Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-09-16 06:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
d98f33a337
DivestOS/Patches/LineageOS-21.0/android_frameworks_base/0029-Strict_Package_Checks-3.patch
Tavi d98f33a337 21.0: Initial bringup 
TODO:
- f/w/b
- settings

Signed-off-by: Tavi <tavi@divested.dev>
2024-05-20 11:53:38 -04:00

53 lines
2.2 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Tue, 31 Jan 2023 19:32:46 +0200
Subject: [PATCH] require fs-verity when installing system package updates
---
.../server/pm/InstallPackageHelper.java | 25 +++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index 8ebfc9c4bb74..a7def2c273ad 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -135,6 +135,7 @@ import android.os.Message;
import android.os.Process;
import android.os.RemoteException;
import android.os.SELinux;
+import android.os.SystemProperties;
import android.os.Trace;
import android.os.UserHandle;
import android.os.UserManager;
@@ -1603,6 +1604,30 @@ final class InstallPackageHelper {
parsedPackage.setBaseApkPath(request.getApexInfo().modulePath);
}
+ final AndroidPackage systemPackage = PackageVerityExt.getSystemPackage(parsedPackage);
+
+ if (systemPackage != null) {
+ // this is an update to a system package
+
+ try {
+ PackageVerityExt.checkFsVerity(parsedPackage);
+ } catch (PackageManagerException e) {
+ String message = "fs-verity not set up for system package update " + e;
+ boolean abortInstall = true;
+
+ if (Build.IS_DEBUGGABLE) {
+ if (SystemProperties.getBoolean("persist.disable_install_time_fsverity_check", false)) {
+ Slog.d(TAG, message);
+ abortInstall = false;
+ }
+ }
+
+ if (abortInstall) {
+ throw new PrepareFailure(INSTALL_FAILED_INTERNAL_ERROR, message);
+ }
+ }
+ }
+
final PackageFreezer freezer =
freezePackageForInstall(pkgName, UserHandle.USER_ALL, installFlags,
"installPackageLI", ApplicationExitInfo.REASON_PACKAGE_UPDATED, request);
Reference in New Issue View Git Blame Copy Permalink