FileIntegrityManager
public
final
class
FileIntegrityManager
extends Object
java.lang.Object | |
↳ | android.security.FileIntegrityManager |
This class provides access to file integrity related operations.
Summary
Public methods | |
---|---|
byte[]
|
getFsVerityDigest(File file)
Returns the fs-verity digest for the owned file under the calling app's private directory, or null when the file does not have fs-verity enabled (including when fs-verity is not supported on older devices). |
boolean
|
isApkVeritySupported()
Returns whether fs-verity is supported on the device. |
boolean
|
isAppSourceCertificateTrusted(X509Certificate certificate)
This method was deprecated in API level VanillaIceCream. The feature is no longer supported, and this API now always returns false. |
void
|
setupFsVerity(File file)
Enables fs-verity to the owned file under the calling app's private directory. |
Inherited methods | |
---|---|
Public methods
getFsVerityDigest
public byte[] getFsVerityDigest (File file)
Returns the fs-verity digest for the owned file under the calling app's private directory, or null when the file does not have fs-verity enabled (including when fs-verity is not supported on older devices).
Parameters | |
---|---|
file |
File : The file to measure the fs-verity digest.
This value cannot be null . |
Returns | |
---|---|
byte[] |
The fs-verity digest in byte[], null if none. |
Throws | |
---|---|
IOException |
See also:
isApkVeritySupported
public boolean isApkVeritySupported ()
Returns whether fs-verity is supported on the device. fs-verity provides on-access verification, although the app APIs are only made available to apps in a later SDK version. Only when this method returns true, the other fs-verity APIs in the same class can succeed.
The app may not need this method and just call the other APIs normally and handle any failure. If some app feature really depends on fs-verity (e.g. protecting integrity of a large file download), an early check of support status may avoid any cost if it is to fail late.
Note: for historical reasons this is named isApkVeritySupported()
instead of
isFsVeritySupported()
. It has also been available since API level 30, predating the
other fs-verity APIs.
Returns | |
---|---|
boolean |
isAppSourceCertificateTrusted
public boolean isAppSourceCertificateTrusted (X509Certificate certificate)
This method was deprecated
in API level VanillaIceCream.
The feature is no longer supported, and this API now always returns false.
Returns whether the given certificate can be used to prove app's install source. Always return false if the feature is not supported.
A store can use this API to decide if a signature file needs to be downloaded. Also, if a
store has shipped different certificates before (e.g. with stronger and weaker key), it can
also use this API to download the best signature on the running device.
Requires Manifest.permission.INSTALL_PACKAGES
or Manifest.permission.REQUEST_INSTALL_PACKAGES
Parameters | |
---|---|
certificate |
X509Certificate : This value cannot be null . |
Returns | |
---|---|
boolean |
whether the certificate is trusted in the system |
Throws | |
---|---|
CertificateEncodingException |
setupFsVerity
public void setupFsVerity (File file)
Enables fs-verity to the owned file under the calling app's private directory. It always uses the common configuration, i.e. SHA-256 digest algorithm, 4K block size, and without salt.
For enabling fs-verity to succeed, the device must support fs-verity, the file must be
writable by the app and not already have fs-verity enabled, and the file must not currently
be open for writing by any process. To check whether the device supports fs-verity, use
isApkVeritySupported()
.
It takes O(file size) time to build the underlying data structure for continuous verification. The operation is atomic, i.e. it's either enabled or not, even in case of power failure during or after the call.
Note for the API users: When the file's authenticity is crucial, the app typical needs to
perform a signature check by itself before using the file. The signature is often delivered
as a separate file and stored next to the targeting file in the filesystem. The public key of
the signer (normally the same app developer) can be put in the APK, and the app can use the
public key to verify the signature to the file's actual fs-verity digest (from getFsVerityDigest(java.io.File)
) before using the file. The exact format is not prescribed by the
framework. App developers may choose to use common practices like JCA for the signing and
verification, or their own preferred approach.
Parameters | |
---|---|
file |
File : The file to enable fs-verity. It must represent an absolute path.
This value cannot be null . |
Throws | |
---|---|
IllegalArgumentException |
If the provided file is not an absolute path. |
IOException |
If the operation failed. |
See also: