Stop calling into system server from isApkVeritySupport

Remove the use of ro.apk_verity.mode, which was for pioneering fs-verity
years ago.

Then everything can be done in the manager class.

Ignore-AOSP-First: The ongoing clean-up only happens in internal branch
Flag: EXEMPT removing deprecate_fsv_sig
Test: atest android.security.cts.FileIntegrityManagerTest FsverityTest
Bug: 277916185
Change-Id: Ib3e65fd851e0f9d5ebd10ab0d8e164402435d974

4 files changed, 2 insertions, 16 deletions

diff --git a/core/java/android/security/FileIntegrityManager.java b/core/java/android/security/FileIntegrityManager.java
index 9e02ecd19aee..903f8170104e 100644
--- a/core/java/android/security/FileIntegrityManager.java
+++ b/core/java/android/security/FileIntegrityManager.java
@@ -65,13 +65,7 @@ public final class FileIntegrityManager {
      * other fs-verity APIs.
      */
     public boolean isApkVeritySupported() {
-        try {
-            // Go through the service just to avoid exposing the vendor controlled system property
-            // to all apps.
-            return mService.isApkVeritySupported();
-        } catch (RemoteException e) {
-            throw e.rethrowFromSystemServer();
-        }
+        return VerityUtils.isFsVeritySupported();
     }
 
     /**
diff --git a/core/java/android/security/IFileIntegrityService.aidl b/core/java/android/security/IFileIntegrityService.aidl
index c6def239d59a..5a1a6a0ea6d9 100644
--- a/core/java/android/security/IFileIntegrityService.aidl
+++ b/core/java/android/security/IFileIntegrityService.aidl
@@ -24,8 +24,6 @@ import android.os.IInstalld;
  * @hide
  */
 interface IFileIntegrityService {
-    boolean isApkVeritySupported();
-
     IInstalld.IFsveritySetupAuthToken createAuthToken(in ParcelFileDescriptor authFd);
 
     @EnforcePermission("SETUP_FSVERITY")
diff --git a/core/java/com/android/internal/security/VerityUtils.java b/core/java/com/android/internal/security/VerityUtils.java
index 37500766a4ac..ac186d0a26b5 100644
--- a/core/java/com/android/internal/security/VerityUtils.java
+++ b/core/java/com/android/internal/security/VerityUtils.java
@@ -56,8 +56,7 @@ public abstract class VerityUtils {
     private static final int HASH_SIZE_BYTES = 32;
 
     public static boolean isFsVeritySupported() {
-        return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R
-                || SystemProperties.getInt("ro.apk_verity.mode", 0) == 2;
+        return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R;
     }
 
     /** Enables fs-verity for the file without signature. */
diff --git a/services/core/java/com/android/server/security/FileIntegrityService.java b/services/core/java/com/android/server/security/FileIntegrityService.java
index bfd86d724583..9f9a9807d973 100644
--- a/services/core/java/com/android/server/security/FileIntegrityService.java
+++ b/services/core/java/com/android/server/security/FileIntegrityService.java
@@ -54,11 +54,6 @@ public class FileIntegrityService extends SystemService {
             super(PermissionEnforcer.fromContext(context));
         }
 
-        @Override
-        public boolean isApkVeritySupported() {
-            return VerityUtils.isFsVeritySupported();
-        }
-
         private void checkCallerPackageName(String packageName) {
             final int callingUid = Binder.getCallingUid();
             final int callingUserId = UserHandle.getUserId(callingUid);