Merge "Support for multiple required verifiers." (1362f657) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/DeletePackageHelper.java

+4 −3

Original line number	Original line	Diff line number	Diff line
	@@ -816,10 +816,11 @@ final class DeletePackageHelper {
	}		}

	// Allow package verifier to silently uninstall.		// Allow package verifier to silently uninstall.
	if (mPm.mRequiredVerifierPackage != null && callingUid == snapshot		for (String verifierPackageName : mPm.mRequiredVerifierPackages) {
	.getPackageUid(mPm.mRequiredVerifierPackage, 0, callingUserId)) {		if (callingUid == snapshot.getPackageUid(verifierPackageName, 0, callingUserId)) {
	return true;		return true;
	}		}
			}

	// Allow package uninstaller to silently uninstall.		// Allow package uninstaller to silently uninstall.
	if (mPm.mRequiredUninstallerPackage != null && callingUid == snapshot		if (mPm.mRequiredUninstallerPackage != null && callingUid == snapshot

services/core/java/com/android/server/pm/DumpHelper.java

+34 −30

Original line number	Original line	Diff line number	Diff line
	@@ -54,7 +54,7 @@ final class DumpHelper {
	private final StorageEventHelper mStorageEventHelper;		private final StorageEventHelper mStorageEventHelper;
	private final DomainVerificationManagerInternal mDomainVerificationManager;		private final DomainVerificationManagerInternal mDomainVerificationManager;
	private final PackageInstallerService mInstallerService;		private final PackageInstallerService mInstallerService;
	private final String mRequiredVerifierPackage;		private final String[] mRequiredVerifierPackages;
	private final KnownPackages mKnownPackages;		private final KnownPackages mKnownPackages;
	private final ChangedPackagesTracker mChangedPackagesTracker;		private final ChangedPackagesTracker mChangedPackagesTracker;
	private final ArrayMap<String, FeatureInfo> mAvailableFeatures;		private final ArrayMap<String, FeatureInfo> mAvailableFeatures;
	@@ -65,7 +65,7 @@ final class DumpHelper {
	PermissionManagerServiceInternal permissionManager,		PermissionManagerServiceInternal permissionManager,
	StorageEventHelper storageEventHelper,		StorageEventHelper storageEventHelper,
	DomainVerificationManagerInternal domainVerificationManager,		DomainVerificationManagerInternal domainVerificationManager,
	PackageInstallerService installerService, String requiredVerifierPackage,		PackageInstallerService installerService, String[] requiredVerifierPackages,
	KnownPackages knownPackages,		KnownPackages knownPackages,
	ChangedPackagesTracker changedPackagesTracker,		ChangedPackagesTracker changedPackagesTracker,
	ArrayMap<String, FeatureInfo> availableFeatures,		ArrayMap<String, FeatureInfo> availableFeatures,
	@@ -75,7 +75,7 @@ final class DumpHelper {
	mStorageEventHelper = storageEventHelper;		mStorageEventHelper = storageEventHelper;
	mDomainVerificationManager = domainVerificationManager;		mDomainVerificationManager = domainVerificationManager;
	mInstallerService = installerService;		mInstallerService = installerService;
	mRequiredVerifierPackage = requiredVerifierPackage;		mRequiredVerifierPackages = requiredVerifierPackages;
	mKnownPackages = knownPackages;		mKnownPackages = knownPackages;
	mChangedPackagesTracker = changedPackagesTracker;		mChangedPackagesTracker = changedPackagesTracker;
	mAvailableFeatures = availableFeatures;		mAvailableFeatures = availableFeatures;
	@@ -313,21 +313,22 @@ final class DumpHelper {
	ipw.decreaseIndent();		ipw.decreaseIndent();
	}		}

