Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit de30f533 authored Sep 14, 2023 by Victor Hsieh Committed by Android (Google) Code Review Sep 14, 2023

Merge changes from topic "deprecate_fsv_sig2" into main

* changes:
  Reland: Deprecate API: isAppSourceCertificateTrusted
  Reland: Deprecate .fsv_sig

parents a72567dc f763bd3d

core/api/current.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -38658,7 +38658,7 @@ package android.security {
		public final class FileIntegrityManager {
		method @FlaggedApi(Flags.FLAG_FSVERITY_API) @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException;
		method public boolean isApkVeritySupported();
		method @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
		method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
		method @FlaggedApi(Flags.FLAG_FSVERITY_API) public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException;
		}

core/java/android/security/FileIntegrityManager.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -133,11 +133,13 @@ public final class FileIntegrityManager {
		* also use this API to download the best signature on the running device.
		*
		* @return whether the certificate is trusted in the system
		* @deprecated The feature is no longer supported, and this API now always returns false.
		*/
		@RequiresPermission(anyOf = {
		android.Manifest.permission.INSTALL_PACKAGES,
		android.Manifest.permission.REQUEST_INSTALL_PACKAGES
		})
		@Deprecated
		public boolean isAppSourceCertificateTrusted(@NonNull X509Certificate certificate)
		throws CertificateEncodingException {
		try {

services/core/Android.bp

+1 −0

Original line number	Diff line number	Diff line
		@@ -180,6 +180,7 @@ java_library_static {
		"android.hardware.rebootescrow-V1-java",
		"android.hardware.power.stats-V2-java",
		"android.hidl.manager-V1.2-java",
		"android.security.flags-aconfig-java",
		"cbor-java",
		"display_flags_lib",
		"icu4j_calendar_astronomer",

services/core/java/com/android/server/pm/PackageInstallerSession.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -3641,6 +3641,9 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
		@GuardedBy("mLock")
		private void maybeStageFsveritySignatureLocked(File origFile, File targetFile,
		boolean fsVerityRequired) throws PackageManagerException {
		if (android.security.Flags.deprecateFsvSig()) {
		return;
		}
		final File originalSignature = new File(
		VerityUtils.getFsveritySignatureFilePath(origFile.getPath()));
		if (originalSignature.exists()) {

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -547,6 +547,9 @@ public class PackageManagerServiceUtils {

		/** Returns true if standard APK Verity is enabled. */
		static boolean isApkVerityEnabled() {
		if (android.security.Flags.deprecateFsvSig()) {
		return false;
		}
		return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R
		\|\| SystemProperties.getInt("ro.apk_verity.mode", FSVERITY_DISABLED)
		== FSVERITY_ENABLED;