[6/N] allow adb installs to bypass verifier

        public int unarchiveId = -1;

        /** {@hide} */

        public @Nullable String dexoptCompilerFilter = null;

        /** {@hide} */

        public boolean forceVerification;

        private final ArrayMap<String, Integer> mPermissionStates;

            developmentInstallFlags = source.readInt();

            unarchiveId = source.readInt();

            dexoptCompilerFilter = source.readString();

            forceVerification = source.readBoolean();

        }

        /** {@hide} */

            ret.developmentInstallFlags = developmentInstallFlags;

            ret.unarchiveId = unarchiveId;

            ret.dexoptCompilerFilter = dexoptCompilerFilter;

            ret.forceVerification = forceVerification;

            return ret;

        }

            return grantedPermissions.toArray(ArrayUtils.emptyArray(String.class));

        }

        /**

         * Used by adb installations to force enable the verification for this install.

         * {@hide}

         */

        public void setForceVerification() {

            this.forceVerification = true;

        }

        /** {@hide} */

        public void dump(IndentingPrintWriter pw) {

            pw.printPair("mode", mode);

            pw.printHexPair("developmentInstallFlags", developmentInstallFlags);

            pw.printPair("unarchiveId", unarchiveId);

            pw.printPair("dexoptCompilerFilter", dexoptCompilerFilter);

            pw.printPair("forceVerification", forceVerification);

            pw.println();

        }

            dest.writeInt(developmentInstallFlags);

            dest.writeInt(unarchiveId);

            dest.writeString(dexoptCompilerFilter);

            dest.writeBoolean(forceVerification);

        }

        public static final Parcelable.Creator<SessionParams>

import java.util.concurrent.atomic.AtomicBoolean;

import java.util.concurrent.atomic.AtomicInteger;

import java.util.function.Predicate;

import java.util.function.Supplier;

public class PackageInstallerSession extends IPackageInstallerSession.Stub {

    private static final String TAG = "PackageInstallerSession";

            }

        }

        if (Flags.verificationService()) {

        if (shouldUseVerificationService()) {

            // Start binding to the verification service, if not bound already.

            mVerifierController.bindToVerifierServiceIfNeeded(() -> pm.snapshotComputer(), userId);

            mVerifierController.bindToVerifierServiceIfNeeded(mPm::snapshotComputer, userId);

            if (!TextUtils.isEmpty(params.appPackageName)) {

                mVerifierController.notifyPackageNameAvailable(params.appPackageName);

            }

            setSessionFailed(e.error, errorMsg);

            onSessionVerificationFailure(e.error, errorMsg, /* extras= */ null);

        }

        if (Flags.verificationService()) {

            final Supplier<Computer> snapshotSupplier = mPm::snapshotComputer;

            if (mVerifierController.isVerifierInstalled(snapshotSupplier, userId)) {

        if (shouldUseVerificationService()) {

            final SigningInfo signingInfo;

            final List<SharedLibraryInfo> declaredLibraries;

            synchronized (mLock) {

            }

            // Send the request to the verifier and wait for its response before the rest of

            // the installation can proceed.

                if (!mVerifierController.startVerificationSession(snapshotSupplier, userId,

            if (!mVerifierController.startVerificationSession(mPm::snapshotComputer, userId,

                    sessionId, getPackageName(), Uri.fromFile(stageDir), signingInfo,

                    declaredLibraries, mVerificationPolicy.get(), /* extensionParams= */ null,

                    new VerifierCallback(), /* retry= */ false)) {

                        /* extras= */ null);

            }

        } else {

                // Verifier is not installed. Let the installation pass for now.

            // No need to check with verifier. Proceed with the rest of the verification.

            resumeVerify();

        }

        } else {

            // New verification feature is not enabled. Proceed to the rest of the verification.

            resumeVerify();

    }

    private boolean shouldUseVerificationService() {

        if (!Flags.verificationService()) {

            // Feature is not enabled.

            return false;

        }

        if ((params.installFlags & PackageManager.INSTALL_FROM_ADB) != 0) {

            // adb installs are exempted from verification unless explicitly requested

            if (!params.forceVerification) {

                return false;

            }

        }

        final String verifierPackageName = mVerifierController.getVerifierPackageName(

                mPm::snapshotComputer, userId);

        if (verifierPackageName == null) {

            // Feature is enabled but no verifier installed.

            return false;

        }

        synchronized (mLock) {

            if (verifierPackageName.equals(mPackageName)) {

                // The verifier itself is being updated. Skip.

                Slog.w(TAG, "Skipping verification service because the verifier is being updated");

                return false;

            }

        }

        return true;

    }

    private void resumeVerify() {

            }

        } catch (InstallerException ignored) {

        }

        if (Flags.verificationService()

        if (shouldUseVerificationService()

                && !TextUtils.isEmpty(params.appPackageName)

                && !isCommitted()) {

            // Only notify for the cancellation if the verification request has not

                            .setCompilerFilter(sessionParams.dexoptCompilerFilter)

                            .build();

                    break;

                case "--force-verification":

                    sessionParams.setForceVerification();

                    break;

                default:

                    throw new IllegalArgumentException("Unknown option " + opt);

            }

        pw.println("          https://source.android.com/docs/core/runtime/configure"

                + "#compiler_filters");

        pw.println("          or 'skip'");

        pw.println("      --force-verification: if set, enable the verification for this install");

        pw.println("");

        pw.println("  install-existing [--user USER_ID|all|current]");

        pw.println("       [--instant] [--full] [--wait] [--restrict-permissions] PACKAGE");

    private final @CurrentTimeMillisLong long mMaxTimeoutTime;

    @NonNull

    private final VerifierController.Injector mInjector;

    // Record the package name associated with the verification result

    @NonNull

    private final String mPackageName;

    /**

     * By default, the timeout time is the default timeout duration plus the current time (when

     * can be extended via {@link #extendTimeRemaining} to the maximum allowed.

     */

    @VisibleForTesting(visibility = VisibleForTesting.Visibility.PROTECTED)

    public VerificationStatusTracker(@NonNull String packageName,

            long defaultTimeoutMillis, long maxExtendedTimeoutMillis,

    public VerificationStatusTracker(long defaultTimeoutMillis, long maxExtendedTimeoutMillis,

            @NonNull VerifierController.Injector injector) {

        mPackageName = packageName;

        mStartTime = injector.getCurrentTimeMillis();

        mTimeoutTime = mStartTime + defaultTimeoutMillis;

        mMaxTimeoutTime = mStartTime + maxExtendedTimeoutMillis;

    public boolean isTimeout() {

        return mInjector.getCurrentTimeMillis() >= mTimeoutTime;

    }

    @NonNull

    public String getPackageName() {

        return mPackageName;

    }

}

    }

    /**

     * Used by the installation session to check if a verifier is installed.

     * Used by the installation session to get the package name of the installed verifier.

     */

    public boolean isVerifierInstalled(Supplier<Computer> snapshotSupplier, int userId) {

    @Nullable

    public String getVerifierPackageName(Supplier<Computer> snapshotSupplier, int userId) {

        if (isVerifierConnected()) {

            // Verifier is connected or is being connected, so it must be installed.

            return true;

            return mRemoteServiceComponentName.getPackageName();

        }

        // Verifier has been disconnected, or it hasn't been connected. Check if it's installed.

        return mInjector.isVerifierInstalled(snapshotSupplier.get(), userId);

        return mInjector.getVerifierPackageName(snapshotSupplier.get(), userId);

    }

    /**

        final long defaultTimeoutMillis = mInjector.getVerificationRequestTimeoutMillis();

        final long maxExtendedTimeoutMillis = mInjector.getMaxVerificationExtendedTimeoutMillis();

        final VerificationStatusTracker tracker = new VerificationStatusTracker(

                packageName, defaultTimeoutMillis, maxExtendedTimeoutMillis, mInjector);

                defaultTimeoutMillis, maxExtendedTimeoutMillis, mInjector);

        synchronized (mVerificationStatus) {

            mVerificationStatus.put(verificationId, tracker);

        }

        }

        /**

         * Check if a verifier is installed on this device.

         * Return the package name of the verifier installed on this device.

         */

        public boolean isVerifierInstalled(Computer snapshot, int userId) {

            return resolveVerifierComponentName(snapshot, userId) != null;

        @Nullable

        public String getVerifierPackageName(Computer snapshot, int userId) {

            final ComponentName componentName = resolveVerifierComponentName(snapshot, userId);

            if (componentName == null) {

                return null;

            }

            return componentName.getPackageName();

        }

        /**