Merge "BinaryTransparencyService: Update adb shell cmd." (357ca344) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/BinaryTransparencyService.java

+106 −58

Original line number	Original line	Diff line number	Diff line
	@@ -476,6 +476,7 @@ public class BinaryTransparencyService extends SystemService {
	}		}

	private void printPackageMeasurements(PackageInfo packageInfo,		private void printPackageMeasurements(PackageInfo packageInfo,
			boolean useSha256,
	final PrintWriter pw) {		final PrintWriter pw) {
	Map<Integer, byte[]> contentDigests = computeApkContentDigest(		Map<Integer, byte[]> contentDigests = computeApkContentDigest(
	packageInfo.applicationInfo.sourceDir);		packageInfo.applicationInfo.sourceDir);
	@@ -485,6 +486,14 @@ public class BinaryTransparencyService extends SystemService {
	return;		return;
	}		}

			if (useSha256) {
			byte[] fileBuff = PackageUtils.createLargeFileBuffer();
			String hexEncodedSha256Digest =
			PackageUtils.computeSha256DigestForLargeFile(
			packageInfo.applicationInfo.sourceDir, fileBuff);
			pw.print(hexEncodedSha256Digest + ",");
			}

	for (Map.Entry<Integer, byte[]> entry : contentDigests.entrySet()) {		for (Map.Entry<Integer, byte[]> entry : contentDigests.entrySet()) {
	Integer algorithmId = entry.getKey();		Integer algorithmId = entry.getKey();
	byte[] contentDigest = entry.getValue();		byte[] contentDigest = entry.getValue();
	@@ -497,6 +506,7 @@ public class BinaryTransparencyService extends SystemService {
	}		}

	private void printPackageInstallationInfo(PackageInfo packageInfo,		private void printPackageInstallationInfo(PackageInfo packageInfo,
			boolean useSha256,
	final PrintWriter pw) {		final PrintWriter pw) {
	pw.println("--- Package Installation Info ---");		pw.println("--- Package Installation Info ---");
	pw.println("Current install location: "		pw.println("Current install location: "
	@@ -507,11 +517,13 @@ public class BinaryTransparencyService extends SystemService {
	pw.println("\|--> Pre-installed package install location: "		pw.println("\|--> Pre-installed package install location: "
	+ origPackageFilepath);		+ origPackageFilepath);

	// TODO(b/259347186): revive this with the proper cmd options.		if (useSha256) {
	/*		String sha256Digest = PackageUtils.computeSha256DigestForLargeFile(
	String digest = PackageUtils.computeSha256DigestForLargeFile(
	origPackageFilepath, PackageUtils.createLargeFileBuffer());		origPackageFilepath, PackageUtils.createLargeFileBuffer());
	*/		pw.println("\|--> Pre-installed package SHA-256 digest: "
			+ sha256Digest);
			}


	Map<Integer, byte[]> contentDigests = computeApkContentDigest(		Map<Integer, byte[]> contentDigests = computeApkContentDigest(
	origPackageFilepath);		origPackageFilepath);
	@@ -531,6 +543,8 @@ public class BinaryTransparencyService extends SystemService {
	}		}
	pw.println("First install time (ms): " + packageInfo.firstInstallTime);		pw.println("First install time (ms): " + packageInfo.firstInstallTime);
	pw.println("Last update time (ms): " + packageInfo.lastUpdateTime);		pw.println("Last update time (ms): " + packageInfo.lastUpdateTime);
			// TODO(b/261493591): Determination of whether a package is preinstalled can be
			// made more robust
	boolean isPreloaded = (packageInfo.firstInstallTime		boolean isPreloaded = (packageInfo.firstInstallTime
	== packageInfo.lastUpdateTime);		== packageInfo.lastUpdateTime);
	pw.println("Is preloaded: " + isPreloaded);		pw.println("Is preloaded: " + isPreloaded);
	@@ -560,6 +574,7 @@ public class BinaryTransparencyService extends SystemService {
	pw.println("ERROR: Package's signingInfo is null.");		pw.println("ERROR: Package's signingInfo is null.");
	return;		return;
	}		}
			// TODO(b/261501773): Handle printing of lineage of rotated keys.
	pw.println("--- Package Signer Info ---");		pw.println("--- Package Signer Info ---");
	pw.println("Has multiple signers: " + signerInfo.hasMultipleSigners());		pw.println("Has multiple signers: " + signerInfo.hasMultipleSigners());
	Signature[] packageSigners = signerInfo.getApkContentsSigners();		Signature[] packageSigners = signerInfo.getApkContentsSigners();
	@@ -669,15 +684,35 @@ public class BinaryTransparencyService extends SystemService {

