Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2ada4993 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Stop verifying fs-verity signature in kernel 

This has become redundant since we're now checking the signature in
userspace.

Bug: 258538225
Test: atest GtsFontHostTestCases
Test: atest UpdatableFontDirTest
Test: atest UpdatableSystemFontTest
Test: atest FontManagerTest
Change-Id: I18dc93e1b54b3ff97474113cd5689e7cc058e000
Merged-In: I18dc93e1b54b3ff97474113cd5689e7cc058e000
parent d163351b

services/core/java/com/android/server/graphics/fonts/FontManagerService.java

+2 −2
Original line number Diff line number Diff line
@@ -186,8 +186,8 @@ public final class FontManagerService extends IFontManager.Stub { 
        }



        @Override

        public void setUpFsverity(String filePath, byte[] pkcs7Signature) throws IOException {

            VerityUtils.setUpFsverity(filePath, pkcs7Signature);

        public void setUpFsverity(String filePath) throws IOException {

            VerityUtils.setUpFsverity(filePath, /* signature */ (byte[]) null);

        }



        @Override

services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java

+2 −3
Original line number Diff line number Diff line
@@ -78,7 +78,7 @@ final class UpdatableFontDir { 
    interface FsverityUtil {

        boolean isFromTrustedProvider(String path, byte[] pkcs7Signature);



        void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException;

        void setUpFsverity(String path) throws IOException;



        boolean rename(File src, File dest);

    }
@@ -354,8 +354,7 @@ final class UpdatableFontDir { 
            try {

                // Do not parse font file before setting up fs-verity.

                // setUpFsverity throws IOException if failed.

                mFsverityUtil.setUpFsverity(tempNewFontFile.getAbsolutePath(),

                        pkcs7Signature);

                mFsverityUtil.setUpFsverity(tempNewFontFile.getAbsolutePath());

            } catch (IOException e) {

                throw new SystemFontException(

                        FontManager.RESULT_ERROR_VERIFICATION_FAILURE,

services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java

+9 −10
Original line number Diff line number Diff line
@@ -109,17 +109,16 @@ public final class UpdatableFontDirTest { 


        @Override

        public boolean isFromTrustedProvider(String path, byte[] signature) {

            return mHasFsverityPaths.contains(path);

            if (!mHasFsverityPaths.contains(path)) {

                return false;

            }

            String fakeSignature = new String(signature, StandardCharsets.UTF_8);

            return GOOD_SIGNATURE.equals(fakeSignature);

        }



        @Override

        public void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException {

            String fakeSignature = new String(pkcs7Signature, StandardCharsets.UTF_8);

            if (GOOD_SIGNATURE.equals(fakeSignature)) {

        public void setUpFsverity(String path) throws IOException {

            mHasFsverityPaths.add(path);

            } else {

                throw new IOException("Failed to set up fake fs-verity");

            }

        }



        @Override
@@ -813,8 +812,8 @@ public final class UpdatableFontDirTest { 
            }



            @Override

            public void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException {

                mFakeFsverityUtil.setUpFsverity(path, pkcs7Signature);

            public void setUpFsverity(String path) throws IOException {

                mFakeFsverityUtil.setUpFsverity(path);

            }



            @Override