AtaraxiaDev/divestos-build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
divestos-build/Patches/LineageOS-20.0/android_frameworks_base/0029-Strict_Package_Checks-3.patch
Tad ef51b5e5af
Updated strict package check patches from GrapheneOS 
Signed-off-by: Tad <tad@spotco.us>
2023-02-03 17:57:15 -05:00

37 lines
1.6 KiB
Diff
Raw Blame History

From 7d0c4f3aa7c7640afc0496a9c901eeb49c65b47d Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 31 Jan 2023 19:32:46 +0200
Subject: [PATCH] require fs-verity when installing system package updates
---
.../android/server/pm/InstallPackageHelper.java | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index e929e4762126..2bfbd199d7f5 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -1513,6 +1513,22 @@ && cannotInstallWithBadPermissionGroups(parsedPackage)) {
"Failed to set up verity: " + e);
}
+ boolean checkVerity = true;
+ if (Build.IS_DEBUGGABLE) {
+ if (SystemProperties.getBoolean("persist.disable_install_time_fsverity_check", false)) {
+ checkVerity = false;
+ }
+ }
+
+ if (checkVerity && PackageVerityExt.getSystemPackage(parsedPackage) != null) {
+ try {
+ PackageVerityExt.checkFsVerity(parsedPackage);
+ } catch (PackageManagerException e) {
+ throw new PrepareFailure(INSTALL_FAILED_INTERNAL_ERROR,
+ "fs-verity not set up for system package update " + e);
+ }
+ }
+
final PackageFreezer freezer =
freezePackageForInstall(pkgName, installFlags, "installPackageLI");
boolean shouldCloseFreezerBeforeReturn = true;
Reference in New Issue View Git Blame Copy Permalink