Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8923df74 authored by Hai Zhang's avatar Hai Zhang
Browse files

Add missing fs-verity setup for UPS. 

Similar to what was done for runtime permission, role and package XMLs.

Including deleting the reserve copy file right before copying, so that
we won't try to write to a file with fs-verity enabled.

Bug: 354230498
Flag: EXEMPT bugfix
Test: manual
Change-Id: I373bd2707dbf41053381ec104c8b95f5ac6db173
parent bc9a73e3

services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt

+8 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.server.permission.access.util 
import android.os.FileUtils

import android.util.AtomicFile

import android.util.Slog

import com.android.server.security.FileIntegrity;

import java.io.File

import java.io.FileInputStream

import java.io.FileNotFoundException
@@ -49,6 +50,7 @@ inline fun AtomicFile.readWithReserveCopy(block: (FileInputStream) -> Unit) { 
inline fun AtomicFile.writeWithReserveCopy(block: (FileOutputStream) -> Unit) {

    writeInlined(block)

    val reserveFile = File(baseFile.parentFile, baseFile.name + ".reservecopy")

    reserveFile.delete()

    try {

        FileInputStream(baseFile).use { inputStream ->

            FileOutputStream(reserveFile).use { outputStream ->
@@ -59,6 +61,12 @@ inline fun AtomicFile.writeWithReserveCopy(block: (FileOutputStream) -> Unit) { 
    } catch (e: Exception) {

        Slog.e("AccessPersistence", "Failed to write $reserveFile", e)

    }

    try {

        FileIntegrity.setUpFsVerity(baseFile)

        FileIntegrity.setUpFsVerity(reserveFile)

    } catch (e: Exception) {

        Slog.e("AccessPersistence", "Failed to verity-protect runtime-permissions", e)

    }

}



/** Write to an [AtomicFile] and close everything safely when done. */