Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5604437f authored by Song Pan's avatar Song Pan
Browse files

This change includes multiple things: 

1. Add a test API for GTS tests to recover the saved rules after the test.
2. Fix a bug where we incorrectly hashed the certificate hashes again.
3. Do not skip the integrity verification for rule providers if one settings is
enabled. This is because otherwise installs from GTS test will not be checked.

Bug: 145674131
Test: manual run of GTS test.
Test: atest AppIntegrityManagerServiceImplTest
Change-Id: Ia61265b1e9d20d310b695ad20982da80b5d659ba
parent c5f436ec

api/test-current.txt

+55 −0
Original line number Diff line number Diff line
@@ -767,6 +767,7 @@ package android.content { 
    method public void setAutofillOptions(@Nullable android.content.AutofillOptions);

    method public void setContentCaptureOptions(@Nullable android.content.ContentCaptureOptions);

    method @RequiresPermission("android.permission.INTERACT_ACROSS_USERS") public void startActivityAsUser(@NonNull @RequiresPermission android.content.Intent, @NonNull android.os.UserHandle);

    field public static final String APP_INTEGRITY_SERVICE = "app_integrity";

    field public static final String BUGREPORT_SERVICE = "bugreport";

    field public static final String CONTENT_CAPTURE_MANAGER_SERVICE = "content_capture";

    field public static final String DEVICE_IDLE_CONTROLLER = "deviceidle";
@@ -792,6 +793,60 @@ package android.content { 


}



package android.content.integrity {



  public class AppIntegrityManager {

    method @NonNull public android.content.integrity.RuleSet getCurrentRuleSet();

    method @NonNull public String getCurrentRuleSetProvider();

    method @NonNull public String getCurrentRuleSetVersion();

    method public void updateRuleSet(@NonNull android.content.integrity.RuleSet, @NonNull android.content.IntentSender);

    field public static final String EXTRA_STATUS = "android.content.integrity.extra.STATUS";

    field public static final int STATUS_FAILURE = 1; // 0x1

    field public static final int STATUS_SUCCESS = 0; // 0x0

  }



  public abstract class IntegrityFormula {

    method @NonNull public static android.content.integrity.IntegrityFormula all(@NonNull android.content.integrity.IntegrityFormula...);

    method @NonNull public static android.content.integrity.IntegrityFormula any(@NonNull android.content.integrity.IntegrityFormula...);

    method @NonNull public android.content.integrity.IntegrityFormula equalTo(@NonNull String);

    method @NonNull public android.content.integrity.IntegrityFormula equalTo(boolean);

    method @NonNull public android.content.integrity.IntegrityFormula equalTo(long);

    method @NonNull public android.content.integrity.IntegrityFormula greaterThan(long);

    method @NonNull public android.content.integrity.IntegrityFormula greaterThanOrEquals(long);

    method @NonNull public static android.content.integrity.IntegrityFormula not(@NonNull android.content.integrity.IntegrityFormula);

    field @NonNull public static final android.content.integrity.IntegrityFormula APP_CERTIFICATE;

    field @NonNull public static final android.content.integrity.IntegrityFormula INSTALLER_CERTIFICATE;

    field @NonNull public static final android.content.integrity.IntegrityFormula INSTALLER_NAME;

    field @NonNull public static final android.content.integrity.IntegrityFormula PACKAGE_NAME;

    field @NonNull public static final android.content.integrity.IntegrityFormula PRE_INSTALLED;

    field @NonNull public static final android.content.integrity.IntegrityFormula VERSION_CODE;

  }



  public final class Rule implements android.os.Parcelable {

    ctor public Rule(@NonNull android.content.integrity.IntegrityFormula, int);

    method public int describeContents();

    method public int getEffect();

    method @NonNull public android.content.integrity.IntegrityFormula getFormula();

    method public void writeToParcel(@NonNull android.os.Parcel, int);

    field @NonNull public static final android.os.Parcelable.Creator<android.content.integrity.Rule> CREATOR;

    field public static final int DENY = 0; // 0x0

    field public static final int FORCE_ALLOW = 1; // 0x1

  }



  public class RuleSet {

    method @NonNull public java.util.List<android.content.integrity.Rule> getRules();

    method @NonNull public String getVersion();

  }



  public static class RuleSet.Builder {

    ctor public RuleSet.Builder();

    method @NonNull public android.content.integrity.RuleSet.Builder addRules(@NonNull java.util.List<android.content.integrity.Rule>);

    method @NonNull public android.content.integrity.RuleSet build();

    method @NonNull public android.content.integrity.RuleSet.Builder setVersion(@NonNull String);

  }



}



package android.content.pm {



  public class ActivityInfo extends android.content.pm.ComponentInfo implements android.os.Parcelable {

core/java/android/content/Context.java

+1 −0
Original line number Diff line number Diff line
@@ -5099,6 +5099,7 @@ public abstract class Context { 
     * @hide

     */

    @SystemApi

    @TestApi

    public static final String APP_INTEGRITY_SERVICE = "app_integrity";



    /**

core/java/android/content/integrity/AppIntegrityManager.java

+21 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package android.content.integrity; 
import android.annotation.NonNull;

import android.annotation.SystemApi;

import android.annotation.SystemService;

import android.annotation.TestApi;

import android.content.Context;

import android.content.IntentSender;

import android.content.pm.ParceledListSlice;
@@ -33,6 +34,7 @@ import android.os.RemoteException; 
 *

 * @hide

 */

@TestApi

@SystemApi

@SystemService(Context.APP_INTEGRITY_SERVICE)

public class AppIntegrityManager {
@@ -100,4 +102,23 @@ public class AppIntegrityManager { 
            throw e.rethrowAsRuntimeException();

        }

    }



    /**

     * Get current RuleSet on device.

     *

     * <p>Warning: this method is only used for tests.

     *

     * @hide

     */

    @TestApi

    @NonNull

    public RuleSet getCurrentRuleSet() {

        try {

            ParceledListSlice<Rule> rules = mManager.getCurrentRules();

            String version = mManager.getCurrentRuleSetVersion();

            return new RuleSet.Builder().setVersion(version).addRules(rules.getList()).build();

        } catch (RemoteException e) {

            throw e.rethrowAsRuntimeException();

        }

    }

}

core/java/android/content/integrity/AtomicFormula.java

+5 −5
Original line number Diff line number Diff line
@@ -460,14 +460,14 @@ public abstract class AtomicFormula extends IntegrityFormula { 
        }



        private static String hashValue(@Key int key, String value) {

            // Hash the string value unless it is a PACKAGE_NAME or INSTALLER_NAME and the value is

            // less than 33 characters.

            if (value.length() <= 32) {

            // Hash the string value if it is a PACKAGE_NAME or INSTALLER_NAME and the value is

            // greater than 32 characters.

            if (value.length() > 32) {

                if (key == PACKAGE_NAME || key == INSTALLER_NAME) {

                    return value;

                    return hash(value);

                }

            }

            return hash(value);

            return value;

        }



        private static String hash(String value) {

core/java/android/content/integrity/IAppIntegrityManager.aidl

+1 −0
Original line number Diff line number Diff line
@@ -25,4 +25,5 @@ interface IAppIntegrityManager { 
    void updateRuleSet(String version, in ParceledListSlice<Rule> rules, in IntentSender statusReceiver);

    String getCurrentRuleSetVersion();

    String getCurrentRuleSetProvider();

    ParceledListSlice<Rule> getCurrentRules();

}