Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e5d7184 authored by Syed Zaidi's avatar Syed Zaidi
Browse files

SystemCertificateSource: Mitigate NPE when checking updateable certs directory 



The updateable conscrypt APEX certificate store located at /apex/com.android.conscrypt/cacert may be empty.
Previously we would check whether or not the folder is empty by determinimg if the length of the returned list[]
array was non-zero. However, when a directory is empty, a null value is returned instead of an empty array. We
rectify that here by utilizing the helper function ArrayUtils.isEmpty() instead of manually checking the length.

Flag: NONE
Test: atest NetworkSecurityConfigTests

Change-Id: I3557f75aa5a807623df6e978145c4378f06c625b
Signed-off-by: default avatarSyed Zaidi <zaidisyed@meta.com>
parent e74cf64e

core/java/android/security/net/config/SystemCertificateSource.java

+3 −1
Original line number Diff line number Diff line
@@ -19,6 +19,8 @@ package android.security.net.config; 
import android.os.Environment;

import android.os.UserHandle;



import com.android.internal.util.ArrayUtils;



import java.io.File;



/**
@@ -45,7 +47,7 @@ public final class SystemCertificateSource extends DirectoryCertificateSource { 
        }

        File updatable_dir = new File("/apex/com.android.conscrypt/cacerts");

        if (updatable_dir.exists()

                && !(updatable_dir.list().length == 0)) {

                && !(ArrayUtils.isEmpty(updatable_dir.list()))) {

            return updatable_dir;

        }

        return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");