diff options
| author | 2023-01-26 23:25:13 +0000 | |
|---|---|---|
| committer | 2023-01-29 00:50:31 +0000 | |
| commit | aa1baf03b37e54e67be982f490f299bdee871505 (patch) | |
| tree | 6873efddc2951c23e02298c917edc1c4394adacb | |
| parent | e5b2c6f41ec5ddf7353888d11ecc664f86160cb9 (diff) | |
Revert "Add a new API for file Integrity."
This reverts commit 128092ac21580641d3aff264a85cf640526db8e5.
Reason for revert: API Council feedback
Change-Id: I74686cec7db5d8407f7158260fca12157ab47f42
| -rw-r--r-- | services/api/current.txt | 13 | ||||
| -rw-r--r-- | services/core/java/com/android/server/security/FileIntegrityService.java | 20 |
2 files changed, 1 insertions, 32 deletions
diff --git a/services/api/current.txt b/services/api/current.txt index a92ccd42718e..f7d6ee96f162 100644 --- a/services/api/current.txt +++ b/services/api/current.txt @@ -225,19 +225,6 @@ package com.android.server.role { } -package com.android.server.security { - - public class FileIntegrityService extends com.android.server.SystemService { - method public void onStart(); - method public static void setUpFsVerity(@NonNull String) throws java.io.IOException; - } - - public class KeyChainSystemService extends com.android.server.SystemService { - method public void onStart(); - } - -} - package com.android.server.stats { public final class StatsHelper { diff --git a/services/core/java/com/android/server/security/FileIntegrityService.java b/services/core/java/com/android/server/security/FileIntegrityService.java index 6c0e1a43f938..5ae697315ed1 100644 --- a/services/core/java/com/android/server/security/FileIntegrityService.java +++ b/services/core/java/com/android/server/security/FileIntegrityService.java @@ -18,7 +18,6 @@ package com.android.server.security; import android.annotation.NonNull; import android.annotation.Nullable; -import android.annotation.SystemApi; import android.app.AppOpsManager; import android.content.Context; import android.content.pm.PackageManager; @@ -60,7 +59,6 @@ import java.util.ArrayList; * A {@link SystemService} that provides file integrity related operations. * @hide */ -@SystemApi(client = SystemApi.Client.SYSTEM_SERVER) public class FileIntegrityService extends SystemService { private static final String TAG = "FileIntegrityService"; @@ -73,10 +71,7 @@ public class FileIntegrityService extends SystemService { private final ArrayList<X509Certificate> mTrustedCertificates = new ArrayList<X509Certificate>(); - /** - * Gets the instance of the service. - * @hide - */ + /** Gets the instance of the service */ public static FileIntegrityService getService() { return LocalServices.getService(FileIntegrityService.class); } @@ -144,7 +139,6 @@ public class FileIntegrityService extends SystemService { } }; - /** @hide */ public FileIntegrityService(final Context context) { super(context); try { @@ -155,7 +149,6 @@ public class FileIntegrityService extends SystemService { LocalServices.addService(FileIntegrityService.class, this); } - /** @hide */ @Override public void onStart() { loadAllCertificates(); @@ -165,7 +158,6 @@ public class FileIntegrityService extends SystemService { /** * Returns whether the signature over the file's fs-verity digest can be verified by one of the * known certiticates. - * @hide */ public boolean verifyPkcs7DetachedSignature(String signaturePath, String filePath) throws IOException { @@ -191,16 +183,6 @@ public class FileIntegrityService extends SystemService { return false; } - /** - * Enables fs-verity, if supported by the filesystem. - * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html"> - * @hide - */ - @SystemApi(client = SystemApi.Client.SYSTEM_SERVER) - public static void setUpFsVerity(@NonNull String filePath) throws IOException { - VerityUtils.setUpFsverity(filePath); - } - private void loadAllCertificates() { // A better alternative to load certificates would be to read from .fs-verity kernel // keyring, which fsverity_init loads to during earlier boot time from the same sources |