diff options
| author | 2023-01-26 16:42:40 -0800 | |
|---|---|---|
| committer | 2023-02-01 01:18:11 +0000 | |
| commit | 4299a58cc7a7a7053a0c21e67f966d376ab5512c (patch) | |
| tree | f7ed3b24282cb01cb24a53b57bcf19f74b663117 | |
| parent | 22420138eaf687a828703adcb7848833a2fe79ca (diff) | |
Add a new API for file Integrity.
Bug: 253568736
Bug: 196909329
Bug: 266719856
Test: presubmit
Change-Id: Iabade95e934a5c677578ad9e41b534e15c9bc422
| -rw-r--r-- | services/api/current.txt | 8 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/Settings.java | 6 | ||||
| -rw-r--r-- | services/core/java/com/android/server/security/FileIntegrityLocal.java | 44 |
3 files changed, 55 insertions, 3 deletions
diff --git a/services/api/current.txt b/services/api/current.txt index f7d6ee96f162..70ee3b8592b4 100644 --- a/services/api/current.txt +++ b/services/api/current.txt @@ -225,6 +225,14 @@ package com.android.server.role { } +package com.android.server.security { + + public final class FileIntegrityLocal { + method public static void setUpFsVerity(@NonNull String) throws java.io.IOException; + } + +} + package com.android.server.stats { public final class StatsHelper { diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java index 4f0a1159a492..9c91879343a1 100644 --- a/services/core/java/com/android/server/pm/Settings.java +++ b/services/core/java/com/android/server/pm/Settings.java @@ -89,7 +89,6 @@ import android.util.proto.ProtoOutputStream; import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.os.BackgroundThread; -import com.android.internal.security.VerityUtils; import com.android.internal.util.ArrayUtils; import com.android.internal.util.CollectionUtils; import com.android.internal.util.IndentingPrintWriter; @@ -121,6 +120,7 @@ import com.android.server.pm.resolution.ComponentResolver; import com.android.server.pm.verify.domain.DomainVerificationLegacySettings; import com.android.server.pm.verify.domain.DomainVerificationManagerInternal; import com.android.server.pm.verify.domain.DomainVerificationPersistence; +import com.android.server.security.FileIntegrityLocal; import com.android.server.utils.Slogf; import com.android.server.utils.Snappable; import com.android.server.utils.SnapshotCache; @@ -2714,8 +2714,8 @@ public final class Settings implements Watchable, Snappable { } try { - VerityUtils.setUpFsverity(mSettingsFilename.getAbsolutePath()); - VerityUtils.setUpFsverity(mSettingsReserveCopyFilename.getAbsolutePath()); + FileIntegrityLocal.setUpFsVerity(mSettingsFilename.getAbsolutePath()); + FileIntegrityLocal.setUpFsVerity(mSettingsReserveCopyFilename.getAbsolutePath()); } catch (IOException e) { Slog.e(TAG, "Failed to verity-protect settings", e); } diff --git a/services/core/java/com/android/server/security/FileIntegrityLocal.java b/services/core/java/com/android/server/security/FileIntegrityLocal.java new file mode 100644 index 000000000000..8c7219b0b03f --- /dev/null +++ b/services/core/java/com/android/server/security/FileIntegrityLocal.java @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.security; + +import android.annotation.NonNull; +import android.annotation.SystemApi; + +import com.android.internal.security.VerityUtils; + +import java.io.IOException; + +/** + * In-process API for server side FileIntegrity related infrastructure. + * + * @hide + */ +@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) +public final class FileIntegrityLocal { + private FileIntegrityLocal() {} + + /** + * Enables fs-verity, if supported by the filesystem. + * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html"> + * @hide + */ + @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) + public static void setUpFsVerity(@NonNull String filePath) throws IOException { + VerityUtils.setUpFsverity(filePath); + } +} |