Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b920b8c4 authored Sep 08, 2023 by Ross Kettleson Committed by Android (Google) Code Review Sep 08, 2023

Merge changes from topic "revert-24590927-deprecate_fsv_sig-SXXLHVCJKL" into main

* changes:
  Revert "Deprecate .fsv_sig"
  Revert "Deprecate API: isAppSourceCertificateTrusted"

parents 9bb0c1bd 4a9d05c0

core/api/current.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -38645,7 +38645,7 @@ package android.security {
		public final class FileIntegrityManager {
		method @FlaggedApi(Flags.FLAG_FSVERITY_API) @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException;
		method public boolean isApkVeritySupported();
		method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
		method @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
		method @FlaggedApi(Flags.FLAG_FSVERITY_API) public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException;
		}

core/java/android/security/FileIntegrityManager.java

+0 −2

Original line number	Diff line number	Diff line
		@@ -133,13 +133,11 @@ public final class FileIntegrityManager {
		* also use this API to download the best signature on the running device.
		*
		* @return whether the certificate is trusted in the system
		* @deprecated The feature is no longer supported, and this API now always returns false.
		*/
		@RequiresPermission(anyOf = {
		android.Manifest.permission.INSTALL_PACKAGES,
		android.Manifest.permission.REQUEST_INSTALL_PACKAGES
		})
		@Deprecated
		public boolean isAppSourceCertificateTrusted(@NonNull X509Certificate certificate)
		throws CertificateEncodingException {
		try {

services/core/Android.bp

+0 −1

Original line number	Diff line number	Diff line
		@@ -180,7 +180,6 @@ java_library_static {
		"android.hardware.rebootescrow-V1-java",
		"android.hardware.power.stats-V2-java",
		"android.hidl.manager-V1.2-java",
		"com.android.server.security.flags-aconfig-java",
		"cbor-java",
		"display_flags_lib",
		"icu4j_calendar_astronomer",

services/core/java/com/android/server/pm/PackageInstallerSession.java

+0 −3

Original line number	Diff line number	Diff line
		@@ -3641,9 +3641,6 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
		@GuardedBy("mLock")
		private void maybeStageFsveritySignatureLocked(File origFile, File targetFile,
		boolean fsVerityRequired) throws PackageManagerException {
		if (com.android.server.security.Flags.deprecateFsvSig()) {
		return;
		}
		final File originalSignature = new File(
		VerityUtils.getFsveritySignatureFilePath(origFile.getPath()));
		if (originalSignature.exists()) {

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+0 −3

Original line number	Diff line number	Diff line
		@@ -543,9 +543,6 @@ public class PackageManagerServiceUtils {

		/** Returns true if standard APK Verity is enabled. */
		static boolean isApkVerityEnabled() {
		if (com.android.server.security.Flags.deprecateFsvSig()) {
		return false;
		}
		return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R
		\|\| SystemProperties.getInt("ro.apk_verity.mode", FSVERITY_DISABLED)
		== FSVERITY_ENABLED;