diff options
3 files changed, 11 insertions, 9 deletions
diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java index 982daa5df2d5..3cb771449e09 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerSession.java +++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java @@ -1374,7 +1374,8 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { "Missing existing base package"); } // Default to require only if existing base has fs-verity. - mVerityFound = params.mode == SessionParams.MODE_INHERIT_EXISTING + mVerityFound = PackageManagerServiceUtils.isApkVerityEnabled() + && params.mode == SessionParams.MODE_INHERIT_EXISTING && VerityUtils.hasFsverity(pkgInfo.applicationInfo.getBaseCodePath()); try { diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index fe89be6f73c4..522ab0bf93e2 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -8572,7 +8572,7 @@ public class PackageManagerService extends IPackageManager.Stub * match one in a trusted source, and should be done separately. */ private boolean canSkipForcedApkVerification(String apkPath) { - if (!PackageManagerServiceUtils.isLegacyApkVerityMode()) { + if (!PackageManagerServiceUtils.isLegacyApkVerityEnabled()) { return VerityUtils.hasFsverity(apkPath); } @@ -16866,10 +16866,11 @@ public class PackageManagerService extends IPackageManager.Stub */ private void setUpFsVerityIfPossible(PackageParser.Package pkg) throws InstallerException, PrepareFailure, IOException, DigestException, NoSuchAlgorithmException { - if (!PackageManagerServiceUtils.isApkVerityEnabled()) { + final boolean standardMode = PackageManagerServiceUtils.isApkVerityEnabled(); + final boolean legacyMode = PackageManagerServiceUtils.isLegacyApkVerityEnabled(); + if (!standardMode && !legacyMode) { return; } - final boolean legacyMode = PackageManagerServiceUtils.isLegacyApkVerityMode(); // Collect files we care for fs-verity setup. ArrayMap<String, String> fsverityCandidates = new ArrayMap<>(); diff --git a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java index 25169a24d932..6134d3098e3b 100644 --- a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java +++ b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java @@ -555,19 +555,19 @@ public class PackageManagerServiceUtils { /** Standard fs-verity. */ private static final int FSVERITY_ENABLED = 2; - /** Returns true if APK Verity is enabled. */ + /** Returns true if standard APK Verity is enabled. */ static boolean isApkVerityEnabled() { - int mode = SystemProperties.getInt("ro.apk_verity.mode", FSVERITY_DISABLED); - return mode == FSVERITY_LEGACY || mode == FSVERITY_ENABLED; + return SystemProperties.getInt("ro.apk_verity.mode", FSVERITY_DISABLED) == FSVERITY_ENABLED; } - static boolean isLegacyApkVerityMode() { + static boolean isLegacyApkVerityEnabled() { return SystemProperties.getInt("ro.apk_verity.mode", FSVERITY_DISABLED) == FSVERITY_LEGACY; } /** Returns true to force apk verification if the updated package (in /data) is a priv app. */ static boolean isApkVerificationForced(@Nullable PackageSetting disabledPs) { - return disabledPs != null && disabledPs.isPrivileged() && isApkVerityEnabled(); + return disabledPs != null && disabledPs.isPrivileged() && ( + isApkVerityEnabled() || isLegacyApkVerityEnabled()); } /** |