	if (dumpState.isDumping(DumpState.DUMP_VERIFIERS)		if (dumpState.isDumping(DumpState.DUMP_VERIFIERS) && packageName == null) {
	&& packageName == null) {		if (!checkin && mRequiredVerifierPackages.length > 0) {
	final String requiredVerifierPackage = mRequiredVerifierPackage;
	if (!checkin) {
	if (dumpState.onTitlePrinted()) {		if (dumpState.onTitlePrinted()) {
	pw.println();		pw.println();
	}		}
	pw.println("Verifiers:");		pw.println("Verifiers:");
			}
			for (String requiredVerifierPackage : mRequiredVerifierPackages) {
			if (!checkin) {
	pw.print(" Required: ");		pw.print(" Required: ");
	pw.print(requiredVerifierPackage);		pw.print(requiredVerifierPackage);
	pw.print(" (uid=");		pw.print(" (uid=");
	pw.print(snapshot.getPackageUid(requiredVerifierPackage,		pw.print(snapshot.getPackageUid(requiredVerifierPackage,
	MATCH_DEBUG_TRIAGED_MISSING, UserHandle.USER_SYSTEM));		MATCH_DEBUG_TRIAGED_MISSING, UserHandle.USER_SYSTEM));
	pw.println(")");		pw.println(")");
	} else if (requiredVerifierPackage != null) {		} else {
	pw.print("vrfy,");		pw.print("vrfy,");
	pw.print(requiredVerifierPackage);		pw.print(requiredVerifierPackage);
	pw.print(",");		pw.print(",");
	@@ -335,6 +336,7 @@ final class DumpHelper {
	MATCH_DEBUG_TRIAGED_MISSING, UserHandle.USER_SYSTEM));		MATCH_DEBUG_TRIAGED_MISSING, UserHandle.USER_SYSTEM));
	}		}
	}		}
			}

	if (dumpState.isDumping(DumpState.DUMP_DOMAIN_VERIFIER)		if (dumpState.isDumping(DumpState.DUMP_DOMAIN_VERIFIER)
	&& packageName == null) {		&& packageName == null) {
	@@ -642,17 +644,19 @@ final class DumpHelper {
	private void dumpProto(Computer snapshot, FileDescriptor fd) {		private void dumpProto(Computer snapshot, FileDescriptor fd) {
	final ProtoOutputStream proto = new ProtoOutputStream(fd);		final ProtoOutputStream proto = new ProtoOutputStream(fd);

			for (String requiredVerifierPackage : mRequiredVerifierPackages) {
	final long requiredVerifierPackageToken =		final long requiredVerifierPackageToken =
	proto.start(PackageServiceDumpProto.REQUIRED_VERIFIER_PACKAGE);		proto.start(PackageServiceDumpProto.REQUIRED_VERIFIER_PACKAGE);
	proto.write(PackageServiceDumpProto.PackageShortProto.NAME,		proto.write(PackageServiceDumpProto.PackageShortProto.NAME,
	mRequiredVerifierPackage);		requiredVerifierPackage);
	proto.write(		proto.write(
	PackageServiceDumpProto.PackageShortProto.UID,		PackageServiceDumpProto.PackageShortProto.UID,
	snapshot.getPackageUid(		snapshot.getPackageUid(
	mRequiredVerifierPackage,		requiredVerifierPackage,
	MATCH_DEBUG_TRIAGED_MISSING,		MATCH_DEBUG_TRIAGED_MISSING,
	UserHandle.USER_SYSTEM));		UserHandle.USER_SYSTEM));
	proto.end(requiredVerifierPackageToken);		proto.end(requiredVerifierPackageToken);
			}

