Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / c7ab564d8825f96103acec56684e5b0af1355073
commitc7ab564d8825f96103acec56684e5b0af1355073[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Fri Jul 28 15:07:55 2023 -0700
committerVictor Hsieh <victorhsieh@google.com>Mon Aug 14 13:50:31 2023 -0700
tree4d19c2858dce1d70c2a1e023a70b5f6a43501249
parentbd8b30c492664d2dcb9d7acdf7b5ea158ab14829 [diff]
installd: allow enabling fs-verity to a given file

The caller is allowed to request installd to enable fs-verity to a
given file. Normally this is initiated by the app through an API, via
system server.

We must not allow an app to enable fs-verity to a file they don't own.
In addition, the design also treat the less-privilged system server as
untrusted and limit what it can do through the API.

See code comments for more details.

Bug: 285185747
Test: Call the API from a local client
Test: atest installd_service_test
Change-Id: I0782a9b23f3817898df0703cfdd9d8670f8fcdfb
4 files changed
tree: 4d19c2858dce1d70c2a1e023a70b5f6a43501249
  1. aidl/
  2. build/
  3. cmds/
  4. data/
  5. docs/
  6. headers/
  7. include/
  8. include_sensor/
  9. libs/
  10. opengl/
  11. services/
  12. vulkan/
  13. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  14. .clang-format
  15. .gitignore
  16. Android.bp
  17. CleanSpec.mk
  18. METADATA
  19. MODULE_LICENSE_APACHE2
  20. NOTICE
  21. PREUPLOAD.cfg
  22. TEST_MAPPING