summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/com/android/internal/security/VerityUtils.java11
-rw-r--r--services/core/java/com/android/server/pm/ApkChecksums.java2
2 files changed, 10 insertions, 3 deletions
diff --git a/core/java/com/android/internal/security/VerityUtils.java b/core/java/com/android/internal/security/VerityUtils.java
index 76f7b2180b34..cb5820f1ade9 100644
--- a/core/java/com/android/internal/security/VerityUtils.java
+++ b/core/java/com/android/internal/security/VerityUtils.java
@@ -90,8 +90,15 @@ public abstract class VerityUtils {
return (retval == 1);
}
- /** Returns hash of a root node for the fs-verity enabled file. */
- public static byte[] getFsverityRootHash(@NonNull String filePath) {
+ /**
+ * Returns fs-verity digest for the file if enabled, otherwise returns null. The digest is a
+ * hash of root hash of fs-verity's Merkle tree with extra metadata.
+ *
+ * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#file-digest-computation">
+ * File digest computation in Linux kernel documentation</a>
+ * @return Bytes of fs-verity digest
+ */
+ public static byte[] getFsverityDigest(@NonNull String filePath) {
byte[] result = new byte[HASH_SIZE_BYTES];
int retval = measureFsverityNative(filePath, result);
if (retval < 0) {
diff --git a/services/core/java/com/android/server/pm/ApkChecksums.java b/services/core/java/com/android/server/pm/ApkChecksums.java
index c2f2b0af997a..ffe0ca003817 100644
--- a/services/core/java/com/android/server/pm/ApkChecksums.java
+++ b/services/core/java/com/android/server/pm/ApkChecksums.java
@@ -650,7 +650,7 @@ public class ApkChecksums {
// Skip /product folder.
// TODO(b/231354111): remove this hack once we are allowed to change SELinux rules.
if (!containsFile(Environment.getProductDirectory(), filePath)) {
- byte[] verityHash = VerityUtils.getFsverityRootHash(filePath);
+ byte[] verityHash = VerityUtils.getFsverityDigest(filePath);
if (verityHash != null) {
return new ApkChecksum(split, TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, verityHash);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2026-01-07 18:54:14 +0000