Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 91ae4e39a199b7a963b7b69eefd1c5ea358c9949
commit91ae4e39a199b7a963b7b69eefd1c5ea358c9949[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Mon Jul 31 13:15:26 2023 -0700
committerVictor Hsieh <victorhsieh@google.com>Tue Aug 29 17:26:55 2023 +0000
tree093b3ad6bf98d3af28db0031062a51ccbf4bbd96
parent2ce97f2cd656be2ff5f39a5e30ba5a8df666d95f [diff]
Add public API FileIntegrityManager.setupFsverity/getFsverityDigest

setupFsverity:

installd requires the requester to provide a proof that they own the
file. This is done by calling createFsveritySetupAuthToken with a
writable FD in the app process, when the API is called.

After that, the app process calls enableFsverity with the auth token to
actually enabling it.

To satisfy further requirements/checks by installed, the service also
passes extra information over.

getFsverityDigest:

The code runs in the app process. It sends ioctl FS_IOC_MEASURE_VERITY
to the filesystem. It is a read-only operation and does not change the
file state.

Together with the new allow rule in sepolicy, it introduced a new attack
surface to the kernel. This is low risk because the ioctl argument is
simple enough, and the command has also been fuzzed for years.
Therefore, the simple ioctl is preferred over alternatives like proxying
through system server.

Bug: 285185747
Bug: 296467543
Test: calling it from a testing app
Change-Id: I74881faadb359cc71061c0b5603977463787c0ad
7 files changed
tree: 093b3ad6bf98d3af28db0031062a51ccbf4bbd96
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc-extras/
  23. obex/
  24. omapi/
  25. opengl/
  26. packages/
  27. proto/
  28. rs/
  29. samples/
  30. sax/
  31. services/
  32. startop/
  33. telecomm/
  34. telephony/
  35. test-base/
  36. test-legacy/
  37. test-mock/
  38. test-runner/
  39. tests/
  40. tools/
  41. wifi/
  42. .clang-format
  43. .gitignore
  44. .mailmap
  45. AconfigFlags.bp
  46. ADPF_OWNERS
  47. Android.bp
  48. Android.mk
  49. BATTERY_STATS_OWNERS
  50. BROADCASTS_OWNERS
  51. CleanSpec.mk
  52. framework-jarjar-rules.txt
  53. GAME_MANAGER_OWNERS
  54. INPUT_OWNERS
  55. INTENT_OWNERS
  56. lint-baseline.xml
  57. METADATA
  58. MODULE_LICENSE_APACHE2
  59. MULTIUSER_OWNERS
  60. NOTICE
  61. OWNERS
  62. OWNERS.md
  63. PACKAGE_MANAGER_OWNERS
  64. pathmap.mk
  65. PERFORMANCE_OWNERS
  66. PREUPLOAD.cfg
  67. ProtoLibraries.bp
  68. SQLITE_OWNERS
  69. TEST_MAPPING
  70. TestProtoLibraries.bp
  71. TRACE_OWNERS
  72. WEAR_OWNERS
  73. ZYGOTE_OWNERS