Stop verifying fs-verity signature in kernel

This has become redundant since we're now checking the signature in userspace. Bug: 258538225 Test: atest GtsFontHostTestCases Test: atest UpdatableFontDirTest Test: atest UpdatableSystemFontTest Test: atest FontManagerTest Change-Id: I18dc93e1b54b3ff97474113cd5689e7cc058e000 Merged-In: I18dc93e1b54b3ff97474113cd5689e7cc058e000
author: Victor Hsieh <victorhsieh@google.com> 2022-11-10 16:17:59 -0800
committer: Victor Hsieh <victorhsieh@google.com> 2022-12-13 15:41:35 -0800
commit: 2ada499332855577889eac0641f4a4c5592ceedb (patch)
tree: 066a05665dba9f3b031f4cfa25edf752d88b42cb
parent: d163351b15f82dfbcad7c0d6a5e08cee30b94b96 (diff)
3 files changed, 13 insertions, 15 deletions
diff --git a/services/core/java/com/android/server/graphics/fonts/FontManagerService.java b/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
index ad27c45df6d4..4a5b7e85a508 100644
--- a/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
+++ b/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
@@ -186,8 +186,8 @@ public final class FontManagerService extends IFontManager.Stub {
         }
 
         @Override
-        public void setUpFsverity(String filePath, byte[] pkcs7Signature) throws IOException {
-            VerityUtils.setUpFsverity(filePath, pkcs7Signature);
+        public void setUpFsverity(String filePath) throws IOException {
+            VerityUtils.setUpFsverity(filePath, /* signature */ (byte[]) null);
         }
 
         @Override
diff --git a/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java b/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java
index 457d5b7afe84..6f9360844542 100644
--- a/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java
+++ b/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java
@@ -78,7 +78,7 @@ final class UpdatableFontDir {
     interface FsverityUtil {
         boolean isFromTrustedProvider(String path, byte[] pkcs7Signature);
 
-        void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException;
+        void setUpFsverity(String path) throws IOException;
 
         boolean rename(File src, File dest);
     }
@@ -354,8 +354,7 @@ final class UpdatableFontDir {
             try {
                 // Do not parse font file before setting up fs-verity.
                 // setUpFsverity throws IOException if failed.
-                mFsverityUtil.setUpFsverity(tempNewFontFile.getAbsolutePath(),
-                        pkcs7Signature);
+                mFsverityUtil.setUpFsverity(tempNewFontFile.getAbsolutePath());
             } catch (IOException e) {
                 throw new SystemFontException(
                         FontManager.RESULT_ERROR_VERIFICATION_FAILURE,
diff --git a/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java b/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java
index 9672085b8f3a..68e5ebf027ad 100644
--- a/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java
+++ b/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java
@@ -109,17 +109,16 @@ public final class UpdatableFontDirTest {
 
         @Override
         public boolean isFromTrustedProvider(String path, byte[] signature) {
-            return mHasFsverityPaths.contains(path);
+            if (!mHasFsverityPaths.contains(path)) {
+                return false;
+            }
+            String fakeSignature = new String(signature, StandardCharsets.UTF_8);
+            return GOOD_SIGNATURE.equals(fakeSignature);
         }
 
         @Override
-        public void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException {
-            String fakeSignature = new String(pkcs7Signature, StandardCharsets.UTF_8);
-            if (GOOD_SIGNATURE.equals(fakeSignature)) {
-                mHasFsverityPaths.add(path);
-            } else {
-                throw new IOException("Failed to set up fake fs-verity");
-            }
+        public void setUpFsverity(String path) throws IOException {
+            mHasFsverityPaths.add(path);
         }
 
         @Override
@@ -813,8 +812,8 @@ public final class UpdatableFontDirTest {
             }
 
             @Override
-            public void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException {
-                mFakeFsverityUtil.setUpFsverity(path, pkcs7Signature);
+            public void setUpFsverity(String path) throws IOException {
+                mFakeFsverityUtil.setUpFsverity(path);
             }
 
             @Override
author	Victor Hsieh <victorhsieh@google.com>	2022-11-10 16:17:59 -0800
committer	Victor Hsieh <victorhsieh@google.com>	2022-12-13 15:41:35 -0800
commit	2ada499332855577889eac0641f4a4c5592ceedb (patch)
tree	066a05665dba9f3b031f4cfa25edf752d88b42cb
parent	d163351b15f82dfbcad7c0d6a5e08cee30b94b96 (diff)