	}		}

			private void printHeadersHelper(@NonNull String packageType,
			boolean useSha256,
			@NonNull final PrintWriter pw) {
			pw.print(packageType + " Info [Format: package_name,package_version,");
			if (useSha256) {
			pw.print("package_sha256_digest,");
			}
			pw.print("content_digest_algorithm:content_digest]:\n");
			}

	private int printAllApexs() {		private int printAllApexs() {
	final PrintWriter pw = getOutPrintWriter();		final PrintWriter pw = getOutPrintWriter();
	boolean verbose = false;		boolean verbose = false;
			boolean useSha256 = false;
			boolean printHeaders = true;
	String opt;		String opt;
	while ((opt = getNextOption()) != null) {		while ((opt = getNextOption()) != null) {
	switch (opt) {		switch (opt) {
	case "-v":		case "-v":
			case "--verbose":
	verbose = true;		verbose = true;
	break;		break;
			case "-o":
			case "--old":
			useSha256 = true;
			break;
			case "--no-headers":
			printHeaders = false;
			break;
	default:		default:
	pw.println("ERROR: Unknown option: " + opt);		pw.println("ERROR: Unknown option: " + opt);
	return 1;		return 1;
	@@ -690,23 +725,17 @@ public class BinaryTransparencyService extends SystemService {
	return -1;		return -1;
	}		}

	if (!verbose) {		if (!verbose && printHeaders) {
	pw.println("APEX Info [Format: package_name,package_version,"		printHeadersHelper("APEX", useSha256, pw);
	// TODO(b/259347186): revive via special cmd line option
	//+ "package_sha256_digest,"
	+ "content_digest_algorithm:content_digest]:");
	}		}
	for (PackageInfo packageInfo : getCurrentInstalledApexs()) {		for (PackageInfo packageInfo : getCurrentInstalledApexs()) {
	if (verbose) {		if (verbose && printHeaders) {
	pw.println("APEX Info [Format: package_name,package_version,"		printHeadersHelper("APEX", useSha256, pw);
	// TODO(b/259347186): revive via special cmd line option
	//+ "package_sha256_digest,"
	+ "content_digest_algorithm:content_digest]:");
	}		}
	String packageName = packageInfo.packageName;		String packageName = packageInfo.packageName;
	pw.print(packageName + ","		pw.print(packageName + ","
	+ packageInfo.getLongVersionCode() + ",");		+ packageInfo.getLongVersionCode() + ",");
	printPackageMeasurements(packageInfo, pw);		printPackageMeasurements(packageInfo, useSha256, pw);

	if (verbose) {		if (verbose) {
	ModuleInfo moduleInfo;		ModuleInfo moduleInfo;
	@@ -718,7 +747,7 @@ public class BinaryTransparencyService extends SystemService {
	pw.println("Is a module: false");		pw.println("Is a module: false");
	}		}

