Loading core/java/android/transparency/BinaryTransparencyManager.java +33 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ package android.transparency; import android.annotation.NonNull; import android.annotation.SystemService; import android.content.Context; import android.os.Bundle; import android.os.RemoteException; import android.util.Slog; Loading Loading @@ -83,4 +84,36 @@ public class BinaryTransparencyManager { } } /** * Collects the APEX information on the device. * * @param includeTestOnly Whether to include test only data in the returned ApexInfo. * @return A List containing the APEX info. * @hide */ @NonNull public List<IBinaryTransparencyService.ApexInfo> collectAllApexInfo(boolean includeTestOnly) { try { return mService.collectAllApexInfo(includeTestOnly); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Collects the updated preload information on the device. * * @return A List containing the preload info. * @hide */ @NonNull public List<IBinaryTransparencyService.AppInfo> collectAllUpdatedPreloadInfo( Bundle packagesToSkip) { try { Slog.d(TAG, "Calling backend's collectAllUpdatedPreloadInfo()"); return mService.collectAllUpdatedPreloadInfo(packagesToSkip); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } core/java/com/android/internal/os/IBinaryTransparencyService.aidl +9 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.internal.os; import android.os.Bundle; /** * "Backend" interface used by {@link android.os.BinaryTransparencyManager} to talk to the * BinaryTransparencyService that actually implements the measurement and information aggregation Loading @@ -36,6 +38,9 @@ interface IBinaryTransparencyService { byte[] digest; int digestAlgorithm; String[] signerDigests; // Test only String moduleName; } parcelable AppInfo { Loading @@ -51,4 +56,8 @@ interface IBinaryTransparencyService { String installer; String originator; } /** Test only */ List<ApexInfo> collectAllApexInfo(boolean includeTestOnly); List<AppInfo> collectAllUpdatedPreloadInfo(in Bundle packagesToSkip); } No newline at end of file services/core/java/com/android/server/BinaryTransparencyService.java +28 −19 Original line number Diff line number Diff line Loading @@ -93,10 +93,8 @@ import java.io.PrintWriter; import java.security.PublicKey; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.Executors; import java.util.concurrent.atomic.AtomicBoolean; import java.util.stream.Collectors; Loading Loading @@ -300,15 +298,16 @@ public class BinaryTransparencyService extends SystemService { + " and is now updated to: " + currentTimeMs); mMeasurementsLastRecordedMs = currentTimeMs; Set<String> packagesMeasured = new HashSet<>(); Bundle packagesMeasured = new Bundle(); // measure all APEXs first if (DEBUG) { Slog.d(TAG, "Measuring APEXs..."); } List<IBinaryTransparencyService.ApexInfo> allApexInfo = collectAllApexInfo(); List<IBinaryTransparencyService.ApexInfo> allApexInfo = collectAllApexInfo( /* includeTestOnly */ false); for (IBinaryTransparencyService.ApexInfo apexInfo : allApexInfo) { packagesMeasured.add(apexInfo.packageName); packagesMeasured.putBoolean(apexInfo.packageName, true); recordApexInfo(apexInfo); } Loading @@ -321,7 +320,7 @@ public class BinaryTransparencyService extends SystemService { List<IBinaryTransparencyService.AppInfo> allUpdatedPreloadInfo = collectAllUpdatedPreloadInfo(packagesMeasured); for (IBinaryTransparencyService.AppInfo appInfo : allUpdatedPreloadInfo) { packagesMeasured.add(appInfo.packageName); packagesMeasured.putBoolean(appInfo.packageName, true); writeAppInfoToLog(appInfo); } if (DEBUG) { Loading @@ -334,7 +333,7 @@ public class BinaryTransparencyService extends SystemService { List<IBinaryTransparencyService.AppInfo> allMbaInfo = collectAllMbaInfo(packagesMeasured); for (IBinaryTransparencyService.AppInfo appInfo : allUpdatedPreloadInfo) { packagesMeasured.add(appInfo.packageName); packagesMeasured.putBoolean(appInfo.packageName, true); writeAppInfoToLog(appInfo); } } Loading @@ -345,7 +344,9 @@ public class BinaryTransparencyService extends SystemService { } } private List<IBinaryTransparencyService.ApexInfo> collectAllApexInfo() { @Override public List<IBinaryTransparencyService.ApexInfo> collectAllApexInfo( boolean includeTestOnly) { var results = new ArrayList<IBinaryTransparencyService.ApexInfo>(); for (PackageInfo packageInfo : getCurrentInstalledApexs()) { PackageState packageState = mPackageManagerInternal.getPackageStateInternal( Loading @@ -371,13 +372,19 @@ public class BinaryTransparencyService extends SystemService { apexInfo.signerDigests = computePackageSignerSha256Digests(packageState.getSigningInfo()); if (includeTestOnly) { apexInfo.moduleName = apexPackageNameToModuleName( packageState.getPackageName()); } results.add(apexInfo); } return results; } private List<IBinaryTransparencyService.AppInfo> collectAllUpdatedPreloadInfo( Set<String> packagesToSkip) { @Override public List<IBinaryTransparencyService.AppInfo> collectAllUpdatedPreloadInfo( Bundle packagesToSkip) { final var results = new ArrayList<IBinaryTransparencyService.AppInfo>(); PackageManager pm = mContext.getPackageManager(); Loading @@ -385,7 +392,7 @@ public class BinaryTransparencyService extends SystemService { if (!packageState.isUpdatedSystemApp()) { return; } if (packagesToSkip.contains(packageState.getPackageName())) { if (packagesToSkip.containsKey(packageState.getPackageName())) { return; } Loading Loading @@ -413,11 +420,10 @@ public class BinaryTransparencyService extends SystemService { return results; } private List<IBinaryTransparencyService.AppInfo> collectAllMbaInfo( Set<String> packagesToSkip) { public List<IBinaryTransparencyService.AppInfo> collectAllMbaInfo(Bundle packagesToSkip) { var results = new ArrayList<IBinaryTransparencyService.AppInfo>(); for (PackageInfo packageInfo : getNewlyInstalledMbas()) { if (packagesToSkip.contains(packageInfo.packageName)) { if (packagesToSkip.containsKey(packageInfo.packageName)) { continue; } PackageState packageState = mPackageManagerInternal.getPackageStateInternal( Loading Loading @@ -1657,11 +1663,7 @@ public class BinaryTransparencyService extends SystemService { private String getOriginalApexPreinstalledLocation(String packageName, String currentInstalledLocation) { try { // It appears that only apexd knows the preinstalled location, and it uses module name // as the identifier instead of package name. Given the input is a package name, we // need to covert to module name. final String moduleName = ApexManager.getInstance().getApexModuleNameForPackageName( packageName); final String moduleName = apexPackageNameToModuleName(packageName); IApexService apexService = IApexService.Stub.asInterface( Binder.allowBlocking(ServiceManager.waitForService("apexservice"))); for (ApexInfo info : apexService.getAllPackages()) { Loading @@ -1675,6 +1677,13 @@ public class BinaryTransparencyService extends SystemService { return APEX_PRELOAD_LOCATION_ERROR; } private String apexPackageNameToModuleName(String packageName) { // It appears that only apexd knows the preinstalled location, and it uses module name as // the identifier instead of package name. Given the input is a package name, we need to // covert to module name. return ApexManager.getInstance().getApexModuleNameForPackageName(packageName); } /** * Wrapper method to call into IBICS to get a list of all newly installed MBAs. * Loading tests/BinaryTransparencyHostTest/Android.bp 0 → 100644 +42 −0 Original line number Diff line number Diff line // Copyright (C) 2023 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package { // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "frameworks_base_license" // to get the below license kinds: // SPDX-license-identifier-Apache-2.0 default_applicable_licenses: ["frameworks_base_license"], } java_test_host { name: "BinaryTransparencyHostTest", srcs: ["src/**/*.java"], libs: [ "tradefed", "compatibility-tradefed", "compatibility-host-util", ], static_libs: [ "truth-prebuilt", ], data: [ ":BinaryTransparencyTestApp", ":EasterEgg", ], test_suites: [ "general-tests", ], } tests/BinaryTransparencyHostTest/AndroidTest.xml 0 → 100644 +31 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- Copyright (C) 2023 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <configuration description="Binary Transparency integration test"> <option name="test-suite-tag" value="apct" /> <!-- Service is not exposed to apps. Disable SELinux for testing purpose. --> <target_preparer class="com.android.tradefed.targetprep.DisableSELinuxTargetPreparer" /> <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller"> <option name="cleanup-apks" value="true" /> <option name="test-file-name" value="BinaryTransparencyTestApp.apk" /> </target_preparer> <test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" > <option name="jar" value="BinaryTransparencyHostTest.jar" /> <option name="runtime-hint" value="1m" /> </test> </configuration> Loading
