Loading core/java/android/security/IFileIntegrityService.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,8 @@ interface IFileIntegrityService { boolean isAppSourceCertificateTrusted(in byte[] certificateBytes, in String packageName); IInstalld.IFsveritySetupAuthToken createAuthToken(in ParcelFileDescriptor authFd); @EnforcePermission("SETUP_FSVERITY") int setupFsverity(IInstalld.IFsveritySetupAuthToken authToken, in String filePath, in String packageName); } services/core/java/com/android/server/security/FileIntegrityService.java +12 −6 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.security; import android.annotation.EnforcePermission; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.AppOpsManager; Loading @@ -27,6 +28,7 @@ import android.os.Build; import android.os.Environment; import android.os.IBinder; import android.os.ParcelFileDescriptor; import android.os.PermissionEnforcer; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.ShellCallback; Loading Loading @@ -79,7 +81,11 @@ public class FileIntegrityService extends SystemService { return LocalServices.getService(FileIntegrityService.class); } private final IBinder mService = new IFileIntegrityService.Stub() { private final class BinderService extends IFileIntegrityService.Stub { BinderService(Context context) { super(PermissionEnforcer.fromContext(context)); } @Override public boolean isApkVeritySupported() { return VerityUtils.isFsVeritySupported(); Loading Loading @@ -168,12 +174,10 @@ public class FileIntegrityService extends SystemService { } @Override @EnforcePermission(android.Manifest.permission.SETUP_FSVERITY) public int setupFsverity(android.os.IInstalld.IFsveritySetupAuthToken authToken, String filePath, String packageName) throws RemoteException { getContext().enforceCallingPermission(android.Manifest.permission.SETUP_FSVERITY, "Permission android.permission.SETUP_FSVERITY not grantted to access " + "FileIntegrityManager#setupFsverity"); setupFsverity_enforcePermission(); Objects.requireNonNull(authToken); Objects.requireNonNull(filePath); Objects.requireNonNull(packageName); Loading @@ -185,10 +189,12 @@ public class FileIntegrityService extends SystemService { throw new RemoteException(e); } } }; } private final IBinder mService; public FileIntegrityService(final Context context) { super(context); mService = new BinderService(context); try { sCertFactory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { Loading Loading
core/java/android/security/IFileIntegrityService.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -28,6 +28,8 @@ interface IFileIntegrityService { boolean isAppSourceCertificateTrusted(in byte[] certificateBytes, in String packageName); IInstalld.IFsveritySetupAuthToken createAuthToken(in ParcelFileDescriptor authFd); @EnforcePermission("SETUP_FSVERITY") int setupFsverity(IInstalld.IFsveritySetupAuthToken authToken, in String filePath, in String packageName); }
services/core/java/com/android/server/security/FileIntegrityService.java +12 −6 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.security; import android.annotation.EnforcePermission; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.AppOpsManager; Loading @@ -27,6 +28,7 @@ import android.os.Build; import android.os.Environment; import android.os.IBinder; import android.os.ParcelFileDescriptor; import android.os.PermissionEnforcer; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.ShellCallback; Loading Loading @@ -79,7 +81,11 @@ public class FileIntegrityService extends SystemService { return LocalServices.getService(FileIntegrityService.class); } private final IBinder mService = new IFileIntegrityService.Stub() { private final class BinderService extends IFileIntegrityService.Stub { BinderService(Context context) { super(PermissionEnforcer.fromContext(context)); } @Override public boolean isApkVeritySupported() { return VerityUtils.isFsVeritySupported(); Loading Loading @@ -168,12 +174,10 @@ public class FileIntegrityService extends SystemService { } @Override @EnforcePermission(android.Manifest.permission.SETUP_FSVERITY) public int setupFsverity(android.os.IInstalld.IFsveritySetupAuthToken authToken, String filePath, String packageName) throws RemoteException { getContext().enforceCallingPermission(android.Manifest.permission.SETUP_FSVERITY, "Permission android.permission.SETUP_FSVERITY not grantted to access " + "FileIntegrityManager#setupFsverity"); setupFsverity_enforcePermission(); Objects.requireNonNull(authToken); Objects.requireNonNull(filePath); Objects.requireNonNull(packageName); Loading @@ -185,10 +189,12 @@ public class FileIntegrityService extends SystemService { throw new RemoteException(e); } } }; } private final IBinder mService; public FileIntegrityService(final Context context) { super(context); mService = new BinderService(context); try { sCertFactory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { Loading
