Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 91ae4e39 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Add public API FileIntegrityManager.setupFsverity/getFsverityDigest 

setupFsverity:

installd requires the requester to provide a proof that they own the
file. This is done by calling createFsveritySetupAuthToken with a
writable FD in the app process, when the API is called.

After that, the app process calls enableFsverity with the auth token to
actually enabling it.

To satisfy further requirements/checks by installed, the service also
passes extra information over.

getFsverityDigest:

The code runs in the app process. It sends ioctl FS_IOC_MEASURE_VERITY
to the filesystem. It is a read-only operation and does not change the
file state.

Together with the new allow rule in sepolicy, it introduced a new attack
surface to the kernel. This is low risk because the ioctl argument is
simple enough, and the command has also been fuzzed for years.
Therefore, the simple ioctl is preferred over alternatives like proxying
through system server.

Bug: 285185747
Bug: 296467543
Test: calling it from a testing app
Change-Id: I74881faadb359cc71061c0b5603977463787c0ad
parent 2ce97f2c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment