Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 26dee801 authored by Song Pan's avatar Song Pan
Browse files

Send broadcast to integrity component during installation. 

Change-Id: Icf3d9b8602f0922d1f41a64df6f7e8fa4e23eeb0
Test: locally flashing device and installing app and verifying logcat
parent d19b5e51

core/java/android/content/Intent.java

+1 −0
Original line number Diff line number Diff line
@@ -11050,6 +11050,7 @@ public class Intent implements Parcelable, Cloneable { 
                case ACTION_MEDIA_SCANNER_FINISHED:

                case ACTION_MEDIA_SCANNER_SCAN_FILE:

                case ACTION_PACKAGE_NEEDS_VERIFICATION:

                case ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION:

                case ACTION_PACKAGE_VERIFIED:

                case ACTION_PACKAGE_ENABLE_ROLLBACK:

                    // Ignore legacy actions

services/core/java/android/content/pm/PackageManagerInternal.java

+26 −5
Original line number Diff line number Diff line
@@ -66,6 +66,27 @@ public abstract class PackageManagerInternal { 
    public static final int PACKAGE_WIFI = 13;

    public static final int PACKAGE_COMPANION = 14;



    @IntDef(value = {

            INTEGRITY_VERIFICATION_ALLOW,

            INTEGRITY_VERIFICATION_REJECT,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface IntegrityVerificationResult {}



    /**

     * Used as the {@code verificationCode} argument for

     * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the

     * integrity component allows the install to proceed.

     */

    public static final int INTEGRITY_VERIFICATION_ALLOW = 1;



    /**

     * Used as the {@code verificationCode} argument for

     * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the

     * integrity component does not allow install to proceed.

     */

    public static final int INTEGRITY_VERIFICATION_REJECT = 0;



    @IntDef(value = {

        PACKAGE_SYSTEM,

        PACKAGE_SETUP_WIZARD,
@@ -842,13 +863,13 @@ public abstract class PackageManagerInternal { 
     * {@link Intent#ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification

     * broadcast} to respond to the package manager. The response must include

     * the {@code verificationCode} which is one of

     * {@link PackageManager#VERIFICATION_ALLOW} or

     * {@link PackageManager#VERIFICATION_REJECT}.

     * {@link #INTEGRITY_VERIFICATION_ALLOW} and {@link #INTEGRITY_VERIFICATION_REJECT}.

     *

     * @param verificationId pending package identifier as passed via the

     *            {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra.

     * @param verificationResult either {@link PackageManager#VERIFICATION_ALLOW}

     *            or {@link PackageManager#VERIFICATION_REJECT}.

     * @param verificationResult either {@link #INTEGRITY_VERIFICATION_ALLOW}

     *            or {@link #INTEGRITY_VERIFICATION_REJECT}.

     */

    public abstract void setIntegrityVerificationResult(int verificationId, int verificationResult);

    public abstract void setIntegrityVerificationResult(int verificationId,

            @IntegrityVerificationResult int verificationResult);

}

services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

+9 −2
Original line number Diff line number Diff line
@@ -23,7 +23,6 @@ import android.content.BroadcastReceiver; 
import android.content.Context;

import android.content.Intent;

import android.content.IntentFilter;

import android.content.pm.PackageManager;

import android.content.pm.PackageManagerInternal;

import android.os.Handler;

import android.os.HandlerThread;
@@ -36,6 +35,8 @@ import com.android.server.LocalServices; 
class AppIntegrityManagerServiceImpl {

    private static final String TAG = "AppIntegrityManagerServiceImpl";



    private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive";



    private final Context mContext;

    private final Handler mHandler;

    private final PackageManagerInternal mPackageManagerInternal;
@@ -51,6 +52,11 @@ class AppIntegrityManagerServiceImpl { 


        IntentFilter integrityVerificationFilter = new IntentFilter();

        integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION);

        try {

            integrityVerificationFilter.addDataType(PACKAGE_MIME_TYPE);

        } catch (IntentFilter.MalformedMimeTypeException e) {

            throw new RuntimeException("Mime type malformed: should never happen.", e);

        }



        mContext.registerReceiver(

                new BroadcastReceiver() {
@@ -74,7 +80,8 @@ class AppIntegrityManagerServiceImpl { 
        int verificationId = intent.getIntExtra(EXTRA_VERIFICATION_ID, -1);

        // TODO: implement this method.

