Merge "Add conscrypt updatable certificates." am: 0b62dccbbc am: cd3609306d am: 077372e2e4

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2323439

Change-Id: I44f90d852f56f39538f826dea4fe72d52bf24164
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

1 files changed, 11 insertions, 1 deletions

diff --git a/core/java/android/security/net/config/SystemCertificateSource.java b/core/java/android/security/net/config/SystemCertificateSource.java
index cfb195b9509c..48923126117a 100644
--- a/core/java/android/security/net/config/SystemCertificateSource.java
+++ b/core/java/android/security/net/config/SystemCertificateSource.java
@@ -18,6 +18,7 @@ package android.security.net.config;
 
 import android.os.Environment;
 import android.os.UserHandle;
+
 import java.io.File;
 
 /**
@@ -32,11 +33,20 @@ public final class SystemCertificateSource extends DirectoryCertificateSource {
     private final File mUserRemovedCaDir;
 
     private SystemCertificateSource() {
-        super(new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts"));
+        super(getDirectory());
         File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId());
         mUserRemovedCaDir = new File(configDir, "cacerts-removed");
     }
 
+    private static File getDirectory() {
+        // TODO(miguelaranda): figure out correct code path.
+        File updatable_dir = new File("/apex/com.android.conscrypt/cacerts");
+        if (updatable_dir.exists()) {
+            return updatable_dir;
+        }
+        return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
+    }
+
     public static SystemCertificateSource getInstance() {
         return NoPreloadHolder.INSTANCE;
     }