Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f763bd3d authored Aug 28, 2023 by Victor Hsieh

Reland: Deprecate API: isAppSourceCertificateTrusted

Diff from previous patch: changed the flag's package namespace

In the original plan, "app source" such as a store may generate signature
over an app file and install with it. A trusted app source is configurable
by each OEM currently. A next step (that did not happen) is to allow
users to add their trusted app source.

The API is supposed to be used by a store/installer to decide whether
they should download .fsv_sig or not.

As this approach is not scalable, and in fact has not been used at all
per our analysis, we're deprecating the feature, including this API.

When the deprecation feature flag is on, the API simply returns false
(i.e. telling the client no store is trusted and don't bother to
download .fsv_sig; although no one is using it).

A next step is to mark this API @removed in the next release.

Bug: 277916185
Bug: 277348711
Test: flipping the flag android.security.deprecate_fsv_sig
      atest android.security.cts.FileIntegrityManagerTest
Change-Id: I2ec2a0fbcaf902374e2c01d916fed9a8c0bc5a76

parent aa5e509d

core/api/current.txt

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -38658,7 +38658,7 @@ package android.security {
	public final class FileIntegrityManager {		public final class FileIntegrityManager {
	method @FlaggedApi(Flags.FLAG_FSVERITY_API) @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException;		method @FlaggedApi(Flags.FLAG_FSVERITY_API) @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException;
	method public boolean isApkVeritySupported();		method public boolean isApkVeritySupported();
	method @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;		method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
	method @FlaggedApi(Flags.FLAG_FSVERITY_API) public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException;		method @FlaggedApi(Flags.FLAG_FSVERITY_API) public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException;
	}		}

core/java/android/security/FileIntegrityManager.java

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -133,11 +133,13 @@ public final class FileIntegrityManager {
	* also use this API to download the best signature on the running device.		* also use this API to download the best signature on the running device.
	*		*
	* @return whether the certificate is trusted in the system		* @return whether the certificate is trusted in the system
			* @deprecated The feature is no longer supported, and this API now always returns false.
	*/		*/
	@RequiresPermission(anyOf = {		@RequiresPermission(anyOf = {
	android.Manifest.permission.INSTALL_PACKAGES,		android.Manifest.permission.INSTALL_PACKAGES,
	android.Manifest.permission.REQUEST_INSTALL_PACKAGES		android.Manifest.permission.REQUEST_INSTALL_PACKAGES
	})		})
			@Deprecated
	public boolean isAppSourceCertificateTrusted(@NonNull X509Certificate certificate)		public boolean isAppSourceCertificateTrusted(@NonNull X509Certificate certificate)
	throws CertificateEncodingException {		throws CertificateEncodingException {
	try {		try {

services/core/Android.bp

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -180,6 +180,7 @@ java_library_static {
	"android.hardware.rebootescrow-V1-java",		"android.hardware.rebootescrow-V1-java",
	"android.hardware.power.stats-V2-java",		"android.hardware.power.stats-V2-java",
	"android.hidl.manager-V1.2-java",		"android.hidl.manager-V1.2-java",
			"android.security.flags-aconfig-java",
	"cbor-java",		"cbor-java",
	"display_flags_lib",		"display_flags_lib",
	"icu4j_calendar_astronomer",		"icu4j_calendar_astronomer",

services/core/java/com/android/server/security/FileIntegrityService.java

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -90,6 +90,13 @@ public class FileIntegrityService extends SystemService {
	@NonNull String packageName) {		@NonNull String packageName) {
	checkCallerPermission(packageName);		checkCallerPermission(packageName);

			if (android.security.Flags.deprecateFsvSig()) {
			// When deprecated, stop telling the caller that any app source certificate is
			// trusted on the current device. This behavior is also consistent with devices
			// without this feature support.
			return false;
			}

	try {		try {
	if (!VerityUtils.isFsVeritySupported()) {		if (!VerityUtils.isFsVeritySupported()) {
	return false;		return false;