Merge "Add conscrypt updatable certificates." am: 0b62dccbbc am: cd3609306d am: 077372e2e4
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2323439
Change-Id: I44f90d852f56f39538f826dea4fe72d52bf24164
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/core/java/android/security/net/config/SystemCertificateSource.java b/core/java/android/security/net/config/SystemCertificateSource.java
index cfb195b..4892312 100644
--- a/core/java/android/security/net/config/SystemCertificateSource.java
+++ b/core/java/android/security/net/config/SystemCertificateSource.java
@@ -18,6 +18,7 @@
import android.os.Environment;
import android.os.UserHandle;
+
import java.io.File;
/**
@@ -32,11 +33,20 @@
private final File mUserRemovedCaDir;
private SystemCertificateSource() {
- super(new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts"));
+ super(getDirectory());
File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId());
mUserRemovedCaDir = new File(configDir, "cacerts-removed");
}
+ private static File getDirectory() {
+ // TODO(miguelaranda): figure out correct code path.
+ File updatable_dir = new File("/apex/com.android.conscrypt/cacerts");
+ if (updatable_dir.exists()) {
+ return updatable_dir;
+ }
+ return new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
+ }
+
public static SystemCertificateSource getInstance() {
return NoPreloadHolder.INSTANCE;
}