Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d52181a0 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Replace the check of fs-verity-ness to signature file 

When a base APK has fs-verity enabled with signature, we require the
split APKs to be installed with the fs-verity signature. The existing
code only checks the fs-verity-ness (while the signature is installed to
the filesystem internal) of the base APK.

With the plan to enable fs-verity in integrity-only mode, the
fs-verity-ness check becomes ambiguous. Switch the check to the
signature file instead.

An alternative is to use ioctl(FS_IOC_READ_VERITY_METADATA) to retrieve
the signature if any, but the API was introduced around T and may not
work on older devices.

Bug: 249158715
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest
Change-Id: I1ac82e16883bd23080369f1711cd8c0155e1b41d
parent adb0627c

services/core/java/com/android/server/pm/PackageInstallerSession.java

+3 −2
Original line number Diff line number Diff line
@@ -2763,10 +2763,11 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
                    "Missing existing base package");

        }



        // Default to require only if existing base apk has fs-verity.

        // Default to require only if existing base apk has fs-verity signature.

        mVerityFoundForApks = PackageManagerServiceUtils.isApkVerityEnabled()

                && params.mode == SessionParams.MODE_INHERIT_EXISTING

                && VerityUtils.hasFsverity(pkgInfo.applicationInfo.getBaseCodePath());

                && (new File(VerityUtils.getFsveritySignatureFilePath(

                        pkgInfo.applicationInfo.getBaseCodePath()))).exists();



        final List<File> removedFiles = getRemovedFilesLocked();

        final List<String> removeSplitList = new ArrayList<>();