Stop loading fs-verity certificate from keystore (bd3d30b2) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/security/FileIntegrityService.java

+0 −19

Original line number	Diff line number	Diff line
		@@ -22,11 +22,8 @@ import android.content.Context;
		import android.content.pm.PackageManager;
		import android.os.Build;
		import android.os.IBinder;
		import android.os.Process;
		import android.os.SystemProperties;
		import android.security.Credentials;
		import android.security.IFileIntegrityService;
		import android.security.KeyStore;
		import android.util.Slog;

		import com.android.server.SystemService;
		@@ -114,9 +111,6 @@ public class FileIntegrityService extends SystemService {

		// Load certificates trusted by the device manufacturer.
		loadCertificatesFromDirectory("/product/etc/security/fsverity");

		// Load certificates trusted by the device owner.
		loadCertificatesFromKeystore(KeyStore.getInstance());
		}

		private void loadCertificatesFromDirectory(String path) {
		@@ -139,19 +133,6 @@ public class FileIntegrityService extends SystemService {
		}
		}

		private void loadCertificatesFromKeystore(KeyStore keystore) {
		for (final String alias : keystore.list(Credentials.APP_SOURCE_CERTIFICATE,
		Process.FSVERITY_CERT_UID)) {
		byte[] certificateBytes = keystore.get(Credentials.APP_SOURCE_CERTIFICATE + alias,
		Process.FSVERITY_CERT_UID, false /* suppressKeyNotFoundWarning */);
		if (certificateBytes == null) {
		Slog.w(TAG, "The retrieved fs-verity certificate is null, ignored " + alias);
		continue;
		}
		collectCertificate(certificateBytes);
		}
		}

		/**
		* Tries to convert {@code bytes} into an X.509 certificate and store in memory.
		* Errors need to be surpressed in order fo the next certificates to still be collected.