Loading services/api/current.txt +13 −0 Original line number Diff line number Diff line Loading @@ -213,6 +213,19 @@ package com.android.server.role { } package com.android.server.security { public class FileIntegrityService extends com.android.server.SystemService { method public void onStart(); method public static void setUpFsVerity(@NonNull String) throws java.io.IOException; } public class KeyChainSystemService extends com.android.server.SystemService { method public void onStart(); } } package com.android.server.stats { public final class StatsHelper { Loading services/core/java/com/android/server/security/FileIntegrityService.java +19 −1 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.security; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.SystemApi; import android.app.AppOpsManager; import android.content.Context; import android.content.pm.PackageManager; Loading Loading @@ -59,6 +60,7 @@ import java.util.ArrayList; * A {@link SystemService} that provides file integrity related operations. * @hide */ @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public class FileIntegrityService extends SystemService { private static final String TAG = "FileIntegrityService"; Loading @@ -71,7 +73,10 @@ public class FileIntegrityService extends SystemService { private final ArrayList<X509Certificate> mTrustedCertificates = new ArrayList<X509Certificate>(); /** Gets the instance of the service */ /** * Gets the instance of the service. * @hide */ public static FileIntegrityService getService() { return LocalServices.getService(FileIntegrityService.class); } Loading Loading @@ -139,6 +144,7 @@ public class FileIntegrityService extends SystemService { } }; /** @hide */ public FileIntegrityService(final Context context) { super(context); try { Loading @@ -149,6 +155,7 @@ public class FileIntegrityService extends SystemService { LocalServices.addService(FileIntegrityService.class, this); } /** @hide */ @Override public void onStart() { loadAllCertificates(); Loading @@ -158,6 +165,7 @@ public class FileIntegrityService extends SystemService { /** * Returns whether the signature over the file's fs-verity digest can be verified by one of the * known certiticates. * @hide */ public boolean verifyPkcs7DetachedSignature(String signaturePath, String filePath) throws IOException { Loading @@ -183,6 +191,16 @@ public class FileIntegrityService extends SystemService { return false; } /** * Enables fs-verity, if supported by the filesystem. * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html"> * @hide */ @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public static void setUpFsVerity(@NonNull String filePath) throws IOException { VerityUtils.setUpFsverity(filePath); } private void loadAllCertificates() { // A better alternative to load certificates would be to read from .fs-verity kernel // keyring, which fsverity_init loads to during earlier boot time from the same sources Loading Loading
services/api/current.txt +13 −0 Original line number Diff line number Diff line Loading @@ -213,6 +213,19 @@ package com.android.server.role { } package com.android.server.security { public class FileIntegrityService extends com.android.server.SystemService { method public void onStart(); method public static void setUpFsVerity(@NonNull String) throws java.io.IOException; } public class KeyChainSystemService extends com.android.server.SystemService { method public void onStart(); } } package com.android.server.stats { public final class StatsHelper { Loading
services/core/java/com/android/server/security/FileIntegrityService.java +19 −1 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.security; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.SystemApi; import android.app.AppOpsManager; import android.content.Context; import android.content.pm.PackageManager; Loading Loading @@ -59,6 +60,7 @@ import java.util.ArrayList; * A {@link SystemService} that provides file integrity related operations. * @hide */ @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public class FileIntegrityService extends SystemService { private static final String TAG = "FileIntegrityService"; Loading @@ -71,7 +73,10 @@ public class FileIntegrityService extends SystemService { private final ArrayList<X509Certificate> mTrustedCertificates = new ArrayList<X509Certificate>(); /** Gets the instance of the service */ /** * Gets the instance of the service. * @hide */ public static FileIntegrityService getService() { return LocalServices.getService(FileIntegrityService.class); } Loading Loading @@ -139,6 +144,7 @@ public class FileIntegrityService extends SystemService { } }; /** @hide */ public FileIntegrityService(final Context context) { super(context); try { Loading @@ -149,6 +155,7 @@ public class FileIntegrityService extends SystemService { LocalServices.addService(FileIntegrityService.class, this); } /** @hide */ @Override public void onStart() { loadAllCertificates(); Loading @@ -158,6 +165,7 @@ public class FileIntegrityService extends SystemService { /** * Returns whether the signature over the file's fs-verity digest can be verified by one of the * known certiticates. * @hide */ public boolean verifyPkcs7DetachedSignature(String signaturePath, String filePath) throws IOException { Loading @@ -183,6 +191,16 @@ public class FileIntegrityService extends SystemService { return false; } /** * Enables fs-verity, if supported by the filesystem. * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html"> * @hide */ @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public static void setUpFsVerity(@NonNull String filePath) throws IOException { VerityUtils.setUpFsverity(filePath); } private void loadAllCertificates() { // A better alternative to load certificates would be to read from .fs-verity kernel // keyring, which fsverity_init loads to during earlier boot time from the same sources Loading
