Loading services/core/java/com/android/server/security/VerityUtils.java +6 −10 Original line number Original line Diff line number Diff line Loading @@ -81,22 +81,18 @@ abstract public class VerityUtils { /** Returns whether the file has fs-verity enabled. */ /** Returns whether the file has fs-verity enabled. */ public static boolean hasFsverity(@NonNull String filePath) { public static boolean hasFsverity(@NonNull String filePath) { // NB: only measure but not check the actual measurement here. As long as this succeeds, int retval = statxForFsverityNative(filePath); // the file is on readable if the measurement can be verified against a trusted key, and if (retval < 0) { // this is good enough for installed apps. Slog.e(TAG, "Failed to check whether fs-verity is enabled, errno " + -retval + ": " int errno = measureFsverityNative(filePath); + filePath); if (errno != 0) { if (errno != OsConstants.ENODATA) { Slog.e(TAG, "Failed to measure fs-verity, errno " + errno + ": " + filePath); } return false; return false; } } return true; return (retval == 1); } } private static native int enableFsverityNative(@NonNull String filePath, private static native int enableFsverityNative(@NonNull String filePath, @NonNull byte[] pkcs7Signature); @NonNull byte[] pkcs7Signature); private static native int measureFsverityNative(@NonNull String filePath); private static native int statxForFsverityNative(@NonNull String filePath); /** /** * Generates legacy Merkle tree and fs-verity metadata with Signing Block skipped. * Generates legacy Merkle tree and fs-verity metadata with Signing Block skipped. Loading services/core/jni/com_android_server_security_VerityUtils.cpp +17 −22 Original line number Original line Diff line number Diff line Loading @@ -25,17 +25,14 @@ #include <errno.h> #include <errno.h> #include <fcntl.h> #include <fcntl.h> #include <linux/fsverity.h> #include <linux/fsverity.h> #include <linux/stat.h> #include <string.h> #include <string.h> #include <sys/ioctl.h> #include <sys/ioctl.h> #include <sys/stat.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/types.h> #include <type_traits> #include <android-base/unique_fd.h> #include <android-base/unique_fd.h> const int kSha256Bytes = 32; namespace android { namespace android { namespace { namespace { Loading Loading @@ -69,30 +66,28 @@ int enableFsverity(JNIEnv* env, jobject /* clazz */, jstring filePath, jbyteArra return 0; return 0; } } int measureFsverity(JNIEnv* env, jobject /* clazz */, jstring filePath) { // Returns whether the file has fs-verity enabled. using Storage = std::aligned_storage_t<sizeof(fsverity_digest) + kSha256Bytes>; // 0 if it is not present, 1 if is present, and -errno if there was an error. int statxForFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath) { Storage bytes; fsverity_digest *data = reinterpret_cast<fsverity_digest *>(&bytes); data->digest_size = kSha256Bytes; // the only input/output parameter ScopedUtfChars path(env, filePath); ScopedUtfChars path(env, filePath); if (path.c_str() == nullptr) { return EINVAL; struct statx out = {}; } if (statx(AT_FDCWD, path.c_str(), 0 /* flags */, STATX_ALL, &out) != 0) { ::android::base::unique_fd rfd(open(path.c_str(), O_RDONLY | O_CLOEXEC)); return -errno; if (rfd.get() < 0) { return errno; } } if (ioctl(rfd.get(), FS_IOC_MEASURE_VERITY, data) < 0) { return errno; // Sanity check. if ((out.stx_attributes_mask & STATX_ATTR_VERITY) == 0) { ALOGE("Unexpected, STATX_ATTR_VERITY not supported by kernel"); return -ENOSYS; } } return 0; return (out.stx_attributes & STATX_ATTR_VERITY) != 0; } } const JNINativeMethod sMethods[] = { const JNINativeMethod sMethods[] = { {"enableFsverityNative", "(Ljava/lang/String;[B)I", (void *)enableFsverity}, {"enableFsverityNative", "(Ljava/lang/String;[B)I", (void *)enableFsverity}, { "measureFsverityNative", "(Ljava/lang/String;)I", (void *)measureFsverity }, {"statxForFsverityNative", "(Ljava/lang/String;)I", (void *)statxForFsverity}, }; }; } // namespace } // namespace Loading Loading