        Slog.i(TAG, "Received integrity verification intent " + intent.toString());

        Slog.i(TAG, "Extras " + intent.getExtras());

        mPackageManagerInternal.setIntegrityVerificationResult(

                verificationId, PackageManager.VERIFICATION_ALLOW);

                verificationId, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW);

    }

}

services/core/java/com/android/server/pm/PackageManagerService.java

+371 −147

File changed.

Preview size limit exceeded, changes collapsed.

services/core/java/com/android/server/pm/PackageVerificationState.java

+34 −24
Original line number Diff line number Diff line
@@ -22,18 +22,17 @@ import android.util.SparseBooleanArray; 
import com.android.server.pm.PackageManagerService.InstallParams;



/**

 * Tracks the package verification state for a particular package. Each package

 * verification has a required verifier and zero or more sufficient verifiers.

 * Only one of the sufficient verifier list must return affirmative to allow the

 * package to be considered verified. If there are zero sufficient verifiers,

 * then package verification is considered complete.

 * Tracks the package verification state for a particular package. Each package verification has a

 * required verifier and zero or more sufficient verifiers. Only one of the sufficient verifier list

 * must return affirmative to allow the package to be considered verified. If there are zero

 * sufficient verifiers, then package verification is considered complete.

 */

class PackageVerificationState {

    private final InstallParams mParams;



    private final SparseBooleanArray mSufficientVerifierUids;



    private final int mRequiredVerifierUid;

    private int mRequiredVerifierUid;



    private boolean mSufficientVerificationComplete;
@@ -45,16 +44,13 @@ class PackageVerificationState { 


    private boolean mExtendedTimeout;



    private boolean mIntegrityVerificationComplete;



    /**

     * Create a new package verification state where {@code requiredVerifierUid}

     * is the user ID for the package that must reply affirmative before things

     * can continue.

     *

     * @param requiredVerifierUid user ID of required package verifier

     * @param args

     * Create a new package verification state where {@code requiredVerifierUid} is the user ID for

     * the package that must reply affirmative before things can continue.

     */

    PackageVerificationState(int requiredVerifierUid, InstallParams params) {

        mRequiredVerifierUid = requiredVerifierUid;

    PackageVerificationState(InstallParams params) {

        mParams = params;

        mSufficientVerifierUids = new SparseBooleanArray();

        mExtendedTimeout = false;
@@ -64,6 +60,11 @@ class PackageVerificationState { 
        return mParams;

    }



    /** Sets the user ID of the required package verifier. */

    void setRequiredVerifierUid(int uid) {

        mRequiredVerifierUid = uid;

    }



    /**

     * Add a verifier which is added to our sufficient list.

     *
@@ -74,8 +75,8 @@ class PackageVerificationState { 
    }



    /**

     * Should be called when a verification is received from an agent so the

     * state of the package verification can be tracked.

     * Should be called when a verification is received from an agent so the state of the package

     * verification can be tracked.

     *

     * @param uid user ID of the verifying agent

     * @return {@code true} if the verifying agent actually exists in our list
@@ -114,9 +115,8 @@ class PackageVerificationState { 
    }



    /**

     * Returns whether verification is considered complete. This means that the

     * required verifier and at least one of the sufficient verifiers has

     * returned a positive verification.

     * Returns whether verification is considered complete. This means that the required verifier

     * and at least one of the sufficient verifiers has returned a positive verification.

     *

     * @return {@code true} when verification is considered complete

     */
@@ -133,8 +133,8 @@ class PackageVerificationState { 
    }



    /**

     * Returns whether installation should be allowed. This should only be

     * called after {@link #isVerificationComplete()} returns {@code true}.

     * Returns whether installation should be allowed. This should only be called after {@link

     * #isVerificationComplete()} returns {@code true}.

     *

     * @return {@code true} if installation should be allowed

     */
@@ -150,9 +150,7 @@ class PackageVerificationState { 
        return true;

    }



    /**

     * Extend the timeout for this Package to be verified.

     */

    /** Extend the timeout for this Package to be verified. */

    void extendTimeout() {

        if (!mExtendedTimeout) {

            mExtendedTimeout = true;
@@ -167,4 +165,16 @@ class PackageVerificationState { 
    boolean timeoutExtended() {

        return mExtendedTimeout;

    }



    void setIntegrityVerificationResult(int code) {

        mIntegrityVerificationComplete = true;

    }



    boolean isIntegrityVerificationComplete() {

        return mIntegrityVerificationComplete;

    }



    boolean areAllVerificationsComplete() {

        return mIntegrityVerificationComplete && isVerificationComplete();

    }

}