Loading core/api/current.txt +0 −2 Original line number Original line Diff line number Diff line Loading @@ -39388,10 +39388,8 @@ package android.security { } } public final class FileIntegrityManager { public final class FileIntegrityManager { method @FlaggedApi("android.security.fsverity_api") @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException; method public boolean isApkVeritySupported(); method public boolean isApkVeritySupported(); method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException; method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException; method @FlaggedApi("android.security.fsverity_api") public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException; } } public final class KeyChain { public final class KeyChain { core/api/system-current.txt +6 −0 Original line number Original line Diff line number Diff line Loading @@ -355,6 +355,7 @@ package android { field public static final String SEND_SHOW_SUSPENDED_APP_DETAILS = "android.permission.SEND_SHOW_SUSPENDED_APP_DETAILS"; field public static final String SEND_SHOW_SUSPENDED_APP_DETAILS = "android.permission.SEND_SHOW_SUSPENDED_APP_DETAILS"; field public static final String SEND_SMS_NO_CONFIRMATION = "android.permission.SEND_SMS_NO_CONFIRMATION"; field public static final String SEND_SMS_NO_CONFIRMATION = "android.permission.SEND_SMS_NO_CONFIRMATION"; field public static final String SERIAL_PORT = "android.permission.SERIAL_PORT"; field public static final String SERIAL_PORT = "android.permission.SERIAL_PORT"; field @FlaggedApi("android.security.fsverity_api") public static final String SETUP_FSVERITY = "android.permission.SETUP_FSVERITY"; field public static final String SET_ACTIVITY_WATCHER = "android.permission.SET_ACTIVITY_WATCHER"; field public static final String SET_ACTIVITY_WATCHER = "android.permission.SET_ACTIVITY_WATCHER"; field public static final String SET_CLIP_SOURCE = "android.permission.SET_CLIP_SOURCE"; field public static final String SET_CLIP_SOURCE = "android.permission.SET_CLIP_SOURCE"; field public static final String SET_DEFAULT_ACCOUNT_FOR_CONTACTS = "android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS"; field public static final String SET_DEFAULT_ACCOUNT_FOR_CONTACTS = "android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS"; Loading Loading @@ -12107,6 +12108,11 @@ package android.se.omapi { package android.security { package android.security { public final class FileIntegrityManager { method @FlaggedApi("android.security.fsverity_api") @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException; method @FlaggedApi("android.security.fsverity_api") public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException; } public final class KeyChain { public final class KeyChain { method @Nullable @WorkerThread public static String getWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); method @Nullable @WorkerThread public static String getWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); method @WorkerThread public static boolean hasWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); method @WorkerThread public static boolean hasWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); core/java/android/security/FileIntegrityManager.java +8 −0 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,8 @@ import android.annotation.FlaggedApi; import android.annotation.NonNull; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.annotation.RequiresPermission; import android.annotation.RequiresPermission; import android.annotation.SuppressLint; import android.annotation.SystemApi; import android.annotation.SystemService; import android.annotation.SystemService; import android.content.Context; import android.content.Context; import android.os.IInstalld.IFsveritySetupAuthToken; import android.os.IInstalld.IFsveritySetupAuthToken; Loading Loading @@ -99,8 +101,11 @@ public final class FileIntegrityManager { * @throws IOException If the operation failed. * @throws IOException If the operation failed. * * * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @hide */ */ @FlaggedApi(Flags.FLAG_FSVERITY_API) @FlaggedApi(Flags.FLAG_FSVERITY_API) @SuppressLint("StreamFiles") @SystemApi public void setupFsVerity(@NonNull File file) throws IOException { public void setupFsVerity(@NonNull File file) throws IOException { if (!file.isAbsolute()) { if (!file.isAbsolute()) { // fs-verity is to be enabled by installd, which enforces the validation to the // fs-verity is to be enabled by installd, which enforces the validation to the Loading Loading @@ -138,8 +143,11 @@ public final class FileIntegrityManager { * @param file The file to measure the fs-verity digest. * @param file The file to measure the fs-verity digest. * @return The fs-verity digest in byte[], null if none. * @return The fs-verity digest in byte[], null