Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0624394b authored by Song Chun Fan's avatar Song Chun Fan
Browse files

[ADI][20/N] protect the verifier app 

Makes sure it cannot be disabled/suspended/uninstalled.

FLAG: android.content.pm.verification_service
BUG: 360129657
Test: atest android.content.pm.cts.VerifierServiceTest

Merged-In: I0872073bb9110fd7994437dee455090edc9f8355
Change-Id: I0872073bb9110fd7994437dee455090edc9f8355
parent c8e27d42

services/core/java/com/android/server/pm/PackageManagerService.java

+2 −0
Original line number Diff line number Diff line
@@ -2494,6 +2494,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService 
            mVerificationServiceProviderPackage =

                    getVerificationServiceProviderPackage(computer, mContext.getString(

                            R.string.config_verificationServiceProviderPackageName));

            mProtectedPackages.setVerificationServiceProviderPackage(

                    mVerificationServiceProviderPackage);



            // Initialize InstantAppRegistry's Instant App list for all users.

            forEachPackageState(computer, packageState -> {

services/core/java/com/android/server/pm/ProtectedPackages.java

+24 −5
Original line number Diff line number Diff line
@@ -64,6 +64,10 @@ public class ProtectedPackages { 
    @GuardedBy("this")

    private final String mDeviceProvisioningPackage;



    @Nullable

    @GuardedBy("this")

    private String mVerificationServiceProviderPackage;



    @Nullable

    @GuardedBy("this")

    private final SparseArray<Set<String>> mOwnerProtectedPackages = new SparseArray<>();
@@ -97,6 +101,12 @@ public class ProtectedPackages { 
        }

    }



    /** Sets verification service provider package which should be protected. */

    public synchronized void setVerificationServiceProviderPackage(

            @Nullable String verificationServiceProviderPackage) {

        mVerificationServiceProviderPackage = verificationServiceProviderPackage;

    }



    private synchronized boolean hasDeviceOwnerOrProfileOwner(int userId, String packageName) {

        if (packageName == null) {

            return false;
@@ -132,11 +142,20 @@ public class ProtectedPackages { 
     * can modify its data or package state.

     */

    private synchronized boolean isProtectedPackage(@UserIdInt int userId, String packageName) {

        return packageName != null

                && (packageName.equals(mDeviceProvisioningPackage)

                        || isOwnerProtectedPackage(userId, packageName)

                        || (Flags.protectSupervisionPackages()

                                && isSupervisionPackage(userId, packageName)));

        if (packageName == null) {

            return false;

        }

        if (packageName.equals(mDeviceProvisioningPackage)

                || isOwnerProtectedPackage(userId, packageName)) {

            return true;

        }

        if (Flags.protectSupervisionPackages() && isSupervisionPackage(userId, packageName)) {

            return true;

        }

        if (packageName.equals(mVerificationServiceProviderPackage)) {

            return true;

        }

        return false;

    }



    /**