	DomainVerificationProxy proxy = mDomainVerificationManager.getProxy();		DomainVerificationProxy proxy = mDomainVerificationManager.getProxy();
	ComponentName verifierComponent = proxy.getComponentName();		ComponentName verifierComponent = proxy.getComponentName();

services/core/java/com/android/server/pm/InstallPackageHelper.java

+18 −15

Original line number	Original line	Diff line number	Diff line
	@@ -2719,15 +2719,16 @@ final class InstallPackageHelper {
	installerPackageName, null /finishedReceiver/,		installerPackageName, null /finishedReceiver/,
	updateUserIds, instantUserIds, null /* broadcastAllowList */, null);		updateUserIds, instantUserIds, null /* broadcastAllowList */, null);
	}		}
	// if the required verifier is defined, but, is not the installer of record		// Notify required verifier(s) that are not the installer of record for the package.
	// for the package, it gets notified		for (String verifierPackageName : mPm.mRequiredVerifierPackages) {
	final boolean notifyVerifier = mPm.mRequiredVerifierPackage != null		if (verifierPackageName != null && !verifierPackageName.equals(
	&& !mPm.mRequiredVerifierPackage.equals(installerPackageName);		installerPackageName)) {
	if (notifyVerifier) {
	mPm.sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName,		mPm.sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, packageName,
	extras, 0 /flags/,		extras, 0 /flags/,
	mPm.mRequiredVerifierPackage, null /finishedReceiver/,		verifierPackageName, null /finishedReceiver/,
	updateUserIds, instantUserIds, null /* broadcastAllowList */, null);		updateUserIds, instantUserIds, null /* broadcastAllowList */,
			null);
			}
	}		}
	// If package installer is defined, notify package installer about new		// If package installer is defined, notify package installer about new
	// app installed		// app installed
	@@ -2752,12 +2753,14 @@ final class InstallPackageHelper {
	updateUserIds, instantUserIds, null /broadcastAllowList/,		updateUserIds, instantUserIds, null /broadcastAllowList/,
	null);		null);
	}		}
	if (notifyVerifier) {		for (String verifierPackageName : mPm.mRequiredVerifierPackages) {
	mPm.sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED, packageName,		if (verifierPackageName != null && !verifierPackageName.equals(
	extras, 0 /flags/,		installerPackageName)) {
	mPm.mRequiredVerifierPackage, null /finishedReceiver/,		mPm.sendPackageBroadcast(Intent.ACTION_PACKAGE_REPLACED,
	updateUserIds, instantUserIds, null /broadcastAllowList/,		packageName, extras, 0 /flags/, verifierPackageName,
	null);		null /finishedReceiver/, updateUserIds, instantUserIds,
			null /broadcastAllowList/, null);
			}
	}		}
	mPm.sendPackageBroadcast(Intent.ACTION_MY_PACKAGE_REPLACED,		mPm.sendPackageBroadcast(Intent.ACTION_MY_PACKAGE_REPLACED,
	null /package/, null /extras/, 0 /flags/,		null /package/, null /extras/, 0 /flags/,

services/core/java/com/android/server/pm/KnownPackages.java

+4 −4

services/core/java/com/android/server/pm/PackageManagerService.java

+78 −37

Original line number	Original line	Diff line number	Diff line
	@@ -238,6 +238,7 @@ import com.android.server.utils.Watcher;

	import dalvik.system.VMRuntime;		import dalvik.system.VMRuntime;

			import libcore.util.EmptyArray;
	import libcore.util.HexEncoding;		import libcore.util.HexEncoding;

	import java.io.ByteArrayInputStream;		import java.io.ByteArrayInputStream;
	@@ -521,6 +522,9 @@ public class PackageManagerService implements PackageSender, TestUtilityService

	private static final String COMPANION_PACKAGE_NAME = "com.android.companiondevicemanager";		private static final String COMPANION_PACKAGE_NAME = "com.android.companiondevicemanager";

			// How many required verifiers can be on the system.
			private static final int REQUIRED_VERIFIERS_MAX_COUNT = 2;

