Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 44d7ef98 authored by Mathew Inwood's avatar Mathew Inwood
Browse files

Signed config: some renames for clarity. 

"android.signedconfig" is not a good name, as many types of config could be
signed. Rename instead to "android.settings.global", as this reflects the
fact that they are really global settings values.

This also open the door to cleanly adding "android.settings.secure" or
other types of config in future, should that ever be necessary.

Also rename some classes to reflect this change, and the debug logging
accordingly.

Bug: 110509075
Test: atest CtsSignedConfigHostTestCases
Test: atest SignedConfigTest
Change-Id: I42e71fd7d7fc0305b7982fbcab49130dcf4dad4e
parent a7b3c1a7

services/core/java/com/android/server/signedconfig/SignedConfigApplicator.javaservices/core/java/com/android/server/signedconfig/GlobalSettingsConfigApplicator.java

+9 −9
Original line number Diff line number Diff line
@@ -30,7 +30,7 @@ import java.util.Collections; 
import java.util.Map;

import java.util.Set;



class SignedConfigApplicator {

class GlobalSettingsConfigApplicator {



    private static final String TAG = "SignedConfig";
@@ -68,7 +68,7 @@ class SignedConfigApplicator { 
    private final String mSourcePackage;

    private final SignatureVerifier mVerifier;



    SignedConfigApplicator(Context context, String sourcePackage) {

    GlobalSettingsConfigApplicator(Context context, String sourcePackage) {

        mContext = context;

        mSourcePackage = sourcePackage;

        mVerifier = new SignatureVerifier();
@@ -102,7 +102,7 @@ class SignedConfigApplicator { 


    void applyConfig(String configStr, String signature) {

        if (!checkSignature(configStr, signature)) {

            Slog.e(TAG, "Signature check on signed configuration in package " + mSourcePackage

            Slog.e(TAG, "Signature check on global settings in package " + mSourcePackage

                    + " failed; ignoring");

            return;

        }
@@ -110,26 +110,26 @@ class SignedConfigApplicator { 
        try {

            config = SignedConfig.parse(configStr, ALLOWED_KEYS, KEY_VALUE_MAPPERS);

        } catch (InvalidConfigException e) {

            Slog.e(TAG, "Failed to parse config from package " + mSourcePackage, e);

            Slog.e(TAG, "Failed to parse global settings from package " + mSourcePackage, e);

            return;

        }

        int currentVersion = getCurrentConfigVersion();

        if (currentVersion >= config.version) {

            Slog.i(TAG, "Config from package " + mSourcePackage + " is older than existing: "

                    + config.version + "<=" + currentVersion);

            Slog.i(TAG, "Global settings from package " + mSourcePackage

                    + " is older than existing: " + config.version + "<=" + currentVersion);

            return;

        }

        // We have new config!

        Slog.i(TAG, "Got new signed config from package " + mSourcePackage + ": version "

        Slog.i(TAG, "Got new global settings from package " + mSourcePackage + ": version "

                + config.version + " replacing existing version " + currentVersion);

        SignedConfig.PerSdkConfig matchedConfig =

                config.getMatchingConfig(Build.VERSION.SDK_INT);

        if (matchedConfig == null) {

            Slog.i(TAG, "Config is not applicable to current SDK version; ignoring");

            Slog.i(TAG, "Settings is not applicable to current SDK version; ignoring");

            return;

        }



        Slog.i(TAG, "Updating signed config to version " + config.version);

        Slog.i(TAG, "Updating global settings to version " + config.version);

        updateCurrentConfig(config.version, matchedConfig.values);

    }

}

services/core/java/com/android/server/signedconfig/SignedConfigService.java

+11 −11
Original line number Diff line number Diff line
@@ -42,8 +42,8 @@ public class SignedConfigService { 
    private static final String TAG = "SignedConfig";



    // TODO should these be elsewhere? In a public API?

    private static final String KEY_CONFIG = "android.signedconfig";

    private static final String KEY_CONFIG_SIGNATURE = "android.signedconfig.signature";

    private static final String KEY_GLOBAL_SETTINGS = "android.settings.global";

    private static final String KEY_GLOBAL_SETTINGS_SIGNATURE = "android.settings.global.signature";



    private static class UpdateReceiver extends BroadcastReceiver {

        @Override
@@ -80,25 +80,25 @@ public class SignedConfigService { 
            if (DBG) Slog.d(TAG, "handlePackageBroadcast: no metadata");

            return;

        }

        if (metaData.containsKey(KEY_CONFIG)

                && metaData.containsKey(KEY_CONFIG_SIGNATURE)) {

            String config = metaData.getString(KEY_CONFIG);

            String signature = metaData.getString(KEY_CONFIG_SIGNATURE);

        if (metaData.containsKey(KEY_GLOBAL_SETTINGS)

                && metaData.containsKey(KEY_GLOBAL_SETTINGS_SIGNATURE)) {

            String config = metaData.getString(KEY_GLOBAL_SETTINGS);

            String signature = metaData.getString(KEY_GLOBAL_SETTINGS_SIGNATURE);

            try {

                // Base64 encoding is standard (not URL safe) encoding: RFC4648

                config = new String(Base64.getDecoder().decode(config), StandardCharsets.UTF_8);

            } catch (IllegalArgumentException iae) {

                Slog.e(TAG, "Failed to base64 decode config from " + packageName);

                Slog.e(TAG, "Failed to base64 decode global settings config from " + packageName);

                return;

            }

            if (DBG) {

                Slog.d(TAG, "Got signed config: " + config);

                Slog.d(TAG, "Got config signature: " + signature);

                Slog.d(TAG, "Got global settings config: " + config);

                Slog.d(TAG, "Got global settings signature: " + signature);

            }

            new SignedConfigApplicator(mContext, packageName).applyConfig(

            new GlobalSettingsConfigApplicator(mContext, packageName).applyConfig(

                    config, signature);

        } else {

            if (DBG) Slog.d(TAG, "Package has no config/signature.");

            if (DBG) Slog.d(TAG, "Package has no global settings config/signature.");

        }

    }