core/java/android/transparency/BinaryTransparencyManager.java +33 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ package android.transparency; import android.annotation.NonNull; import android.annotation.SystemService; import android.content.Context; import android.os.Bundle; import android.os.RemoteException; import android.util.Slog; Loading Loading @@ -83,4 +84,36 @@ public class BinaryTransparencyManager { } } /** * Collects the APEX information on the device. * * @param includeTestOnly Whether to include test only data in the returned ApexInfo. * @return A List containing the APEX info. * @hide */ @NonNull public List<IBinaryTransparencyService.ApexInfo> collectAllApexInfo(boolean includeTestOnly) { try { return mService.collectAllApexInfo(includeTestOnly); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Collects the updated preload information on the device. * * @return A List containing the preload info. * @hide */ @NonNull public List<IBinaryTransparencyService.AppInfo> collectAllUpdatedPreloadInfo( Bundle packagesToSkip) { try { Slog.d(TAG, "Calling backend's collectAllUpdatedPreloadInfo()"); return mService.collectAllUpdatedPreloadInfo(packagesToSkip); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } }
core/java/com/android/internal/os/IBinaryTransparencyService.aidl +9 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.internal.os; import android.os.Bundle; /** * "Backend" interface used by {@link android.os.BinaryTransparencyManager} to talk to the * BinaryTransparencyService that actually implements the measurement and information aggregation Loading @@ -36,6 +38,9 @@ interface IBinaryTransparencyService { byte[] digest; int digestAlgorithm; String[] signerDigests; // Test only String moduleName; } parcelable AppInfo { Loading @@ -51,4 +56,8 @@ interface IBinaryTransparencyService { String installer; String originator; } /** Test only */ List<ApexInfo> collectAllApexInfo(boolean includeTestOnly); List<AppInfo> collectAllUpdatedPreloadInfo(in Bundle packagesToSkip); } No newline at end of file
services/core/java/com/android/server/BinaryTransparencyService.java +28 −19 Original line number Diff line number Diff line Loading @@ -93,10 +93,8 @@ import java.io.PrintWriter; import java.security.PublicKey; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.Executors; import java.util.concurrent.atomic.AtomicBoolean; import java.util.stream.Collectors; Loading Loading @@ -300,15 +298,16 @@ public class BinaryTransparencyService extends SystemService { + " and is now updated to: " + currentTimeMs); mMeasurementsLastRecordedMs = currentTimeMs; Set<String> packagesMeasured = new HashSet<>(); Bundle packagesMeasured = new Bundle(); // measure all APEXs first if (DEBUG) { Slog.d(TAG, "Measuring APEXs..."); } List<IBinaryTransparencyService.ApexInfo> allApexInfo = collectAllApexInfo(); List<IBinaryTransparencyService.ApexInfo> allApexInfo = collectAllApexInfo( /* includeTestOnly */ false); for (IBinaryTransparencyService.ApexInfo apexInfo : allApexInfo) { packagesMeasured.add(apexInfo.packageName); packagesMeasured.putBoolean(apexInfo.packageName, true); recordApexInfo(apexInfo); } Loading @@ -321,7 +320,7 @@ public class BinaryTransparencyService extends SystemService { List<IBinaryTransparencyService.AppInfo> allUpdatedPreloadInfo = collectAllUpdatedPreloadInfo(packagesMeasured); for (IBinaryTransparencyService.AppInfo appInfo : allUpdatedPreloadInfo) { packagesMeasured.add(appInfo.packageName); packagesMeasured.putBoolean(appInfo.packageName, true); writeAppInfoToLog(appInfo); } if (DEBUG) { Loading @@ -334,7 +333,7 @@ public class BinaryTransparencyService extends SystemService { List<IBinaryTransparencyService.AppInfo> allMbaInfo = collectAllMbaInfo(packagesMeasured); for (IBinaryTransparencyService.AppInfo appInfo : allUpdatedPreloadInfo) { packagesMeasured.add(appInfo.packageName); packagesMeasured.putBoolean(appInfo.packageName, true); writeAppInfoToLog(appInfo); } } Loading @@ -345,7 +344,9 @@ public class BinaryTransparencyService extends SystemService { } } private List<IBinaryTransparencyService.ApexInfo> collectAllApexInfo() { @Override public List<IBinaryTransparencyService.ApexInfo> collectAllApexInfo( boolean includeTestOnly) { var results = new ArrayList<IBinaryTransparencyService.ApexInfo>(); for (PackageInfo packageInfo : getCurrentInstalledApexs()) { PackageState packageState = mPackageManagerInternal.getPackageStateInternal( Loading @@ -371,13 +372,19 @@ public