	// Compilation reasons.		// Compilation reasons.
	public static final int REASON_FIRST_BOOT = 0;		public static final int REASON_FIRST_BOOT = 0;
	public static final int REASON_BOOT_AFTER_OTA = 1;		public static final int REASON_BOOT_AFTER_OTA = 1;
	@@ -906,7 +910,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	final SparseArray<PostInstallData> mRunningInstalls = new SparseArray<>();		final SparseArray<PostInstallData> mRunningInstalls = new SparseArray<>();
	int mNextInstallToken = 1; // nonzero; will be wrapped back to 1 when ++ overflows		int mNextInstallToken = 1; // nonzero; will be wrapped back to 1 when ++ overflows

	final @Nullable String mRequiredVerifierPackage;		final @NonNull String[] mRequiredVerifierPackages;
	final @NonNull String mRequiredInstallerPackage;		final @NonNull String mRequiredInstallerPackage;
	final @NonNull String mRequiredUninstallerPackage;		final @NonNull String mRequiredUninstallerPackage;
	final @NonNull String mRequiredPermissionControllerPackage;		final @NonNull String mRequiredPermissionControllerPackage;
	@@ -1642,7 +1646,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	mProtectedPackages = testParams.protectedPackages;		mProtectedPackages = testParams.protectedPackages;
	mSeparateProcesses = testParams.separateProcesses;		mSeparateProcesses = testParams.separateProcesses;
	mViewCompiler = testParams.viewCompiler;		mViewCompiler = testParams.viewCompiler;
	mRequiredVerifierPackage = testParams.requiredVerifierPackage;		mRequiredVerifierPackages = testParams.requiredVerifierPackages;
	mRequiredInstallerPackage = testParams.requiredInstallerPackage;		mRequiredInstallerPackage = testParams.requiredInstallerPackage;
	mRequiredUninstallerPackage = testParams.requiredUninstallerPackage;		mRequiredUninstallerPackage = testParams.requiredUninstallerPackage;
	mRequiredPermissionControllerPackage = testParams.requiredPermissionControllerPackage;		mRequiredPermissionControllerPackage = testParams.requiredPermissionControllerPackage;
	@@ -2126,7 +2130,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY,		EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_READY,
	SystemClock.uptimeMillis());		SystemClock.uptimeMillis());

	mRequiredVerifierPackage = getRequiredButNotReallyRequiredVerifierLPr(computer);		mRequiredVerifierPackages = getRequiredButNotReallyRequiredVerifiersLPr(computer);
	mRequiredInstallerPackage = getRequiredInstallerLPr(computer);		mRequiredInstallerPackage = getRequiredInstallerLPr(computer);
	mRequiredUninstallerPackage = getRequiredUninstallerLPr(computer);		mRequiredUninstallerPackage = getRequiredUninstallerLPr(computer);
	ComponentName intentFilterVerifierComponent =		ComponentName intentFilterVerifierComponent =
	@@ -2265,8 +2269,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	"persist.pm.mock-upgrade", false /* default */);		"persist.pm.mock-upgrade", false /* default */);
	}		}

	@Nullable		@NonNull
	private String getRequiredButNotReallyRequiredVerifierLPr(@NonNull Computer computer) {		private String[] getRequiredButNotReallyRequiredVerifiersLPr(@NonNull Computer computer) {
	final Intent intent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION);		final Intent intent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION);

	final List<ResolveInfo> matches =		final List<ResolveInfo> matches =
	@@ -2274,13 +2278,23 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	PACKAGE_MIME_TYPE,		PACKAGE_MIME_TYPE,
	MATCH_SYSTEM_ONLY \| MATCH_DIRECT_BOOT_AWARE \| MATCH_DIRECT_BOOT_UNAWARE,		MATCH_SYSTEM_ONLY \| MATCH_DIRECT_BOOT_AWARE \| MATCH_DIRECT_BOOT_UNAWARE,
	UserHandle.USER_SYSTEM, Binder.getCallingUid());		UserHandle.USER_SYSTEM, Binder.getCallingUid());
	if (matches.size() == 1) {		final int size = matches.size();
	return matches.get(0).getComponentInfo().packageName;		if (size == 0) {
	} else if (matches.size() == 0) {
	Log.w(TAG, "There should probably be a verifier, but, none were found");		Log.w(TAG, "There should probably be a verifier, but, none were found");
	return null;		return EmptyArray.STRING;
			} else if (size <= REQUIRED_VERIFIERS_MAX_COUNT) {
			String[] verifiers = new String[size];
			for (int i = 0; i < size; ++i) {
			verifiers[i] = matches.get(i).getComponentInfo().packageName;
			if (TextUtils.isEmpty(verifiers[i])) {
			throw new RuntimeException("Invalid verifier: " + matches);
			}
			}
			return verifiers;
	}		}
	throw new RuntimeException("There must be exactly one verifier; found " + matches);		throw new RuntimeException(
			"There must be no more than " + REQUIRED_VERIFIERS_MAX_COUNT + " verifiers; found "
			+ matches);
	}		}

