mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-06-29 16:12:38 +00:00
37 lines
1.6 KiB
Diff
37 lines
1.6 KiB
Diff
From 7d0c4f3aa7c7640afc0496a9c901eeb49c65b47d Mon Sep 17 00:00:00 2001
|
|
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
|
Date: Tue, 31 Jan 2023 19:32:46 +0200
|
|
Subject: [PATCH] require fs-verity when installing system package updates
|
|
|
|
---
|
|
.../android/server/pm/InstallPackageHelper.java | 16 ++++++++++++++++
|
|
1 file changed, 16 insertions(+)
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
|
|
index e929e4762126..2bfbd199d7f5 100644
|
|
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
|
|
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
|
|
@@ -1513,6 +1513,22 @@ && cannotInstallWithBadPermissionGroups(parsedPackage)) {
|
|
"Failed to set up verity: " + e);
|
|
}
|
|
|
|
+ boolean checkVerity = true;
|
|
+ if (Build.IS_DEBUGGABLE) {
|
|
+ if (SystemProperties.getBoolean("persist.disable_install_time_fsverity_check", false)) {
|
|
+ checkVerity = false;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (checkVerity && PackageVerityExt.getSystemPackage(parsedPackage) != null) {
|
|
+ try {
|
|
+ PackageVerityExt.checkFsVerity(parsedPackage);
|
|
+ } catch (PackageManagerException e) {
|
|
+ throw new PrepareFailure(INSTALL_FAILED_INTERNAL_ERROR,
|
|
+ "fs-verity not set up for system package update " + e);
|
|
+ }
|
|
+ }
|
|
+
|
|
final PackageFreezer freezer =
|
|
freezePackageForInstall(pkgName, installFlags, "installPackageLI");
|
|
boolean shouldCloseFreezerBeforeReturn = true;
|