Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c898f214 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Consolidate isApkVeritySupported to VerityUtils 

As there are more customers to use isApkVeritySupported, it'd be better
for them to use something like VerityUtils instead of the service class.

Bug: 180414192
Test: m
Test: CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Test: FrameworksServicesTests:FontCrashDetectorTest

Change-Id: I2fcc997cdd95fd6ee669d28b42232b690fd6a66e
parent 36c20253

services/core/java/com/android/server/graphics/fonts/FontManagerService.java

+1 −2
Original line number Diff line number Diff line
@@ -41,7 +41,6 @@ import com.android.internal.util.DumpUtils; 
import com.android.internal.util.Preconditions;

import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.security.FileIntegrityService;

import com.android.server.security.VerityUtils;



import java.io.File;
@@ -226,7 +225,7 @@ public final class FontManagerService extends IFontManager.Stub { 
    @Nullable

    private static UpdatableFontDir createUpdatableFontDir() {

        // If apk verity is supported, fs-verity should be available.

        if (!FileIntegrityService.isApkVeritySupported()) return null;

        if (!VerityUtils.isFsVeritySupported()) return null;

        return new UpdatableFontDir(new File(FONT_FILES_DIR),

                Arrays.asList(new File(SystemFonts.SYSTEM_FONT_DIR),

                        new File(SystemFonts.OEM_FONT_DIR)),

services/core/java/com/android/server/security/FileIntegrityService.java

+2 −9
Original line number Diff line number Diff line
@@ -23,10 +23,8 @@ import android.content.Context; 
import android.content.pm.PackageManager;

import android.content.pm.PackageManagerInternal;

import android.os.Binder;

import android.os.Build;

import android.os.Environment;

import android.os.IBinder;

import android.os.SystemProperties;

import android.os.UserHandle;

import android.security.IFileIntegrityService;

import android.util.Slog;
@@ -60,7 +58,7 @@ public class FileIntegrityService extends SystemService { 
    private final IBinder mService = new IFileIntegrityService.Stub() {

        @Override

        public boolean isApkVeritySupported() {

            return FileIntegrityService.isApkVeritySupported();

            return VerityUtils.isFsVeritySupported();

        }



        @Override
@@ -69,7 +67,7 @@ public class FileIntegrityService extends SystemService { 
            checkCallerPermission(packageName);



            try {

                if (!isApkVeritySupported()) {

                if (!VerityUtils.isFsVeritySupported()) {

                    return false;

                }

                if (certificateBytes == null) {
@@ -110,11 +108,6 @@ public class FileIntegrityService extends SystemService { 
        }

    };



    public static boolean isApkVeritySupported() {

        return Build.VERSION.FIRST_SDK_INT >= Build.VERSION_CODES.R

                || SystemProperties.getInt("ro.apk_verity.mode", 0) == 2;

    }



    public FileIntegrityService(final Context context) {

        super(context);

        try {

services/core/java/com/android/server/security/VerityUtils.java

+7 −0
Original line number Diff line number Diff line
@@ -17,7 +17,9 @@ 
package com.android.server.security;



import android.annotation.NonNull;

import android.os.Build;

import android.os.SharedMemory;

import android.os.SystemProperties;

import android.system.ErrnoException;

import android.system.Os;

import android.system.OsConstants;
@@ -57,6 +59,11 @@ abstract public class VerityUtils { 


    private static final boolean DEBUG = false;



    public static boolean isFsVeritySupported() {

        return Build.VERSION.FIRST_SDK_INT >= Build.VERSION_CODES.R

                || SystemProperties.getInt("ro.apk_verity.mode", 0) == 2;

    }



    /** Returns true if the given file looks like containing an fs-verity signature. */

    public static boolean isFsveritySignatureFile(File file) {

        return file.getName().endsWith(FSVERITY_SIGNATURE_FILE_EXTENSION);