	@NonNull		@NonNull
	@@ -3153,8 +3167,12 @@ public class PackageManagerService implements PackageSender, TestUtilityService

	boolean isCallerVerifier(@NonNull Computer snapshot, int callingUid) {		boolean isCallerVerifier(@NonNull Computer snapshot, int callingUid) {
	final int callingUserId = UserHandle.getUserId(callingUid);		final int callingUserId = UserHandle.getUserId(callingUid);
	return mRequiredVerifierPackage != null && callingUid == snapshot.getPackageUid(		for (String requiredVerifierPackage : mRequiredVerifierPackages) {
	mRequiredVerifierPackage, 0, callingUserId);		if (callingUid == snapshot.getPackageUid(requiredVerifierPackage, 0, callingUserId)) {
			return true;
			}
			}
			return false;
	}		}

	public boolean isPackageDeviceAdminOnAnyUser(@NonNull Computer snapshot, String packageName) {		public boolean isPackageDeviceAdminOnAnyUser(@NonNull Computer snapshot, String packageName) {
	@@ -4665,15 +4683,28 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	}		}

	@Override		@Override
	public void extendVerificationTimeout(int id, int verificationCodeAtTimeout,		public void extendVerificationTimeout(int verificationId, int verificationCodeAtTimeout,
	long millisecondsToDelay) {		long millisecondsToDelay) {
			// Negative ids correspond to testing verifiers and will be silently enforced in
			// the handler thread.
			if (verificationId >= 0) {
	mContext.enforceCallingOrSelfPermission(		mContext.enforceCallingOrSelfPermission(
	Manifest.permission.PACKAGE_VERIFICATION_AGENT,		Manifest.permission.PACKAGE_VERIFICATION_AGENT,
	"Only package verification agents can extend verification timeouts");		"Only package verification agents can extend verification timeouts");
			}
	final int callingUid = Binder.getCallingUid();		final int callingUid = Binder.getCallingUid();

	mHandler.post(() -> {		mHandler.post(() -> {
			final int id = verificationId >= 0 ? verificationId : -verificationId;
	final PackageVerificationState state = mPendingVerification.get(id);		final PackageVerificationState state = mPendingVerification.get(id);
			if (state == null \|\| state.timeoutExtended() \|\| !state.checkRequiredVerifierUid(
			callingUid)) {
			// Only allow calls from required verifiers.
			return;
			}

			state.extendTimeout();

	final PackageVerificationResponse response = new PackageVerificationResponse(		final PackageVerificationResponse response = new PackageVerificationResponse(
	verificationCodeAtTimeout, callingUid);		verificationCodeAtTimeout, callingUid);

	@@ -4685,14 +4716,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	delay = 0;		delay = 0;
	}		}

	if ((state != null) && !state.timeoutExtended()) {
	state.extendTimeout();

	final Message msg = mHandler.obtainMessage(PackageManagerService.PACKAGE_VERIFIED);		final Message msg = mHandler.obtainMessage(PackageManagerService.PACKAGE_VERIFIED);
	msg.arg1 = id;		msg.arg1 = id;
	msg.obj = response;		msg.obj = response;
	mHandler.sendMessageDelayed(msg, delay);		mHandler.sendMessageDelayed(msg, delay);
	}
	});		});
	}		}