	printPackageInstallationInfo(packageInfo, pw);		printPackageInstallationInfo(packageInfo, useSha256, pw);
	printPackageSignerDetails(packageInfo.signingInfo, pw);		printPackageSignerDetails(packageInfo.signingInfo, pw);
	pw.println("");		pw.println("");
	}		}
	@@ -729,12 +758,22 @@ public class BinaryTransparencyService extends SystemService {
	private int printAllModules() {		private int printAllModules() {
	final PrintWriter pw = getOutPrintWriter();		final PrintWriter pw = getOutPrintWriter();
	boolean verbose = false;		boolean verbose = false;
			boolean useSha256 = false;
			boolean printHeaders = true;
	String opt;		String opt;
	while ((opt = getNextOption()) != null) {		while ((opt = getNextOption()) != null) {
	switch (opt) {		switch (opt) {
	case "-v":		case "-v":
			case "--verbose":
	verbose = true;		verbose = true;
	break;		break;
			case "-o":
			case "--old":
			useSha256 = true;
			break;
			case "--no-headers":
			printHeaders = false;
			break;
	default:		default:
	pw.println("ERROR: Unknown option: " + opt);		pw.println("ERROR: Unknown option: " + opt);
	return 1;		return 1;
	@@ -747,32 +786,25 @@ public class BinaryTransparencyService extends SystemService {
	return -1;		return -1;
	}		}

	if (!verbose) {		if (!verbose && printHeaders) {
	pw.println("Module Info [Format: package_name,package_version,"		printHeadersHelper("Module", useSha256, pw);
	// TODO(b/259347186): revive via special cmd line option
	//+ "package_sha256_digest,"
	+ "content_digest_algorithm:content_digest]:");
	}		}
	for (ModuleInfo module : pm.getInstalledModules(PackageManager.MATCH_ALL)) {		for (ModuleInfo module : pm.getInstalledModules(PackageManager.MATCH_ALL)) {
	String packageName = module.getPackageName();		String packageName = module.getPackageName();
	if (verbose) {		if (verbose && printHeaders) {
	pw.println("Module Info [Format: package_name,package_version,"		printHeadersHelper("Module", useSha256, pw);
	// TODO(b/259347186): revive via special cmd line option
	//+ "package_sha256_digest,"
	+ "content_digest_algorithm:content_digest]:");
	}		}
	try {		try {
	PackageInfo packageInfo = pm.getPackageInfo(packageName,		PackageInfo packageInfo = pm.getPackageInfo(packageName,
	PackageManager.MATCH_APEX		PackageManager.MATCH_APEX
	\| PackageManager.GET_SIGNING_CERTIFICATES);		\| PackageManager.GET_SIGNING_CERTIFICATES);
	//pw.print("package:");
	pw.print(packageInfo.packageName + ",");		pw.print(packageInfo.packageName + ",");
	pw.print(packageInfo.getLongVersionCode() + ",");		pw.print(packageInfo.getLongVersionCode() + ",");
	printPackageMeasurements(packageInfo, pw);		printPackageMeasurements(packageInfo, useSha256, pw);

	if (verbose) {		if (verbose) {
	printModuleDetails(module, pw);		printModuleDetails(module, pw);
	printPackageInstallationInfo(packageInfo, pw);		printPackageInstallationInfo(packageInfo, useSha256, pw);
	printPackageSignerDetails(packageInfo.signingInfo, pw);		printPackageSignerDetails(packageInfo.signingInfo, pw);
	pw.println("");		pw.println("");
	}		}
	@@ -793,41 +825,45 @@ public class BinaryTransparencyService extends SystemService {
	final PrintWriter pw = getOutPrintWriter();		final PrintWriter pw = getOutPrintWriter();
	boolean verbose = false;		boolean verbose = false;
	boolean printLibraries = false;		boolean printLibraries = false;
			boolean useSha256 = false;
			boolean printHeaders = true;
	String opt;		String opt;
	while ((opt = getNextOption()) != null) {		while ((opt = getNextOption()) != null) {
	switch (opt) {		switch (opt) {
	case "-v":		case "-v":
			case "--verbose":
	verbose = true;		verbose = true;
	break;		break;
	case "-l":		case "-l":
	printLibraries = true;		printLibraries = true;
	break;		break;
			case "-o":
			case "--old":
			useSha256 = true;
			break;
			case "--no-headers":
			printHeaders = false;
			break;
	default:		default:
	pw.println("ERROR: Unknown option: " + opt);		pw.println("ERROR: Unknown option: " + opt);
	return 1;		return 1;
	}		}
	}		}