class BinaryTransparencyService extends SystemService { apexInfo.signerDigests = computePackageSignerSha256Digests(packageState.getSigningInfo()); if (includeTestOnly) { apexInfo.moduleName = apexPackageNameToModuleName( packageState.getPackageName()); } results.add(apexInfo); } return results; } private List<IBinaryTransparencyService.AppInfo> collectAllUpdatedPreloadInfo( Set<String> packagesToSkip) { @Override public List<IBinaryTransparencyService.AppInfo> collectAllUpdatedPreloadInfo( Bundle packagesToSkip) { final var results = new ArrayList<IBinaryTransparencyService.AppInfo>(); PackageManager pm = mContext.getPackageManager(); Loading @@ -385,7 +392,7 @@ public class BinaryTransparencyService extends SystemService { if (!packageState.isUpdatedSystemApp()) { return; } if (packagesToSkip.contains(packageState.getPackageName())) { if (packagesToSkip.containsKey(packageState.getPackageName())) { return; } Loading Loading @@ -413,11 +420,10 @@ public class BinaryTransparencyService extends SystemService { return results; } private List<IBinaryTransparencyService.AppInfo> collectAllMbaInfo( Set<String> packagesToSkip) { public List<IBinaryTransparencyService.AppInfo> collectAllMbaInfo(Bundle packagesToSkip) { var results = new ArrayList<IBinaryTransparencyService.AppInfo>(); for (PackageInfo packageInfo : getNewlyInstalledMbas()) { if (packagesToSkip.contains(packageInfo.packageName)) { if (packagesToSkip.containsKey(packageInfo.packageName)) { continue; } PackageState packageState = mPackageManagerInternal.getPackageStateInternal( Loading Loading @@ -1657,11 +1663,7 @@ public class BinaryTransparencyService extends SystemService { private String getOriginalApexPreinstalledLocation(String packageName, String currentInstalledLocation) { try { // It appears that only apexd knows the preinstalled location, and it uses module name // as the identifier instead of package name. Given the input is a package name, we // need to covert to module name. final String moduleName = ApexManager.getInstance().getApexModuleNameForPackageName( packageName); final String moduleName = apexPackageNameToModuleName(packageName); IApexService apexService = IApexService.Stub.asInterface( Binder.allowBlocking(ServiceManager.waitForService("apexservice"))); for (ApexInfo info : apexService.getAllPackages()) { Loading @@ -1675,6 +1677,13 @@ public class BinaryTransparencyService extends SystemService { return APEX_PRELOAD_LOCATION_ERROR; } private String apexPackageNameToModuleName(String packageName) { // It appears that only apexd knows the preinstalled location, and it uses module name as // the identifier instead of package name. Given the input is a package name, we need to // covert to module name. return ApexManager.getInstance().getApexModuleNameForPackageName(packageName); } /** * Wrapper method to call into IBICS to get a list of all newly installed MBAs. * Loading
tests/BinaryTransparencyHostTest/Android.bp 0 → 100644 +42 −0 Original line number Diff line number Diff line // Copyright (C) 2023 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package { // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "frameworks_base_license" // to get the below license kinds: // SPDX-license-identifier-Apache-2.0 default_applicable_licenses: ["frameworks_base_license"], } java_test_host { name: "BinaryTransparencyHostTest", srcs: ["src/**/*.java"], libs: [ "tradefed", "compatibility-tradefed", "compatibility-host-util", ], static_libs: [ "truth-prebuilt", ], data: [ ":BinaryTransparencyTestApp", ":EasterEgg", ], test_suites: [ "general-tests", ], }
tests/BinaryTransparencyHostTest/AndroidTest.xml 0 → 100644 +31 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- Copyright (C) 2023 The Android Open Source Project Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <configuration description="Binary Transparency integration test"> <option name="test-suite-tag" value="apct" /> <!-- Service is not exposed to apps. Disable SELinux for testing purpose. --> <target_preparer class="com.android.tradefed.targetprep.DisableSELinuxTargetPreparer" /> <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller"> <option name="cleanup-apks" value="true" /> <option name="test-file-name" value="BinaryTransparencyTestApp.apk" /> </target_preparer> <test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" > <option name="jar" value="BinaryTransparencyHostTest.jar" /> <option name="runtime-hint" value="1m" /> </test> </configuration>
