Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 777a9c69 authored by Thiébaud Weksteen's avatar Thiébaud Weksteen
Browse files

Warn on updating the deprecated serial blocklist 

Move the start of the thread to onChange to reduce the indentation
level of writeDenylist.

Remove unnecessary comments.

Test: atest CtsSecurityTestCases:android.security.cts.CertBlocklistFileTest
Test: adb shell cmd settings put --user 0 secure serial_blacklist 1234;
      manually check logs
Bug: 340363351
Change-Id: I1d74c8c6899fe19701de2d2788f83327ff6bd2e0
parent 10c9ad7a

services/core/java/com/android/server/CertBlocklister.java

+30 −29
Original line number Diff line number Diff line
@@ -68,8 +68,12 @@ public class CertBlocklister extends Binder { 
        @Override

        public void onChange(boolean selfChange) {

            super.onChange(selfChange);

            new Thread("BlocklistUpdater") {

                public void run() {

                    writeDenylist();

                }

            }.start();

        }



        public String getValue() {

            return Settings.Secure.getStringForUser(
@@ -77,24 +81,24 @@ public class CertBlocklister extends Binder { 
        }



        private void writeDenylist() {

            new Thread("BlocklistUpdater") {

                public void run() {

            synchronized (mTmpDir) {

                String blocklist = getValue();

                        if (blocklist != null) {

                if (blocklist == null) {

                    return;

                }

                if (mPath.equals(SERIAL_PATH)) {

                    Slog.w(TAG, "The certificate blocklist based on serials is deprecated. "

                            + "Please use the pubkey blocklist instead.");

                }

                Slog.i(TAG, "Certificate blocklist changed, updating...");

                FileOutputStream out = null;

                try {

                                // create a temporary file

                    // Create a temporary file and rename it atomically.

                    File tmp = File.createTempFile("journal", "", mTmpDir);

                                // mark it -rw-r--r--

                                tmp.setReadable(true, false);

                                // write to it

                    tmp.setReadable(true /* readable */, false /* ownerOnly */);

                    out = new FileOutputStream(tmp);

                    out.write(blocklist.getBytes());

                                // sync to disk

                    FileUtils.sync(out);

                                // atomic rename

                    tmp.renameTo(new File(mPath));

                    Slog.i(TAG, "Certificate blocklist updated");

                } catch (IOException e) {
@@ -105,9 +109,6 @@ public class CertBlocklister extends Binder { 
            }

        }

    }

            }.start();

        }

    }



    public CertBlocklister(Context context) {

        registerObservers(context.getContentResolver());