Remove signature paramter in fs-verity setup (75e5ccaa) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/security/VerityUtils.java

+4 −29

Original line number	Diff line number	Diff line
		@@ -17,7 +17,6 @@
		package com.android.internal.security;

		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.os.Build;
		import android.os.SystemProperties;
		import android.system.Os;
		@@ -41,9 +40,6 @@ import java.io.InputStream;
		import java.nio.ByteBuffer;
		import java.nio.ByteOrder;
		import java.nio.charset.StandardCharsets;
		import java.nio.file.Files;
		import java.nio.file.Path;
		import java.nio.file.Paths;
		import java.security.cert.CertificateException;
		import java.security.cert.CertificateFactory;
		import java.security.cert.X509Certificate;
		@@ -58,9 +54,6 @@ public abstract class VerityUtils {
		*/
		public static final String FSVERITY_SIGNATURE_FILE_EXTENSION = ".fsv_sig";

		/** The maximum size of signature file. This is just to avoid potential abuse. */
		private static final int MAX_SIGNATURE_FILE_SIZE_BYTES = 8192;

		/** SHA256 hash size. */
		private static final int HASH_SIZE_BYTES = 32;

		@@ -79,26 +72,9 @@ public abstract class VerityUtils {
		return filePath + FSVERITY_SIGNATURE_FILE_EXTENSION;
		}

		/** Enables fs-verity for the file with an optional PKCS#7 detached signature file. */
		public static void setUpFsverity(@NonNull String filePath, @Nullable String signaturePath)
		throws IOException {
		byte[] rawSignature = null;
		if (signaturePath != null) {
		Path path = Paths.get(signaturePath);
		if (Files.size(path) > MAX_SIGNATURE_FILE_SIZE_BYTES) {
		throw new SecurityException("Signature file is unexpectedly large: "
		+ signaturePath);
		}
		rawSignature = Files.readAllBytes(path);
		}
		setUpFsverity(filePath, rawSignature);
		}

		/** Enables fs-verity for the file with an optional PKCS#7 detached signature bytes. */
		public static void setUpFsverity(@NonNull String filePath, @Nullable byte[] pkcs7Signature)
		throws IOException {
		// This will fail if the public key is not already in .fs-verity kernel keyring.
		int errno = enableFsverityNative(filePath, pkcs7Signature);
		/** Enables fs-verity for the file without signature. */
		public static void setUpFsverity(@NonNull String filePath) throws IOException {
		int errno = enableFsverityNative(filePath);
		if (errno != 0) {
		throw new IOException("Failed to enable fs-verity on " + filePath + ": "
		+ Os.strerror(errno));
		@@ -234,8 +210,7 @@ public abstract class VerityUtils {
		return buffer.array();
		}

		private static native int enableFsverityNative(@NonNull String filePath,
		@Nullable byte[] pkcs7Signature);
		private static native int enableFsverityNative(@NonNull String filePath);
		private static native int measureFsverityNative(@NonNull String filePath,
		@NonNull byte[] digest);
		private static native int statxForFsverityNative(@NonNull String filePath);

core/jni/com_android_internal_security_VerityUtils.cpp

+2 −15

Original line number	Diff line number	Diff line
		@@ -23,7 +23,6 @@
		#include <linux/fsverity.h>
		#include <linux/stat.h>
		#include <nativehelper/JNIHelp.h>
		#include <nativehelper/ScopedPrimitiveArray.h>
		#include <nativehelper/ScopedUtfChars.h>
		#include <string.h>
		#include <sys/ioctl.h>
		@@ -39,7 +38,7 @@ namespace android {

		namespace {

		int enableFsverity(JNIEnv env, jobject / clazz */, jstring filePath, jbyteArray signature) {
		int enableFsverity(JNIEnv env, jobject / clazz */, jstring filePath) {
		ScopedUtfChars path(env, filePath);
		if (path.c_str() == nullptr) {
		return EINVAL;
		@@ -56,18 +55,6 @@ int enableFsverity(JNIEnv env, jobject / clazz */, jstring filePath, jbyteArra
		arg.salt_size = 0;
		arg.salt_ptr = reinterpret_cast<uintptr_t>(nullptr);

		if (signature != nullptr) {
		ScopedByteArrayRO signature_bytes(env, signature);
		if (signature_bytes.get() == nullptr) {
		return EINVAL;
		}
		arg.sig_size = signature_bytes.size();
		arg.sig_ptr = reinterpret_cast<uintptr_t>(signature_bytes.get());
		} else {
		arg.sig_size = 0;
		arg.sig_ptr = reinterpret_cast<uintptr_t>(nullptr);
		}

		if (ioctl(rfd.get(), FS_IOC_ENABLE_VERITY, &arg) < 0) {
		return errno;
		}
		@@ -138,7 +125,7 @@ int measureFsverity(JNIEnv env, jobject / clazz */, jstring filePath, jbyteArr
		return 0;
		}
		const JNINativeMethod sMethods[] = {
		{"enableFsverityNative", "(Ljava/lang/String;[B)I", (void *)enableFsverity},
		{"enableFsverityNative", "(Ljava/lang/String;)I", (void *)enableFsverity},
		{"statxForFsverityNative", "(Ljava/lang/String;)I", (void *)statxForFsverity},
		{"measureFsverityNative", "(Ljava/lang/String;[B)I", (void *)measureFsverity},
		};

services/core/java/com/android/server/graphics/fonts/FontManagerService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -188,7 +188,7 @@ public final class FontManagerService extends IFontManager.Stub {

		@Override
		public void setUpFsverity(String filePath) throws IOException {
		VerityUtils.setUpFsverity(filePath, /* signature */ (byte[]) null);
		VerityUtils.setUpFsverity(filePath);
		}

		@Override

services/core/java/com/android/server/pm/InstallPackageHelper.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -1872,7 +1872,7 @@ final class InstallPackageHelper {
		if (new File(signaturePath).exists()) {
		// If signature is provided, enable fs-verity first so that the file can be
		// measured for signature check below.
		VerityUtils.setUpFsverity(filePath, (byte[]) null);
		VerityUtils.setUpFsverity(filePath);

		if (!fis.verifyPkcs7DetachedSignature(signaturePath, filePath)) {
		throw new PrepareFailure(PackageManager.INSTALL_FAILED_BAD_SIGNATURE,
		@@ -2385,7 +2385,7 @@ final class InstallPackageHelper {
		for (String path : apkPaths) {
		if (!VerityUtils.hasFsverity(path)) {
		try {
		VerityUtils.setUpFsverity(path, (byte[]) null);
		VerityUtils.setUpFsverity(path);
		} catch (IOException e) {
		// There's nothing we can do if the setup failed. Since fs-verity is
		// optional, just ignore the error for now.