Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b10fad4 authored by Automerger Merge Worker's avatar Automerger Merge Worker
Browse files

Merge "Stop loading fs-verity certificate from keystore" into rvc-dev am: 3a9bb2ba am: 325c043a

Change-Id: Ie1d6e9faf962d17b673724d5ef0790dd2d86ac73
parents 94c0b9b7 325c043a
Loading
Loading
Loading
Loading
+0 −19
Original line number Diff line number Diff line
@@ -22,11 +22,8 @@ import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
import android.os.IBinder;
import android.os.Process;
import android.os.SystemProperties;
import android.security.Credentials;
import android.security.IFileIntegrityService;
import android.security.KeyStore;
import android.util.Slog;

import com.android.server.SystemService;
@@ -114,9 +111,6 @@ public class FileIntegrityService extends SystemService {

        // Load certificates trusted by the device manufacturer.
        loadCertificatesFromDirectory("/product/etc/security/fsverity");

        // Load certificates trusted by the device owner.
        loadCertificatesFromKeystore(KeyStore.getInstance());
    }

    private void loadCertificatesFromDirectory(String path) {
@@ -139,19 +133,6 @@ public class FileIntegrityService extends SystemService {
        }
    }

    private void loadCertificatesFromKeystore(KeyStore keystore) {
        for (final String alias : keystore.list(Credentials.APP_SOURCE_CERTIFICATE,
                    Process.FSVERITY_CERT_UID)) {
            byte[] certificateBytes = keystore.get(Credentials.APP_SOURCE_CERTIFICATE + alias,
                    Process.FSVERITY_CERT_UID, false /* suppressKeyNotFoundWarning */);
            if (certificateBytes == null) {
                Slog.w(TAG, "The retrieved fs-verity certificate is null, ignored " + alias);
                continue;
            }
            collectCertificate(certificateBytes);
        }
    }

    /**
     * Tries to convert {@code bytes} into an X.509 certificate and store in memory.
     * Errors need to be surpressed in order fo the next certificates to still be collected.