From 8b192b19f264a8829eac2cfaf0b73f6fc188d933 Mon Sep 17 00:00:00 2001 From: Miguel Date: Thu, 1 Dec 2022 14:51:17 +0000 Subject: Add conscrypt updatable certificates. This cl contains changes for SystemCertificateSource so that certificates are taken from conscrypt apex files by default and if that fails, we fallback to the usual system location. Test: atest TrustedCertificateStoreTest Change-Id: I1ec6d29a52c07531a6a0c85b2e2405f63470bd5f --- .../android/security/net/config/SystemCertificateSource.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/core/java/android/security/net/config/SystemCertificateSource.java b/core/java/android/security/net/config/SystemCertificateSource.java index cfb195b9509c..48923126117a 100644 --- a/core/java/android/security/net/config/SystemCertificateSource.java +++ b/core/java/android/security/net/config/SystemCertificateSource.java @@ -18,6 +18,7 @@ package android.security.net.config; import android.os.Environment; import android.os.UserHandle; + import java.io.File; /** @@ -32,11 +33,20 @@ public final class SystemCertificateSource extends DirectoryCertificateSource { private final File mUserRemovedCaDir; private SystemCertificateSource() { - super(new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts")); + super(getDirectory()); File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId()); mUserRemovedCaDir = new File(configDir, "cacerts-removed"); } + private static File getDirectory() { + // TODO(miguelaranda): figure out correct code path. + File updatable_dir = new File("/apex/com.android.conscrypt/cacerts"); + if (updatable_dir.exists()) { + return updatable_dir; + } + return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts"); + } + public static SystemCertificateSource getInstance() { return NoPreloadHolder.INSTANCE; } -- cgit v1.2.3-59-g8ed1b