS：亲测，此拷贝脚本在clean之后的第一次编译不能正常执行拷贝操作，remake时才会执行。
替代方法：通过开机动画类似的拷贝方法进行拷贝，同时需要注释掉MakeFile里面相应的文件类型校验代码。

APK能通过PMS扫描安装成功，可能还会报so找不到的问题，可以参考：
ID: FAQ19894 N上预置APK失败提示找不到so文件

如何知道APK是不是采用Signature Scheme v2签名？可参考：
FAQ20235如何知道APK是不是采用Signature Scheme v2签名？

---

[FAQ19894]N上预置APK失败提示找不到so文件

[DESCRIPTION]

预置APK到系统之后打开APK会提示：

01-01 12:00:39.537 5326 5326 E AndroidRuntime: Process: com.skype.raider, PID: 5326
01-01 12:00:39.537 5326 5326 E AndroidRuntime: java.lang.UnsatisfiedLinkError: dalvik.system.PathClassLoader[DexPathList[lib](https://onlinesso.mediatek.com/FAQ/Skype/S)] couldn't find "libSkypeAndroid.so"
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at java.lang.Runtime.loadLibrary0(Runtime.java:972)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at java.lang.System.loadLibrary(System.java:1530)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.util.CrashAndAnrHandler.(SourceFile:19)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.util.CrashAndAnrHandler.saveHandlers(Native Method)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.skylib.SkyLibInitializer.a(SourceFile:115)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.SkypeModule.a(SourceFile:126)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.SkypeModule_SkyLibFactory.get(SourceFile:37)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.SkypeModule_SkyLibFactory.get(SourceFile:11)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at dagger.internal.d.get(SourceFile:47)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.app.BackgroundMode_Factory.get(SourceFile:72)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.app.BackgroundMode_Factory.get(SourceFile:16)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at dagger.internal.d.get(SourceFile:47)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.wakeup.DreamKeeper_Factory.get(SourceFile:48)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.wakeup.DreamKeeper_Factory.get(SourceFile:12)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at dagger.internal.d.get(SourceFile:47)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.wakeup.ForegroundObserver_Factory.get(SourceFile:34)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.wakeup.ForegroundObserver_Factory.get(SourceFile:8)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at dagger.internal.d.get(SourceFile:47)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.SkypeApplication_MembersInjector.injectMembers(SourceFile:160)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.SkypeApplication_MembersInjector.injectMembers(SourceFile:24)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.DaggerSkypeApplicationComponent.inject(SourceFile:2266)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.skype.android.SkypeApplication.onCreate(SourceFile:152)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1027)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5503)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.app.ActivityThread.-wrap2(ActivityThread.java)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1595)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:110)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.os.Looper.loop(Looper.java:203)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.java:6251)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1063)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:924)
01-01 12:00:39.537 5326 5326 E AndroidRuntime: FATAL EXCEPTION: main

[SOLUTION]

这是因为Google在N上对selinux有更严格的限制，APK的so文件被selinux挡住了：

01-01 12:00:39.520000  5326  5326 W om.skype.raider: type=1400 audit(0.0:64): avc: denied { read } for name="libSkypeAndroid.so" dev="mmcblk0p22" ino=770074 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

参考如下的solution：
Add the policy to alps/device/mediatek/common|[platfrom]/sepolicy/basic|bsp|full/untrusted_app.te

#====================== untrusted_app.te ======================
allow untrusted_app system_data_file:file r_file_perms;