Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5757a61b authored by Yi Kong's avatar Yi Kong
Browse files

profcollect: Do not upload profiles if verity is disabled 

The image might have been tampered if verity is off. Do not trigger
profile upload in this case.

Test: presubmit
Test: turn off verity and check logs
Bug: 380188300
Change-Id: Ia9d946cecf6f52c1dbb8870feacf426ea878e056
parent b94021f6

services/profcollect/src/com/android/server/profcollect/ProfcollectForwardingService.java

+12 −0
Original line number Diff line number Diff line
@@ -70,6 +70,7 @@ public final class ProfcollectForwardingService extends SystemService { 
    private int mUsageSetting;

    private boolean mUploadEnabled;



    private static boolean sVerityEnforced;

    private boolean mAdbActive;



    private IProfCollectd mIProfcollect;
@@ -117,6 +118,13 @@ public final class ProfcollectForwardingService extends SystemService { 
            mUsageSetting = -1;

        }



        // Check verity, disable profile upload if not enforced.

        final String verityMode = SystemProperties.get("ro.boot.veritymode");

        sVerityEnforced = verityMode.equals("enforcing");

        if (!sVerityEnforced) {

            Log.d(LOG_TAG, "verity is not enforced: " + verityMode);

        }



        mUploadEnabled =

            context.getResources().getBoolean(R.bool.config_profcollectReportUploaderEnabled);
@@ -373,6 +381,10 @@ public final class ProfcollectForwardingService extends SystemService { 
                Log.i(LOG_TAG, "Upload is not enabled.");

                return;

            }

            if (!sVerityEnforced) {

                Log.i(LOG_TAG, "Verity is not enforced.");

                return;

            }

            Intent intent = new Intent()

                    .setPackage("com.android.shell")

                    .setAction("com.android.shell.action.PROFCOLLECT_UPLOAD")