summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt8
1 files changed, 8 insertions, 0 deletions
diff --git a/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt b/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt
index 996daf5a5f68..95ee958f3ce4 100644
--- a/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt
+++ b/services/permission/java/com/android/server/permission/access/util/AtomicFileExtensions.kt
@@ -19,6 +19,7 @@ package com.android.server.permission.access.util
import android.os.FileUtils
import android.util.AtomicFile
import android.util.Slog
+import com.android.server.security.FileIntegrity;
import java.io.File
import java.io.FileInputStream
import java.io.FileNotFoundException
@@ -49,6 +50,7 @@ inline fun AtomicFile.readWithReserveCopy(block: (FileInputStream) -> Unit) {
inline fun AtomicFile.writeWithReserveCopy(block: (FileOutputStream) -> Unit) {
writeInlined(block)
val reserveFile = File(baseFile.parentFile, baseFile.name + ".reservecopy")
+ reserveFile.delete()
try {
FileInputStream(baseFile).use { inputStream ->
FileOutputStream(reserveFile).use { outputStream ->
@@ -59,6 +61,12 @@ inline fun AtomicFile.writeWithReserveCopy(block: (FileOutputStream) -> Unit) {
} catch (e: Exception) {
Slog.e("AccessPersistence", "Failed to write $reserveFile", e)
}
+ try {
+ FileIntegrity.setUpFsVerity(baseFile)
+ FileIntegrity.setUpFsVerity(reserveFile)
+ } catch (e: Exception) {
+ Slog.e("AccessPersistence", "Failed to verity-protect runtime-permissions", e)
+ }
}
/** Write to an [AtomicFile] and close everything safely when done. */
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-10 08:02:39 +0000