services/core/java/com/android/server/security/VerityUtils.java +6 −10 Original line number Original line Diff line number Diff line Loading @@ -81,22 +81,18 @@ abstract public class VerityUtils { /** Returns whether the file has fs-verity enabled. */ /** Returns whether the file has fs-verity enabled. */ public static boolean hasFsverity(@NonNull String filePath) { public static boolean hasFsverity(@NonNull String filePath) { // NB: only measure but not check the actual measurement here. As long as this succeeds, int retval = statxForFsverityNative(filePath); // the file is on readable if the measurement can be verified against a trusted key, and if (retval < 0) { // this is good enough for installed apps. Slog.e(TAG, "Failed to check whether fs-verity is enabled, errno " + -retval + ": " int errno = measureFsverityNative(filePath); + filePath); if (errno != 0) { if (errno != OsConstants.ENODATA) { Slog.e(TAG, "Failed to measure fs-verity, errno " + errno + ": " + filePath); } return false; return false; } } return true; return (retval == 1); } } private static native int enableFsverityNative(@NonNull String filePath, private static native int enableFsverityNative(@NonNull String filePath, @NonNull byte[] pkcs7Signature); @NonNull byte[] pkcs7Signature); private static native int measureFsverityNative(@NonNull String filePath); private static native int statxForFsverityNative(@NonNull String filePath); /** /** * Generates legacy Merkle tree and fs-verity metadata with Signing Block skipped. * Generates legacy Merkle tree and fs-verity metadata with Signing Block skipped. Loading
services/core/jni/com_android_server_security_VerityUtils.cpp +17 −22 Original line number Original line Diff line number Diff line Loading @@ -25,17 +25,14 @@ #include <errno.h> #include <errno.h> #include <fcntl.h> #include <fcntl.h> #include <linux/fsverity.h> #include <linux/fsverity.h> #include <linux/stat.h> #include <string.h> #include <string.h> #include <sys/ioctl.h> #include <sys/ioctl.h> #include <sys/stat.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/types.h> #include <type_traits> #include <android-base/unique_fd.h> #include <android-base/unique_fd.h> const int kSha256Bytes = 32; namespace android { namespace android { namespace { namespace { Loading Loading @@ -69,30 +66,28 @@ int enableFsverity(JNIEnv* env, jobject /* clazz */, jstring filePath, jbyteArra return 0; return 0; } } int measureFsverity(JNIEnv* env, jobject /* clazz */, jstring filePath) { // Returns whether the file has fs-verity enabled. using Storage = std::aligned_storage_t<sizeof(fsverity_digest) + kSha256Bytes>; // 0 if it is not present, 1 if is present, and -errno if there was an error. int statxForFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath) { Storage bytes; fsverity_digest *data = reinterpret_cast<fsverity_digest *>(&bytes); data->digest_size = kSha256Bytes; // the only input/output parameter ScopedUtfChars path(env, filePath); ScopedUtfChars path(env, filePath); if (path.c_str() == nullptr) { return EINVAL; struct statx out = {}; } if (statx(AT_FDCWD, path.c_str(), 0 /* flags */, STATX_ALL, &out) != 0) { ::android::base::unique_fd rfd(open(path.c_str(), O_RDONLY | O_CLOEXEC)); return -errno; if (rfd.get() < 0) { return errno; } } if (ioctl(rfd.get(), FS_IOC_MEASURE_VERITY, data) < 0) { return errno; // Sanity check. if ((out.stx_attributes_mask & STATX_ATTR_VERITY) == 0) { ALOGE("Unexpected, STATX_ATTR_VERITY not supported by kernel"); return -ENOSYS; } } return 0; return (out.stx_attributes & STATX_ATTR_VERITY) != 0; } } const JNINativeMethod sMethods[] = { const JNINativeMethod sMethods[] = { {"enableFsverityNative", "(Ljava/lang/String;[B)I", (void *)enableFsverity}, {"enableFsverityNative", "(Ljava/lang/String;[B)I", (void *)enableFsverity}, { "measureFsverityNative", "(Ljava/lang/String;)I", (void *)measureFsverity }, {"statxForFsverityNative", "(Ljava/lang/String;)I", (void *)statxForFsverity}, }; }; } // namespace } // namespace Loading
