commit 0b62dccbbc3f2081902a5426ac5c924c687bef88
author Miguel Aranda <miguelaranda@google.com> Wed Dec 21 23:20:38 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Dec 21 23:20:38 2022 +0000
tree b4656d5ef6524a0a7285953f8a55f19e8c4af53a
parent ac92461dbede269ac75abc7a11b9b1a13a9830e0
parent 8b192b19f264a8829eac2cfaf0b73f6fc188d933

Merge "Add conscrypt updatable certificates."

core/java/android/security/net/config/SystemCertificateSource.java

diff --git a/core/java/android/security/net/config/SystemCertificateSource.java b/core/java/android/security/net/config/SystemCertificateSource.java
index cfb195b..4892312 100644
--- a/core/java/android/security/net/config/SystemCertificateSource.java
+++ b/core/java/android/security/net/config/SystemCertificateSource.java
@@ -18,6 +18,7 @@
 
 import android.os.Environment;
 import android.os.UserHandle;
+
 import java.io.File;
 
 /**
@@ -32,11 +33,20 @@
     private final File mUserRemovedCaDir;
 
     private SystemCertificateSource() {
-        super(new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts"));
+        super(getDirectory());
         File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId());
         mUserRemovedCaDir = new File(configDir, "cacerts-removed");
     }
 
+    private static File getDirectory() {
+        // TODO(miguelaranda): figure out correct code path.
+        File updatable_dir = new File("/apex/com.android.conscrypt/cacerts");
+        if (updatable_dir.exists()) {
+            return updatable_dir;
+        }
+        return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
+    }
+
     public static SystemCertificateSource getInstance() {
         return NoPreloadHolder.INSTANCE;
     }