Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce6637a2 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Stop calling into system server from isApkVeritySupport 

Remove the use of ro.apk_verity.mode, which was for pioneering fs-verity
years ago.

Then everything can be done in the manager class.

Ignore-AOSP-First: The ongoing clean-up only happens in internal branch
Flag: EXEMPT removing deprecate_fsv_sig
Test: atest android.security.cts.FileIntegrityManagerTest FsverityTest
Bug: 277916185
Change-Id: Ib3e65fd851e0f9d5ebd10ab0d8e164402435d974
parent d81fcfba

core/java/android/security/FileIntegrityManager.java

+1 −7
Original line number Diff line number Diff line
@@ -65,13 +65,7 @@ public final class FileIntegrityManager { 
     * other fs-verity APIs.

     */

    public boolean isApkVeritySupported() {

        try {

            // Go through the service just to avoid exposing the vendor controlled system property

            // to all apps.

            return mService.isApkVeritySupported();

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

        return VerityUtils.isFsVeritySupported();

    }



    /**

core/java/android/security/IFileIntegrityService.aidl

+0 −2
Original line number Diff line number Diff line
@@ -24,8 +24,6 @@ import android.os.IInstalld; 
 * @hide

 */

interface IFileIntegrityService {

    boolean isApkVeritySupported();



    IInstalld.IFsveritySetupAuthToken createAuthToken(in ParcelFileDescriptor authFd);



    @EnforcePermission("SETUP_FSVERITY")

core/java/com/android/internal/security/VerityUtils.java

+1 −2
Original line number Diff line number Diff line
@@ -56,8 +56,7 @@ public abstract class VerityUtils { 
    private static final int HASH_SIZE_BYTES = 32;



    public static boolean isFsVeritySupported() {

        return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R

                || SystemProperties.getInt("ro.apk_verity.mode", 0) == 2;

        return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R;

    }



    /** Enables fs-verity for the file without signature. */

services/core/java/com/android/server/security/FileIntegrityService.java

+0 −5
Original line number Diff line number Diff line
@@ -54,11 +54,6 @@ public class FileIntegrityService extends SystemService { 
            super(PermissionEnforcer.fromContext(context));

        }



        @Override

        public boolean isApkVeritySupported() {

            return VerityUtils.isFsVeritySupported();

        }



        private void checkCallerPackageName(String packageName) {

            final int callingUid = Binder.getCallingUid();

            final int callingUserId = UserHandle.getUserId(callingUid);