Merge changes from topic "deprecate_fsv_sig2" into main
* changes:
Reland: Deprecate API: isAppSourceCertificateTrusted
Reland: Deprecate .fsv_sig
diff --git a/core/api/current.txt b/core/api/current.txt
index a6b77ea..f488c82 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -38658,7 +38658,7 @@
public final class FileIntegrityManager {
method @FlaggedApi(Flags.FLAG_FSVERITY_API) @Nullable public byte[] getFsVerityDigest(@NonNull java.io.File) throws java.io.IOException;
method public boolean isApkVeritySupported();
- method @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
+ method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES, android.Manifest.permission.REQUEST_INSTALL_PACKAGES}) public boolean isAppSourceCertificateTrusted(@NonNull java.security.cert.X509Certificate) throws java.security.cert.CertificateEncodingException;
method @FlaggedApi(Flags.FLAG_FSVERITY_API) public void setupFsVerity(@NonNull java.io.File) throws java.io.IOException;
}
diff --git a/core/java/android/security/FileIntegrityManager.java b/core/java/android/security/FileIntegrityManager.java
index 132700d..d6f3bf3 100644
--- a/core/java/android/security/FileIntegrityManager.java
+++ b/core/java/android/security/FileIntegrityManager.java
@@ -133,11 +133,13 @@
* also use this API to download the best signature on the running device.
*
* @return whether the certificate is trusted in the system
+ * @deprecated The feature is no longer supported, and this API now always returns false.
*/
@RequiresPermission(anyOf = {
android.Manifest.permission.INSTALL_PACKAGES,
android.Manifest.permission.REQUEST_INSTALL_PACKAGES
})
+ @Deprecated
public boolean isAppSourceCertificateTrusted(@NonNull X509Certificate certificate)
throws CertificateEncodingException {
try {
diff --git a/services/core/Android.bp b/services/core/Android.bp
index d9c2694..ee18743 100644
--- a/services/core/Android.bp
+++ b/services/core/Android.bp
@@ -180,6 +180,7 @@
"android.hardware.rebootescrow-V1-java",
"android.hardware.power.stats-V2-java",
"android.hidl.manager-V1.2-java",
+ "android.security.flags-aconfig-java",
"cbor-java",
"display_flags_lib",
"icu4j_calendar_astronomer",
diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java
index 9e0a83c..2e9da09 100644
--- a/services/core/java/com/android/server/pm/PackageInstallerSession.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java
@@ -3641,6 +3641,9 @@
@GuardedBy("mLock")
private void maybeStageFsveritySignatureLocked(File origFile, File targetFile,
boolean fsVerityRequired) throws PackageManagerException {
+ if (android.security.Flags.deprecateFsvSig()) {
+ return;
+ }
final File originalSignature = new File(
VerityUtils.getFsveritySignatureFilePath(origFile.getPath()));
if (originalSignature.exists()) {
diff --git a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
index 1679987..38f241d 100644
--- a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
+++ b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
@@ -547,6 +547,9 @@
/** Returns true if standard APK Verity is enabled. */
static boolean isApkVerityEnabled() {
+ if (android.security.Flags.deprecateFsvSig()) {
+ return false;
+ }
return Build.VERSION.DEVICE_INITIAL_SDK_INT >= Build.VERSION_CODES.R
|| SystemProperties.getInt("ro.apk_verity.mode", FSVERITY_DISABLED)
== FSVERITY_ENABLED;
diff --git a/services/core/java/com/android/server/security/FileIntegrityService.java b/services/core/java/com/android/server/security/FileIntegrityService.java
index 3aed6e3..a49df50 100644
--- a/services/core/java/com/android/server/security/FileIntegrityService.java
+++ b/services/core/java/com/android/server/security/FileIntegrityService.java
@@ -90,6 +90,13 @@
@NonNull String packageName) {
checkCallerPermission(packageName);
+ if (android.security.Flags.deprecateFsvSig()) {
+ // When deprecated, stop telling the caller that any app source certificate is
+ // trusted on the current device. This behavior is also consistent with devices
+ // without this feature support.
+ return false;
+ }
+
try {
if (!VerityUtils.isFsVeritySupported()) {
return false;