Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7025e7f authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Also load fs-verity cert from /system/etc/security/fsverity/" into... 

Merge "Also load fs-verity cert from /system/etc/security/fsverity/" into rvc-dev am: 05a0fc26 am: 79f0d091 am: 0449d66c

Change-Id: Idece199f16ef0bc7a11ee05fd6bfe43a0d212b95
parents f3fe2939 0449d66c

services/core/java/com/android/server/security/FileIntegrityService.java

+10 −3
Original line number Original line Diff line number Diff line
@@ -24,6 +24,7 @@ import android.content.pm.PackageManager; 
import android.content.pm.PackageManagerInternal;

import android.content.pm.PackageManagerInternal;

import android.os.Binder;

import android.os.Binder;

import android.os.Build;

import android.os.Build;

import android.os.Environment;

import android.os.IBinder;

import android.os.IBinder;

import android.os.SystemProperties;

import android.os.SystemProperties;

import android.os.UserHandle;

import android.os.UserHandle;
@@ -37,6 +38,7 @@ import java.io.ByteArrayInputStream; 
import java.io.File;

import java.io.File;

import java.io.IOException;

import java.io.IOException;

import java.nio.file.Files;

import java.nio.file.Files;

import java.nio.file.Path;

import java.security.cert.Certificate;

import java.security.cert.Certificate;

import java.security.cert.CertificateException;

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.security.cert.CertificateFactory;
@@ -131,12 +133,17 @@ public class FileIntegrityService extends SystemService { 
        // duplicate the same loading logic here.

        // duplicate the same loading logic here.





        // Load certificates trusted by the device manufacturer.

        // Load certificates trusted by the device manufacturer.

        loadCertificatesFromDirectory("/product/etc/security/fsverity");

        // NB: Directories need to be synced with system/security/fsverity_init/fsverity_init.cpp.

        final String relativeDir = "etc/security/fsverity";

        loadCertificatesFromDirectory(Environment.getRootDirectory().toPath()

                .resolve(relativeDir));

        loadCertificatesFromDirectory(Environment.getProductDirectory().toPath()

                .resolve(relativeDir));

    }

    }





    private void loadCertificatesFromDirectory(String path) {

    private void loadCertificatesFromDirectory(Path path) {

        try {

        try {

            File[] files = new File(path).listFiles();

            File[] files = path.toFile().listFiles();

            if (files == null) {

            if (files == null) {

                return;

                return;

            }

            }