commit aa1baf03b37e54e67be982f490f299bdee871505
author Alex Buynytskyy <alexbuy@google.com> Thu Jan 26 23:25:13 2023 +0000
committer Alex Buynytskyy <alexbuy@google.com> Sun Jan 29 00:50:31 2023 +0000
tree 6873efddc2951c23e02298c917edc1c4394adacb
parent e5b2c6f41ec5ddf7353888d11ecc664f86160cb9

Revert "Add a new API for file Integrity."

This reverts commit 128092ac21580641d3aff264a85cf640526db8e5.

Reason for revert: API Council feedback

Change-Id: I74686cec7db5d8407f7158260fca12157ab47f42

services/api/current.txt

diff --git a/services/api/current.txt b/services/api/current.txt
index a92ccd4..f7d6ee9 100644
--- a/services/api/current.txt
+++ b/services/api/current.txt
@@ -225,19 +225,6 @@
 
 }
 
-package com.android.server.security {
-
-  public class FileIntegrityService extends com.android.server.SystemService {
-    method public void onStart();
-    method public static void setUpFsVerity(@NonNull String) throws java.io.IOException;
-  }
-
-  public class KeyChainSystemService extends com.android.server.SystemService {
-    method public void onStart();
-  }
-
-}
-
 package com.android.server.stats {
 
   public final class StatsHelper {

services/core/java/com/android/server/security/FileIntegrityService.java

diff --git a/services/core/java/com/android/server/security/FileIntegrityService.java b/services/core/java/com/android/server/security/FileIntegrityService.java
index 6c0e1a4..5ae6973 100644
--- a/services/core/java/com/android/server/security/FileIntegrityService.java
+++ b/services/core/java/com/android/server/security/FileIntegrityService.java
@@ -18,7 +18,6 @@
 
 import android.annotation.NonNull;
 import android.annotation.Nullable;
-import android.annotation.SystemApi;
 import android.app.AppOpsManager;
 import android.content.Context;
 import android.content.pm.PackageManager;
@@ -60,7 +59,6 @@
  * A {@link SystemService} that provides file integrity related operations.
  * @hide
  */
-@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)
 public class FileIntegrityService extends SystemService {
     private static final String TAG = "FileIntegrityService";
 
@@ -73,10 +71,7 @@
     private final ArrayList<X509Certificate> mTrustedCertificates =
             new ArrayList<X509Certificate>();
 
-    /**
-     * Gets the instance of the service.
-     * @hide
-     */
+    /** Gets the instance of the service */
     public static FileIntegrityService getService() {
         return LocalServices.getService(FileIntegrityService.class);
     }
@@ -144,7 +139,6 @@
         }
     };
 
-    /** @hide */
     public FileIntegrityService(final Context context) {
         super(context);
         try {
@@ -155,7 +149,6 @@
         LocalServices.addService(FileIntegrityService.class, this);
     }
 
-    /** @hide */
     @Override
     public void onStart() {
         loadAllCertificates();
@@ -165,7 +158,6 @@
     /**
      * Returns whether the signature over the file's fs-verity digest can be verified by one of the
      * known certiticates.
-     * @hide
      */
     public boolean verifyPkcs7DetachedSignature(String signaturePath, String filePath)
             throws IOException {
@@ -191,16 +183,6 @@
         return false;
     }
 
-    /**
-     * Enables fs-verity, if supported by the filesystem.
-     * @see <a href="https://www.kernel.org/doc/html/latest/filesystems/fsverity.html">
-     * @hide
-     */
-    @SystemApi(client = SystemApi.Client.SYSTEM_SERVER)
-    public static void setUpFsVerity(@NonNull String filePath) throws IOException {
-        VerityUtils.setUpFsverity(filePath);
-    }
-
     private void loadAllCertificates() {
         // A better alternative to load certificates would be to read from .fs-verity kernel
         // keyring, which fsverity_init loads to during earlier boot time from the same sources