if none. * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @hide */ */ @FlaggedApi(Flags.FLAG_FSVERITY_API) @FlaggedApi(Flags.FLAG_FSVERITY_API) @SuppressLint("StreamFiles") @SystemApi public @Nullable byte[] getFsVerityDigest(@NonNull File file) throws IOException { public @Nullable byte[] getFsVerityDigest(@NonNull File file) throws IOException { return VerityUtils.getFsverityDigest(file.getPath()); return VerityUtils.getFsverityDigest(file.getPath()); } } Loading core/res/AndroidManifest.xml +9 −0 Original line number Original line Diff line number Diff line Loading @@ -8182,6 +8182,15 @@ <permission android:name="android.permission.SCREEN_TIMEOUT_OVERRIDE" <permission android:name="android.permission.SCREEN_TIMEOUT_OVERRIDE" android:protectionLevel="signature" /> android:protectionLevel="signature" /> <!-- @SystemApi @FlaggedApi("android.security.fsverity_api") Allows app to setup fs-verity through FileIntegrityManager. <p>Protection level: signature|privileged @hide --> <permission android:name="android.permission.SETUP_FSVERITY" android:protectionLevel="signature|privileged"/> <!-- Attribution for Geofencing service. --> <!-- Attribution for Geofencing service. --> <attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/> <attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/> <!-- Attribution for Country Detector. --> <!-- Attribution for Country Detector. --> Loading services/core/java/com/android/server/security/FileIntegrityService.java +4 −0 Original line number Original line Diff line number Diff line Loading @@ -170,6 +170,10 @@ public class FileIntegrityService extends SystemService { @Override @Override public int setupFsverity(android.os.IInstalld.IFsveritySetupAuthToken authToken, public int setupFsverity(android.os.IInstalld.IFsveritySetupAuthToken authToken, String filePath, String packageName) throws RemoteException { String filePath, String packageName) throws RemoteException { getContext().enforceCallingPermission(android.Manifest.permission.SETUP_FSVERITY, "Permission android.permission.SETUP_FSVERITY not grantted to access " + "FileIntegrityManager#setupFsverity"); Objects.requireNonNull(authToken); Objects.requireNonNull(authToken); Objects.requireNonNull(filePath); Objects.requireNonNull(filePath); Objects.requireNonNull(packageName); Objects.requireNonNull(packageName); Loading Loading
core/api/current.txt +0 −2 Original line number Original line Diff line number Diff line Loading @@ -39388,10 +39388,8 @@ package android.security { } } public final class FileIntegrityManager { public final class FileIntegrityManager { method @FlaggedApi("android.security.fsverity_api") @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException; method public boolean isApkVeritySupported(); method public boolean isApkVeritySupported(); method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException; method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException; method @FlaggedApi("android.security.fsverity_api") public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException; } } public final class KeyChain { public final class KeyChain {
core/api/system-current.txt +6 −0 Original line number Original line Diff line number Diff line Loading @@ -355,6 +355,7 @@ package android { field public static final String SEND_SHOW_SUSPENDED_APP_DETAILS = "android.permission.SEND_SHOW_SUSPENDED_APP_DETAILS"; field public static final String SEND_SHOW_SUSPENDED_APP_DETAILS = "android.permission.SEND_SHOW_SUSPENDED_APP_DETAILS"; field public static final String SEND_SMS_NO_CONFIRMATION = "android.permission.SEND_SMS_NO_CONFIRMATION"; field public static final String SEND_SMS_NO_CONFIRMATION = "android.permission.SEND_SMS_NO_CONFIRMATION"; field public static final String SERIAL_PORT = "android.permission.SERIAL_PORT"; field public static final String SERIAL_PORT = "android.permission.SERIAL_PORT"; field @FlaggedApi("android.security.fsverity_api") public static final String SETUP_FSVERITY = "android.permission.SETUP_FSVERITY"; field public static final String SET_ACTIVITY_WATCHER = "android.permission.SET_ACTIVITY_WATCHER"; field public static final String SET_ACTIVITY_WATCHER = "android.permission.SET_ACTIVITY_WATCHER"; field public static final String SET_CLIP_SOURCE = "android.permission.SET_CLIP_SOURCE"; field public static final String SET_CLIP_SOURCE = "android.permission.SET_CLIP_SOURCE"; field public static final String SET_DEFAULT_ACCOUNT_FOR_CONTACTS = "android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS"; field public static final String SET_DEFAULT_ACCOUNT_FOR_CONTACTS = "android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS"; Loading Loading @@ -12107,6 +12108,11 @@ package android.se.omapi { package android.security { package android.security { public final class FileIntegrityManager { method @FlaggedApi("android.security.fsverity_api") @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException; method @FlaggedApi("android.security.fsverity_api") public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException; } public final class KeyChain { public final class KeyChain { method @Nullable @WorkerThread public static String getWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); method @Nullable @WorkerThread public static String getWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); method @WorkerThread public static boolean hasWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String); method @WorkerThread public static boolean hasWifiKeyGrantAsUser(@NonNull android.content.Context, @NonNull android.os.UserHandle, @NonNull String);
core/java/android/security/FileIntegrityManager.java +8 −0 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,8 @@ import android.annotation.FlaggedApi; import android.annotation.NonNull; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.annotation.RequiresPermission; import android.annotation.RequiresPermission; import android.annotation.SuppressLint; import android.annotation.SystemApi; import android.annotation.SystemService; import android.annotation.SystemService; import android.content.Context; import android.content.Context; import android.os.IInstalld.IFsveritySetupAuthToken; import android.os.IInstalld.IFsveritySetupAuthToken; Loading Loading @@ -99,8 +101,11 @@ public final class FileIntegrityManager { * @throws IOException If the operation failed. * @throws IOException If the operation failed. * * * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @hide */ */ @FlaggedApi(Flags.FLAG_FSVERITY_API) @FlaggedApi(Flags.FLAG_FSVERITY_API) @SuppressLint("StreamFiles") @SystemApi public void setupFsVerity(@NonNull File file) throws IOException { public void setupFsVerity(@NonNull File file) throws IOException { if (!file.isAbsolute()) { if (!file.isAbsolute()) { // fs-verity is to be enabled by installd, which enforces the validation to the // fs-verity is to be enabled by installd, which enforces the validation to the Loading Loading @@ -138,8 +143,11 @@ public final class FileIntegrityManager { * @param file The file to measure the fs-verity digest. * @param file The file to measure the fs-verity digest. * @return The fs-verity digest in byte[], null if none. * @return The fs-verity digest in byte[], null if none. * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @see <a href="https://www.kernel.org/doc/html/next/filesystems/fsverity.html">Kernel doc</a> * @hide */ */ @FlaggedApi(Flags.FLAG_FSVERITY_API) @FlaggedApi(Flags.FLAG_FSVERITY_API) @SuppressLint("StreamFiles") @SystemApi public @Nullable byte[] getFsVerityDigest(@NonNull File file) throws IOException { public @Nullable byte[] getFsVerityDigest(@NonNull File file) throws IOException { return VerityUtils.getFsverityDigest(file.getPath()); return VerityUtils.getFsverityDigest(file.getPath()); } } Loading
core/res/AndroidManifest.xml +9 −0 Original line number Original line Diff line number Diff line Loading @@ -8182,6 +8182,15 @@ <permission android:name="android.permission.SCREEN_TIMEOUT_OVERRIDE" <permission android:name="android.permission.SCREEN_TIMEOUT_OVERRIDE" android:protectionLevel="signature" /> android:protectionLevel="signature" /> <!-- @SystemApi @FlaggedApi("android.security.fsverity_api") Allows app to setup fs-verity through FileIntegrityManager. <p>Protection level: signature|privileged @hide --> <permission android:name="android.permission.SETUP_FSVERITY" android:protectionLevel="signature|privileged"/> <!-- Attribution for Geofencing service. --> <!-- Attribution for Geofencing service. --> <attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/> <attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/> <!-- Attribution for Country Detector. --> <!-- Attribution for Country Detector. --> Loading
services/core/java/com/android/server/security/FileIntegrityService.java +4 −0 Original line number Original line Diff line number Diff line Loading @@ -170,6 +170,10 @@ public class FileIntegrityService extends SystemService { @Override @Override public int setupFsverity(android.os.IInstalld.IFsveritySetupAuthToken authToken, public int setupFsverity(android.os.IInstalld.IFsveritySetupAuthToken authToken, String filePath, String packageName) throws RemoteException { String filePath, String packageName) throws RemoteException { getContext().enforceCallingPermission(android.Manifest.permission.SETUP_FSVERITY, "Permission android.permission.SETUP_FSVERITY not grantted to access " + "FileIntegrityManager#setupFsverity"); Objects.requireNonNull(authToken); Objects.requireNonNull(authToken); Objects.requireNonNull(filePath); Objects.requireNonNull(filePath); Objects.requireNonNull(packageName); Objects.requireNonNull(packageName); Loading
