Merge "Add implementation class to handle integrity check broadcasts."

    /** Sets the enforcement of reading external storage */

    public abstract void setReadExternalStorageEnforced(boolean enforced);

    /**

     * Allows the integrity component to respond to the

     * {@link Intent#ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification

     * broadcast} to respond to the package manager. The response must include

     * the {@code verificationCode} which is one of

     * {@link PackageManager#VERIFICATION_ALLOW} or

     * {@link PackageManager#VERIFICATION_REJECT}.

     *

     * @param verificationId pending package identifier as passed via the

     *            {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra.

     * @param verificationResult either {@link PackageManager#VERIFICATION_ALLOW}

     *            or {@link PackageManager#VERIFICATION_REJECT}.

     */

    public abstract void setIntegrityVerificationResult(int verificationId, int verificationResult);

}

/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.integrity;

import android.content.Context;

import com.android.server.SystemService;

/**

 * Service that manages app integrity rules and verifications.

 *

 * @hide

 */

public class AppIntegrityManagerService extends SystemService {

    private Context mContext;

    private AppIntegrityManagerServiceImpl mService;

    public AppIntegrityManagerService(Context context) {

        super(context);

        mContext = context;

    }

    @Override

    public void onStart() {

        mService = new AppIntegrityManagerServiceImpl(mContext);

        // TODO: define and publish a binder service.

    }

}

/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.integrity;

import static android.content.Intent.ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION;

import static android.content.pm.PackageManager.EXTRA_VERIFICATION_ID;

import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Intent;

import android.content.IntentFilter;

import android.content.pm.PackageManager;

import android.content.pm.PackageManagerInternal;

import android.os.Handler;

import android.os.HandlerThread;

import android.util.Slog;

import com.android.internal.annotations.VisibleForTesting;

import com.android.server.LocalServices;

/** Implementation of {@link AppIntegrityManagerService}. */

class AppIntegrityManagerServiceImpl {

    private static final String TAG = "AppIntegrityManagerServiceImpl";

    private final Context mContext;

    private final Handler mHandler;

    private final PackageManagerInternal mPackageManagerInternal;

    AppIntegrityManagerServiceImpl(Context context) {

        mContext = context;

        HandlerThread handlerThread = new HandlerThread("AppIntegrityManagerServiceHandler");

        handlerThread.start();

        mHandler = handlerThread.getThreadHandler();

        mPackageManagerInternal = LocalServices.getService(PackageManagerInternal.class);

        IntentFilter integrityVerificationFilter = new IntentFilter();

        integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION);

        mContext.registerReceiver(

                new BroadcastReceiver() {

                    @Override

                    public void onReceive(Context context, Intent intent) {

                        if (!ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION.equals(

                                intent.getAction())) {

                            return;

                        }

                        mHandler.post(() -> handleIntegrityVerification(intent));

                    }

                },

                integrityVerificationFilter,

                /* broadcastPermission= */ null,

                mHandler);

    }

    // protected broadcasts cannot be sent in the test.

    @VisibleForTesting

    void handleIntegrityVerification(Intent intent) {

        int verificationId = intent.getIntExtra(EXTRA_VERIFICATION_ID, -1);

        // TODO: implement this method.

        Slog.i(TAG, "Received integrity verification intent " + intent.toString());

        mPackageManagerInternal.setIntegrityVerificationResult(

                verificationId, PackageManager.VERIFICATION_ALLOW);

    }

}

    static final int ENABLE_ROLLBACK_TIMEOUT = 22;

    static final int DEFERRED_NO_KILL_POST_DELETE = 23;

    static final int DEFERRED_NO_KILL_INSTALL_OBSERVER = 24;

    static final int INTEGRITY_VERIFICATION_COMPLETE = 25;

    static final int DEFERRED_NO_KILL_POST_DELETE_DELAY_MS = 3 * 1000;

    static final int DEFERRED_NO_KILL_INSTALL_OBSERVER_DELAY_MS = 500;

                    break;

                }

                case INTEGRITY_VERIFICATION_COMPLETE: {

                    // TODO: implement this case.

                    break;

                }

                case START_INTENT_FILTER_VERIFICATIONS: {

                    IFVerificationParams params = (IFVerificationParams) msg.obj;

                    verifyIntentFiltersIfNeeded(params.userId, params.verifierUid, params.replacing,

                mSettings.writeLPr();

            }

        }

        @Override

        public void setIntegrityVerificationResult(int verificationId, int verificationResult) {

            final Message msg = mHandler.obtainMessage(INTEGRITY_VERIFICATION_COMPLETE);

            msg.arg1 = verificationId;

            msg.obj = verificationResult;

            mHandler.sendMessage(msg);

        }

    }

    @GuardedBy("mLock")

import com.android.server.inputmethod.InputMethodManagerService;

import com.android.server.inputmethod.InputMethodSystemProperty;

import com.android.server.inputmethod.MultiClientInputMethodManagerService;

import com.android.server.integrity.AppIntegrityManagerService;

import com.android.server.lights.LightsService;

import com.android.server.media.MediaResourceMonitorService;

import com.android.server.media.MediaRouterService;

            SignedConfigService.registerUpdateReceiver(mSystemContext);

            t.traceEnd();

            t.traceBegin("AppIntegrityService");

            mSystemServiceManager.startService(AppIntegrityManagerService.class);

            t.traceEnd();

        } catch (Throwable e) {

            Slog.e("System", "******************************************");

            Slog.e("System", "************ Failure starting core service");