Merge "Set verified stamps to be trusted" into rvc-dev
diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
index f773825..6da0de1 100644
--- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
+++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
@@ -52,7 +52,6 @@
import android.os.HandlerThread;
import android.os.UserHandle;
import android.provider.Settings;
-import android.security.FileIntegrityManager;
import android.util.Slog;
import android.util.apk.SourceStampVerificationResult;
import android.util.apk.SourceStampVerifier;
@@ -122,7 +121,6 @@
private final PackageManagerInternal mPackageManagerInternal;
private final RuleEvaluationEngine mEvaluationEngine;
private final IntegrityFileManager mIntegrityFileManager;
- private final FileIntegrityManager mFileIntegrityManager;
/** Create an instance of {@link AppIntegrityManagerServiceImpl}. */
public static AppIntegrityManagerServiceImpl create(Context context) {
@@ -134,7 +132,6 @@
LocalServices.getService(PackageManagerInternal.class),
RuleEvaluationEngine.getRuleEvaluationEngine(),
IntegrityFileManager.getInstance(),
- (FileIntegrityManager) context.getSystemService(Context.FILE_INTEGRITY_SERVICE),
handlerThread.getThreadHandler());
}
@@ -144,13 +141,11 @@
PackageManagerInternal packageManagerInternal,
RuleEvaluationEngine evaluationEngine,
IntegrityFileManager integrityFileManager,
- FileIntegrityManager fileIntegrityManager,
Handler handler) {
mContext = context;
mPackageManagerInternal = packageManagerInternal;
mEvaluationEngine = evaluationEngine;
mIntegrityFileManager = integrityFileManager;
- mFileIntegrityManager = fileIntegrityManager;
mHandler = handler;
IntentFilter integrityVerificationFilter = new IntentFilter();
@@ -476,6 +471,8 @@
SourceStampVerifier.verify(installationPath.getAbsolutePath());
appInstallMetadata.setIsStampPresent(sourceStampVerificationResult.isPresent());
appInstallMetadata.setIsStampVerified(sourceStampVerificationResult.isVerified());
+ // A verified stamp is set to be trusted.
+ appInstallMetadata.setIsStampTrusted(sourceStampVerificationResult.isVerified());
if (sourceStampVerificationResult.isVerified()) {
X509Certificate sourceStampCertificate =
(X509Certificate) sourceStampVerificationResult.getCertificate();
@@ -488,16 +485,6 @@
throw new IllegalArgumentException(
"Error computing source stamp certificate digest", e);
}
- // Checks if the source stamp certificate is trusted.
- try {
- appInstallMetadata.setIsStampTrusted(
- mFileIntegrityManager.isApkVeritySupported()
- && mFileIntegrityManager.isAppSourceCertificateTrusted(
- sourceStampCertificate));
- } catch (CertificateEncodingException e) {
- throw new IllegalArgumentException(
- "Error checking if source stamp certificate is trusted", e);
- }
}
}
diff --git a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java
index e2b63e2..3dd1504 100644
--- a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java
+++ b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java
@@ -62,7 +62,6 @@
import android.os.Handler;
import android.os.Message;
import android.provider.Settings;
-import android.security.FileIntegrityManager;
import androidx.test.InstrumentationRegistry;
@@ -136,7 +135,6 @@
@Mock RuleEvaluationEngine mRuleEvaluationEngine;
@Mock IntegrityFileManager mIntegrityFileManager;
@Mock Handler mHandler;
- FileIntegrityManager mFileIntegrityManager;
private final Context mRealContext = InstrumentationRegistry.getTargetContext();
@@ -165,16 +163,12 @@
Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING);
}
- mFileIntegrityManager =
- (FileIntegrityManager)
- mRealContext.getSystemService(Context.FILE_INTEGRITY_SERVICE);
mService =
new AppIntegrityManagerServiceImpl(
mMockContext,
mPackageManagerInternal,
mRuleEvaluationEngine,
mIntegrityFileManager,
- mFileIntegrityManager,
mHandler);
mSpyPackageManager = spy(mRealContext.getPackageManager());
@@ -379,7 +373,7 @@
AppInstallMetadata appInstallMetadata = metadataCaptor.getValue();
assertTrue(appInstallMetadata.isStampPresent());
assertTrue(appInstallMetadata.isStampVerified());
- assertFalse(appInstallMetadata.isStampTrusted());
+ assertTrue(appInstallMetadata.isStampTrusted());
assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash());
}