I am looking for a way to digitally sign a shared library so that I can verify the authenticity of the specified library. My suggested solution was to hash the library and store this in a Java file that loads and calls the library, but the problem is that it will not work if the library is updated in the future (unless all applications using the library are updated) .
I thought it would be possible instead to add a hash of the library that was signed with the private key, for example, at the end of the .so file so that this signed hash can be trusted and not needed to be stored in the calling application for verification. Is there any support for this in the Android API and will it insert data into the library in a way that could cause problems for the library loader?
/system/lib, - , APK, ++, Java. .
/system/lib
, . . API "GetVersion (int salt)", ( ), "" . , " " .
, .
, blob . .so Android.mk. install, .
install