	@@ -5862,18 +5889,32 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	}		}

	@Override		@Override
	public void verifyPendingInstall(int id, int verificationCode) throws RemoteException {		public void verifyPendingInstall(int verificationId, int verificationCode)
			throws RemoteException {
			// Negative ids correspond to testing verifiers and will be silently enforced in
			// the handler thread.
			if (verificationId >= 0) {
	mContext.enforceCallingOrSelfPermission(		mContext.enforceCallingOrSelfPermission(
	Manifest.permission.PACKAGE_VERIFICATION_AGENT,		Manifest.permission.PACKAGE_VERIFICATION_AGENT,
	"Only package verification agents can verify applications");		"Only package verification agents can verify applications");
			}
	final int callingUid = Binder.getCallingUid();		final int callingUid = Binder.getCallingUid();

			mHandler.post(() -> {
			final int id = verificationId >= 0 ? verificationId : -verificationId;
			final PackageVerificationState state = mPendingVerification.get(id);
			if (state == null \|\| !state.checkRequiredVerifierUid(callingUid)) {
			// Only allow calls from required verifiers.
			return;
			}

	final Message msg = mHandler.obtainMessage(PackageManagerService.PACKAGE_VERIFIED);		final Message msg = mHandler.obtainMessage(PackageManagerService.PACKAGE_VERIFIED);
	final PackageVerificationResponse response = new PackageVerificationResponse(		final PackageVerificationResponse response = new PackageVerificationResponse(
	verificationCode, callingUid);		verificationCode, callingUid);
	msg.arg1 = id;		msg.arg1 = id;
	msg.obj = response;		msg.obj = response;
	mHandler.sendMessage(msg);		mHandler.sendMessage(msg);
			});
	}		}

	@Override		@Override
	@@ -5928,7 +5969,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	mRequiredInstallerPackage,		mRequiredInstallerPackage,
	mRequiredUninstallerPackage,		mRequiredUninstallerPackage,
	mSetupWizardPackage,		mSetupWizardPackage,
	mRequiredVerifierPackage,		mRequiredVerifierPackages,
	mDefaultTextClassifierPackage,		mDefaultTextClassifierPackage,
	mSystemTextClassifierPackageName,		mSystemTextClassifierPackageName,
	mRequiredPermissionControllerPackage,		mRequiredPermissionControllerPackage,
	@@ -5949,7 +5990,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	protectedBroadcasts = new ArraySet<>(mProtectedBroadcasts);		protectedBroadcasts = new ArraySet<>(mProtectedBroadcasts);
	}		}
	new DumpHelper(mPermissionManager, mStorageEventHelper,		new DumpHelper(mPermissionManager, mStorageEventHelper,
	mDomainVerificationManager, mInstallerService, mRequiredVerifierPackage,		mDomainVerificationManager, mInstallerService, mRequiredVerifierPackages,
	knownPackages, mChangedPackagesTracker, availableFeatures, protectedBroadcasts,		knownPackages, mChangedPackagesTracker, availableFeatures, protectedBroadcasts,
	getPerUidReadTimeouts(snapshot)		getPerUidReadTimeouts(snapshot)
	).doDump(snapshot, fd, pw, args);		).doDump(snapshot, fd, pw, args);
	@@ -6956,7 +6997,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	mRequiredInstallerPackage,		mRequiredInstallerPackage,
	mRequiredUninstallerPackage,		mRequiredUninstallerPackage,
	mSetupWizardPackage,		mSetupWizardPackage,
	mRequiredVerifierPackage,		mRequiredVerifierPackages,
	mDefaultTextClassifierPackage,		mDefaultTextClassifierPackage,
	mSystemTextClassifierPackageName,		mSystemTextClassifierPackageName,
	mRequiredPermissionControllerPackage,		mRequiredPermissionControllerPackage,