Add streaming verification path. (2daef5f3) · Commits · e / os / android_frameworks_base

core/java/android/provider/Settings.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -11558,6 +11558,12 @@ public final class Settings {
		@Readable
		public static final String PACKAGE_VERIFIER_TIMEOUT = "verifier_timeout";

		/** Timeout for package verification during streaming installations.
		* @hide */
		@Readable
		public static final String PACKAGE_STREAMING_VERIFIER_TIMEOUT =
		"streaming_verifier_timeout";

		/** Timeout for app integrity verification.
		* @hide */
		@Readable

packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -396,6 +396,7 @@ public class SettingsBackupTest {
		Settings.Global.OTA_DISABLE_AUTOMATIC_UPDATE,
		Settings.Global.OVERLAY_DISPLAY_DEVICES,
		Settings.Global.PAC_CHANGE_DELAY,
		Settings.Global.PACKAGE_STREAMING_VERIFIER_TIMEOUT,
		Settings.Global.PACKAGE_VERIFIER_DEFAULT_RESPONSE,
		Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB,
		Settings.Global.PACKAGE_VERIFIER_SETTING_VISIBLE,

services/core/java/com/android/server/pm/DomainVerificationConnection.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -76,7 +76,7 @@ public final class DomainVerificationConnection implements DomainVerificationSer

		@Override
		public long getPowerSaveTempWhitelistAppDuration() {
		return VerificationUtils.getVerificationTimeout(mPm.mContext);
		return VerificationUtils.getDefaultVerificationTimeout(mPm.mContext);
		}

		@Override

services/core/java/com/android/server/pm/InstallPackageHelper.java

+0 −57

Original line number	Diff line number	Diff line
		@@ -56,7 +56,6 @@ import static com.android.server.pm.PackageManagerService.DEBUG_COMPRESSION;
		import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL;
		import static com.android.server.pm.PackageManagerService.DEBUG_PACKAGE_SCANNING;
		import static com.android.server.pm.PackageManagerService.DEBUG_REMOVE;
		import static com.android.server.pm.PackageManagerService.DEBUG_VERIFY;
		import static com.android.server.pm.PackageManagerService.EMPTY_INT_ARRAY;
		import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;
		import static com.android.server.pm.PackageManagerService.POST_INSTALL;
		@@ -90,7 +89,6 @@ import static com.android.server.pm.PackageManagerServiceUtils.verifySignatures;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.AppOpsManager;
		import android.app.ApplicationPackageManager;
		import android.app.backup.IBackupManager;
		import android.content.ContentResolver;
		@@ -190,11 +188,6 @@ import java.util.Set;
		import java.util.concurrent.ExecutorService;

		final class InstallPackageHelper {
		/**
		* Whether verification is enabled by default.
		*/
		private static final boolean DEFAULT_VERIFY_ENABLE = true;

		private final PackageManagerService mPm;
		private final AppDataHelper mAppDataHelper;
		private final PackageManagerServiceInjector mInjector;
		@@ -2829,56 +2822,6 @@ final class InstallPackageHelper {
		}
		}

		/**
		* Check whether or not package verification has been enabled.
		*
		* @return true if verification should be performed
		*/
		boolean isVerificationEnabled(PackageInfoLite pkgInfoLite, int userId, int installFlags,
		int installerUid) {
		if (!DEFAULT_VERIFY_ENABLE) {
		return false;
		}

		// Check if installing from ADB
		if ((installFlags & PackageManager.INSTALL_FROM_ADB) != 0) {
		if (mPm.isUserRestricted(userId, UserManager.ENSURE_VERIFY_APPS)) {
		return true;
		}
		// Check if the developer wants to skip verification for ADB installs
		if ((installFlags & PackageManager.INSTALL_DISABLE_VERIFICATION) != 0) {
		synchronized (mPm.mLock) {
		if (mPm.mSettings.getPackageLPr(pkgInfoLite.packageName) == null) {
		// Always verify fresh install
		return true;
		}
		}
		// Only skip when apk is debuggable
		return !pkgInfoLite.debuggable;
		}
		return android.provider.Settings.Global.getInt(mPm.mContext.getContentResolver(),
		android.provider.Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, 1) != 0;
		}

		// only when not installed from ADB, skip verification for instant apps when
		// the installer and verifier are the same.
		if ((installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) {
		if (mPm.mInstantAppInstallerActivity != null
		&& mPm.mInstantAppInstallerActivity.packageName.equals(
		mPm.mRequiredVerifierPackage)) {
		try {
		mPm.mInjector.getSystemService(AppOpsManager.class)
		.checkPackage(installerUid, mPm.mRequiredVerifierPackage);
		if (DEBUG_VERIFY) {
		Slog.i(TAG, "disable verification for instant app");
		}
		return false;
		} catch (SecurityException ignore) { }
		}
		}
		return true;
		}

		public void sendPendingBroadcasts() {
		String[] packages;
		ArrayList<String>[] components;