	if (!verbose) {		if (!verbose && printHeaders) {
	pw.println("MBA Info [Format: package_name,package_version,"		printHeadersHelper("MBA", useSha256, pw);
	// TODO(b/259347186): revive via special cmd line option
	//+ "package_sha256_digest,"
	+ "content_digest_algorithm:content_digest]:");
	}		}
	for (PackageInfo packageInfo : getNewlyInstalledMbas()) {		for (PackageInfo packageInfo : getNewlyInstalledMbas()) {
	if (verbose) {		if (verbose && printHeaders) {
	pw.println("MBA Info [Format: package_name,package_version,"		printHeadersHelper("MBA", useSha256, pw);
	// TODO(b/259347186): revive via special cmd line option
	//+ "package_sha256_digest,"
	+ "content_digest_algorithm:content_digest]:");
	}		}
	pw.print(packageInfo.packageName + ",");		pw.print(packageInfo.packageName + ",");
	pw.print(packageInfo.getLongVersionCode() + ",");		pw.print(packageInfo.getLongVersionCode() + ",");
	printPackageMeasurements(packageInfo, pw);		printPackageMeasurements(packageInfo, useSha256, pw);

	if (verbose) {		if (verbose) {
	printAppDetails(packageInfo, printLibraries, pw);		printAppDetails(packageInfo, printLibraries, pw);
	printPackageInstallationInfo(packageInfo, pw);		printPackageInstallationInfo(packageInfo, useSha256, pw);
	printPackageSignerDetails(packageInfo.signingInfo, pw);		printPackageSignerDetails(packageInfo.signingInfo, pw);
	pw.println("");		pw.println("");
	}		}
	@@ -901,20 +937,32 @@ public class BinaryTransparencyService extends SystemService {
	pw.println(" Print information about loaded image (firmware). Options:");		pw.println(" Print information about loaded image (firmware). Options:");
	pw.println(" -a: lists all other identifiable partitions.");		pw.println(" -a: lists all other identifiable partitions.");
	pw.println("");		pw.println("");
	pw.println(" get apex_info [-v]");		pw.println(" get apex_info [-o] [-v] [--no-headers]");
	pw.println(" Print information about installed APEXs on device.");		pw.println(" Print information about installed APEXs on device.");
			pw.println(" -o: also uses the old digest scheme (SHA256) to compute "
			+ "APEX hashes. WARNING: This can be a very slow and CPU-intensive "
			+ "computation.");
	pw.println(" -v: lists more verbose information about each APEX.");		pw.println(" -v: lists more verbose information about each APEX.");
			pw.println(" --no-headers: does not print the header if specified");
	pw.println("");		pw.println("");
	pw.println(" get module_info [-v]");		pw.println(" get module_info [-o] [-v] [--no-headers]");
	pw.println(" Print information about installed modules on device.");		pw.println(" Print information about installed modules on device.");
			pw.println(" -o: also uses the old digest scheme (SHA256) to compute "
			+ "module hashes. WARNING: This can be a very slow and "
			+ "CPU-intensive computation.");
	pw.println(" -v: lists more verbose information about each module.");		pw.println(" -v: lists more verbose information about each module.");
			pw.println(" --no-headers: does not print the header if specified");
	pw.println("");		pw.println("");
	pw.println(" get mba_info [-v] [-l]");		pw.println(" get mba_info [-o] [-v] [-l] [--no-headers]");
	pw.println(" Print information about installed mobile bundle apps "		pw.println(" Print information about installed mobile bundle apps "
	+ "(MBAs on device).");		+ "(MBAs on device).");
			pw.println(" -o: also uses the old digest scheme (SHA256) to compute "
			+ "MBA hashes. WARNING: This can be a very slow and CPU-intensive "
			+ "computation.");
	pw.println(" -v: lists more verbose information about each app.");		pw.println(" -v: lists more verbose information about each app.");
	pw.println(" -l: lists shared library info. This will only be "		pw.println(" -l: lists shared library info. (This option only works "
	+ "listed with -v");		+ "when -v option is also specified)");
			pw.println(" --no-headers: does not print the header if specified");
	pw.println("");		pw.println("");
	}		}