Merge "Stop verifying fs-verity signature in kernel"
diff --git a/services/core/java/com/android/server/graphics/fonts/FontManagerService.java b/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
index ad27c45..4a5b7e8 100644
--- a/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
+++ b/services/core/java/com/android/server/graphics/fonts/FontManagerService.java
@@ -186,8 +186,8 @@
}
@Override
- public void setUpFsverity(String filePath, byte[] pkcs7Signature) throws IOException {
- VerityUtils.setUpFsverity(filePath, pkcs7Signature);
+ public void setUpFsverity(String filePath) throws IOException {
+ VerityUtils.setUpFsverity(filePath, /* signature */ (byte[]) null);
}
@Override
diff --git a/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java b/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java
index 457d5b7..6f93608 100644
--- a/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java
+++ b/services/core/java/com/android/server/graphics/fonts/UpdatableFontDir.java
@@ -78,7 +78,7 @@
interface FsverityUtil {
boolean isFromTrustedProvider(String path, byte[] pkcs7Signature);
- void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException;
+ void setUpFsverity(String path) throws IOException;
boolean rename(File src, File dest);
}
@@ -354,8 +354,7 @@
try {
// Do not parse font file before setting up fs-verity.
// setUpFsverity throws IOException if failed.
- mFsverityUtil.setUpFsverity(tempNewFontFile.getAbsolutePath(),
- pkcs7Signature);
+ mFsverityUtil.setUpFsverity(tempNewFontFile.getAbsolutePath());
} catch (IOException e) {
throw new SystemFontException(
FontManager.RESULT_ERROR_VERIFICATION_FAILURE,
diff --git a/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java b/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java
index 9672085..68e5ebf 100644
--- a/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java
+++ b/services/tests/servicestests/src/com/android/server/graphics/fonts/UpdatableFontDirTest.java
@@ -109,17 +109,16 @@
@Override
public boolean isFromTrustedProvider(String path, byte[] signature) {
- return mHasFsverityPaths.contains(path);
+ if (!mHasFsverityPaths.contains(path)) {
+ return false;
+ }
+ String fakeSignature = new String(signature, StandardCharsets.UTF_8);
+ return GOOD_SIGNATURE.equals(fakeSignature);
}
@Override
- public void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException {
- String fakeSignature = new String(pkcs7Signature, StandardCharsets.UTF_8);
- if (GOOD_SIGNATURE.equals(fakeSignature)) {
- mHasFsverityPaths.add(path);
- } else {
- throw new IOException("Failed to set up fake fs-verity");
- }
+ public void setUpFsverity(String path) throws IOException {
+ mHasFsverityPaths.add(path);
}
@Override
@@ -813,8 +812,8 @@
}
@Override
- public void setUpFsverity(String path, byte[] pkcs7Signature) throws IOException {
- mFakeFsverityUtil.setUpFsverity(path, pkcs7Signature);
+ public void setUpFsverity(String path) throws IOException {
+ mFakeFsverityUtil.setUpFsverity(path);
}
@Override