services/core/java/com/android/server/pm/PackageHandler.java

+40 −50

Original line number	Diff line number	Diff line
		@@ -22,7 +22,6 @@ import static com.android.server.pm.PackageManagerService.CHECK_PENDING_INTEGRIT
		import static com.android.server.pm.PackageManagerService.CHECK_PENDING_VERIFICATION;
		import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL;
		import static com.android.server.pm.PackageManagerService.DEFAULT_UNUSED_STATIC_SHARED_LIB_MIN_CACHE_PERIOD;
		import static com.android.server.pm.PackageManagerService.DEFAULT_VERIFICATION_RESPONSE;
		import static com.android.server.pm.PackageManagerService.DEFERRED_NO_KILL_INSTALL_OBSERVER;
		import static com.android.server.pm.PackageManagerService.DEFERRED_NO_KILL_POST_DELETE;
		import static com.android.server.pm.PackageManagerService.DOMAIN_VERIFICATION;
		@@ -47,14 +46,12 @@ import android.content.pm.InstantAppRequest;
		import android.content.pm.PackageManager;
		import android.content.pm.PackageManagerInternal;
		import android.net.Uri;
		import android.os.Binder;
		import android.os.Handler;
		import android.os.Looper;
		import android.os.Message;
		import android.os.Process;
		import android.os.Trace;
		import android.os.UserHandle;
		import android.os.UserManager;
		import android.provider.Settings;
		import android.util.Log;
		import android.util.Slog;
		@@ -154,10 +151,20 @@ final class PackageHandler extends Handler {
		} break;
		case CHECK_PENDING_VERIFICATION: {
		final int verificationId = msg.arg1;
		final boolean streaming = msg.arg2 != 0;
		final PackageVerificationState state = mPm.mPendingVerification.get(verificationId);

		if ((state != null) && !state.isVerificationComplete()
		&& !state.timeoutExtended()) {
		if (state == null \|\| state.isVerificationComplete()) {
		// Not found or complete.
		break;
		}
		if (!streaming && state.timeoutExtended()) {
		// Timeout extended.
		break;
		}

		final PackageVerificationResponse response = (PackageVerificationResponse) msg.obj;

		final VerificationParams params = state.getVerificationParams();
		final Uri originUri = Uri.fromFile(params.mOriginInfo.mResolvedFile);

		@@ -165,11 +172,9 @@ final class PackageHandler extends Handler {
		Slog.i(TAG, errorMsg);

		final UserHandle user = params.getUser();
		if (getDefaultVerificationResponse(user)
		== PackageManager.VERIFICATION_ALLOW) {
		if (response.code != PackageManager.VERIFICATION_REJECT) {
		Slog.i(TAG, "Continuing with installation of " + originUri);
		state.setVerifierResponse(Binder.getCallingUid(),
		PackageManager.VERIFICATION_ALLOW_WITHOUT_SUFFICIENT);
		state.setVerifierResponse(response.callerUid, response.code);
		VerificationUtils.broadcastPackageVerified(verificationId, originUri,
		PackageManager.VERIFICATION_ALLOW, null, params.mDataLoaderType,
		user, mPm.mContext);
		@@ -179,8 +184,7 @@ final class PackageHandler extends Handler {
		params.mDataLoaderType, user, mPm.mContext);
		params.setReturnCode(
		PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE, errorMsg);
		state.setVerifierResponse(Binder.getCallingUid(),
		PackageManager.VERIFICATION_REJECT);
		state.setVerifierResponse(response.callerUid, response.code);
		}

		if (state.areAllVerificationsComplete()) {
		@@ -191,8 +195,6 @@ final class PackageHandler extends Handler {
		TRACE_TAG_PACKAGE_MANAGER, "verification", verificationId);

		params.handleVerificationFinished();

		}
		break;
		}
		case CHECK_PENDING_INTEGRITY_VERIFICATION: {
		@@ -241,9 +243,12 @@ final class PackageHandler extends Handler {
		+ " It may be invalid or overridden by integrity verification");
		break;
		}
		if (state.isVerificationComplete()) {
		Slog.w(TAG, "Verification with id " + verificationId + " already complete.");
		break;
		}

		final PackageVerificationResponse response = (PackageVerificationResponse) msg.obj;

		state.setVerifierResponse(response.callerUid, response.code);

		if (state.isVerificationComplete()) {
		@@ -396,21 +401,6 @@ final class PackageHandler extends Handler {
		}
		}

		/**
		* Get the default verification agent response code.
		*
		* @return default verification response code
		*/
		private int getDefaultVerificationResponse(UserHandle user) {
		if (mPm.mUserManager.hasUserRestriction(UserManager.ENSURE_VERIFY_APPS,
		user.getIdentifier())) {
		return PackageManager.VERIFICATION_REJECT;
		}
		return android.provider.Settings.Global.getInt(mPm.mContext.getContentResolver(),
		android.provider.Settings.Global.PACKAGE_VERIFIER_DEFAULT_RESPONSE,
		DEFAULT_VERIFICATION_RESPONSE);
		}

		/**
		* Get the default integrity verification response code.
		*/