diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java index f773825a7ff8b..6da0de13f6234 100644 --- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java @@ -52,7 +52,6 @@ import android.os.Handler; import android.os.HandlerThread; import android.os.UserHandle; import android.provider.Settings; -import android.security.FileIntegrityManager; import android.util.Slog; import android.util.apk.SourceStampVerificationResult; import android.util.apk.SourceStampVerifier; @@ -122,7 +121,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { private final PackageManagerInternal mPackageManagerInternal; private final RuleEvaluationEngine mEvaluationEngine; private final IntegrityFileManager mIntegrityFileManager; - private final FileIntegrityManager mFileIntegrityManager; /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */ public static AppIntegrityManagerServiceImpl create(Context context) { @@ -134,7 +132,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { LocalServices.getService(PackageManagerInternal.class), RuleEvaluationEngine.getRuleEvaluationEngine(), IntegrityFileManager.getInstance(), - (FileIntegrityManager) context.getSystemService(Context.FILE_INTEGRITY_SERVICE), handlerThread.getThreadHandler()); } @@ -144,13 +141,11 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { PackageManagerInternal packageManagerInternal, RuleEvaluationEngine evaluationEngine, IntegrityFileManager integrityFileManager, - FileIntegrityManager fileIntegrityManager, Handler handler) { mContext = context; mPackageManagerInternal = packageManagerInternal; mEvaluationEngine = evaluationEngine; mIntegrityFileManager = integrityFileManager; - mFileIntegrityManager = fileIntegrityManager; mHandler = handler; IntentFilter integrityVerificationFilter = new IntentFilter(); @@ -476,6 +471,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { SourceStampVerifier.verify(installationPath.getAbsolutePath()); appInstallMetadata.setIsStampPresent(sourceStampVerificationResult.isPresent()); appInstallMetadata.setIsStampVerified(sourceStampVerificationResult.isVerified()); + // A verified stamp is set to be trusted. + appInstallMetadata.setIsStampTrusted(sourceStampVerificationResult.isVerified()); if (sourceStampVerificationResult.isVerified()) { X509Certificate sourceStampCertificate = (X509Certificate) sourceStampVerificationResult.getCertificate(); @@ -488,16 +485,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { throw new IllegalArgumentException( "Error computing source stamp certificate digest", e); } - // Checks if the source stamp certificate is trusted. - try { - appInstallMetadata.setIsStampTrusted( - mFileIntegrityManager.isApkVeritySupported() - && mFileIntegrityManager.isAppSourceCertificateTrusted( - sourceStampCertificate)); - } catch (CertificateEncodingException e) { - throw new IllegalArgumentException( - "Error checking if source stamp certificate is trusted", e); - } } } diff --git a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java index e2b63e2bb9b7b..3dd150479ddc3 100644 --- a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java +++ b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java @@ -62,7 +62,6 @@ import android.net.Uri; import android.os.Handler; import android.os.Message; import android.provider.Settings; -import android.security.FileIntegrityManager; import androidx.test.InstrumentationRegistry; @@ -136,7 +135,6 @@ public class AppIntegrityManagerServiceImplTest { @Mock RuleEvaluationEngine mRuleEvaluationEngine; @Mock IntegrityFileManager mIntegrityFileManager; @Mock Handler mHandler; - FileIntegrityManager mFileIntegrityManager; private final Context mRealContext = InstrumentationRegistry.getTargetContext(); @@ -165,16 +163,12 @@ public class AppIntegrityManagerServiceImplTest { Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); } - mFileIntegrityManager = - (FileIntegrityManager) - mRealContext.getSystemService(Context.FILE_INTEGRITY_SERVICE); mService = new AppIntegrityManagerServiceImpl( mMockContext, mPackageManagerInternal, mRuleEvaluationEngine, mIntegrityFileManager, - mFileIntegrityManager, mHandler); mSpyPackageManager = spy(mRealContext.getPackageManager()); @@ -379,7 +373,7 @@ public class AppIntegrityManagerServiceImplTest { AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); assertTrue(appInstallMetadata.isStampPresent()); assertTrue(appInstallMetadata.isStampVerified()); - assertFalse(appInstallMetadata.isStampTrusted()); + assertTrue(appInstallMetadata.isStampTrusted()); assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash()); }