Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aa1baf03 authored by Alex Buynytskyy's avatar Alex Buynytskyy
Browse files

Revert "Add a new API for file Integrity." 

This reverts commit 128092ac.

Reason for revert: API Council feedback

Change-Id: I74686cec7db5d8407f7158260fca12157ab47f42
parent e5b2c6f4

services/api/current.txt

+0 −13
Original line number Diff line number Diff line
@@ -225,19 +225,6 @@ package com.android.server.role { 


}



package com.android.server.security {



  public class FileIntegrityService extends com.android.server.SystemService {

    method public void onStart();

    method public static void setUpFsVerity(@NonNull String) throws java.io.IOException;

  }



  public class KeyChainSystemService extends com.android.server.SystemService {

    method public void onStart();

  }



}



package com.android.server.stats {



  public final class StatsHelper {

services/core/java/com/android/server/security/FileIntegrityService.java

+1 −19
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package com.android.server.security; 


import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.SystemApi;

import android.app.AppOpsManager;

import android.content.Context;

import android.content.pm.PackageManager;
@@ -60,7 +59,6 @@ import java.util.ArrayList; 
 * A {@link SystemService} that provides file integrity related operations.

 * @hide

 */

@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

public class FileIntegrityService extends SystemService {

    private static final String TAG = "FileIntegrityService";
@@ -73,10 +71,7 @@ public class FileIntegrityService extends SystemService { 
    private final ArrayList<X509Certificate> mTrustedCertificates =

            new ArrayList<X509Certificate>();



    /**

     * Gets the instance of the service.

     * @hide

     */

    /** Gets the instance of the service */

    public static FileIntegrityService getService() {

        return LocalServices.getService(FileIntegrityService.class);

    }
@@ -144,7 +139,6 @@ public class FileIntegrityService extends SystemService { 
        }

    };



    /** @hide */

    public FileIntegrityService(final Context context) {

        super(context);

        try {
@@ -155,7 +149,6 @@ public class FileIntegrityService extends SystemService { 
        LocalServices.addService(FileIntegrityService.class, this);

    }



    /** @hide */

    @Override

    public void onStart() {

        loadAllCertificates();
@@ -165,7 +158,6 @@ public class FileIntegrityService extends SystemService { 
    /**

     * Returns whether the signature over the file's fs-verity digest can be verified by one of the

     * known certiticates.

     * @hide

     */

    public boolean verifyPkcs7DetachedSignature(String signaturePath, String filePath)

            throws IOException {
@@ -191,16 +183,6 @@ public class FileIntegrityService extends SystemService { 
        return false;

    }



    /**

     * Enables fs-verity, if supported by the filesystem.

     * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html">

     * @hide

     */

    @SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

    public static void setUpFsVerity(@NonNull String filePath) throws IOException {

        VerityUtils.setUpFsverity(filePath);

    }



    private void loadAllCertificates() {

        // A better alternative to load certificates would be to read from .fs-verity kernel

        // keyring, which fsverity_init loads to during earlier boot time from the same sources