Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dee32328 authored by Alex Buynytskyy's avatar Alex Buynytskyy Committed by Android (Google) Code Review
Browse files

Merge "Add a new API for file Integrity."

parents 97917431 4299a58c

services/api/current.txt

+8 −0
Original line number Diff line number Diff line
@@ -225,6 +225,14 @@ package com.android.server.role { 


}



package com.android.server.security {



  public final class FileIntegrityLocal {

    method public static void setUpFsVerity(@NonNull String) throws java.io.IOException;

  }



}



package com.android.server.stats {



  public final class StatsHelper {

services/core/java/com/android/server/pm/Settings.java

+3 −3
Original line number Diff line number Diff line
@@ -89,7 +89,6 @@ import android.util.proto.ProtoOutputStream; 
import com.android.internal.annotations.GuardedBy;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.os.BackgroundThread;

import com.android.internal.security.VerityUtils;

import com.android.internal.util.ArrayUtils;

import com.android.internal.util.CollectionUtils;

import com.android.internal.util.IndentingPrintWriter;
@@ -121,6 +120,7 @@ import com.android.server.pm.resolution.ComponentResolver; 
import com.android.server.pm.verify.domain.DomainVerificationLegacySettings;

import com.android.server.pm.verify.domain.DomainVerificationManagerInternal;

import com.android.server.pm.verify.domain.DomainVerificationPersistence;

import com.android.server.security.FileIntegrityLocal;

import com.android.server.utils.Slogf;

import com.android.server.utils.Snappable;

import com.android.server.utils.SnapshotCache;
@@ -2714,8 +2714,8 @@ public final class Settings implements Watchable, Snappable { 
            }



            try {

                VerityUtils.setUpFsverity(mSettingsFilename.getAbsolutePath());

                VerityUtils.setUpFsverity(mSettingsReserveCopyFilename.getAbsolutePath());

                FileIntegrityLocal.setUpFsVerity(mSettingsFilename.getAbsolutePath());

                FileIntegrityLocal.setUpFsVerity(mSettingsReserveCopyFilename.getAbsolutePath());

            } catch (IOException e) {

                Slog.e(TAG, "Failed to verity-protect settings", e);

            }

services/core/java/com/android/server/security/FileIntegrityLocal.java

0 → 100644
+44 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package com.android.server.security;



import android.annotation.NonNull;

import android.annotation.SystemApi;



import com.android.internal.security.VerityUtils;



import java.io.IOException;



/**

 * In-process API for server side FileIntegrity related infrastructure.

 *

 * @hide

 */

@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

public final class FileIntegrityLocal {

    private FileIntegrityLocal() {}



    /**

     * Enables fs-verity, if supported by the filesystem.

     * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html">

     * @hide

     */

    @SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

    public static void setUpFsVerity(@NonNull String filePath) throws IOException {

        VerityUtils.setUpFsverity(filePath);

    }

}