Loading services/core/java/com/android/server/pm/ComputerEngine.java +1 −1 Original line number Diff line number Diff line Loading @@ -3156,7 +3156,7 @@ public class ComputerEngine implements Computer { try { mDomainVerificationManager.printState(writer, packageName, UserHandle.USER_ALL, mSettings::getPackage); } catch (PackageManager.NameNotFoundException e) { } catch (Exception e) { pw.println("Failure printing domain verification information"); Slog.e(TAG, "Failure printing domain verification information", e); } Loading services/core/java/com/android/server/pm/verify/domain/DomainVerificationEnforcer.java +5 −2 Original line number Diff line number Diff line Loading @@ -70,8 +70,11 @@ public class DomainVerificationEnforcer { break; default: if (!proxy.isCallerVerifier(callingUid)) { throw new SecurityException( "Caller is not allowed to query domain verification state"); mContext.enforcePermission(android.Manifest.permission.DUMP, Binder.getCallingPid(), callingUid, "Caller " + callingUid + " is not allowed to query domain verification state"); break; } mContext.enforcePermission(android.Manifest.permission.QUERY_ALL_PACKAGES, Loading services/core/java/com/android/server/pm/verify/domain/DomainVerificationService.java +1 −0 Original line number Diff line number Diff line Loading @@ -1197,6 +1197,7 @@ public class DomainVerificationService extends SystemService @Nullable @UserIdInt Integer userId, @NonNull Function<String, PackageStateInternal> pkgSettingFunction) throws NameNotFoundException { mEnforcer.assertApprovedQuerent(mConnection.getCallingUid(), mProxy); synchronized (mLock) { mDebug.printState(writer, packageName, userId, pkgSettingFunction, mAttachedPkgStates); } Loading services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/verify/domain/DomainVerificationEnforcerTest.kt +26 −3 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ package com.android.server.pm.test.verify.domain import android.content.Context import android.content.Intent import android.content.pm.PackageManager import android.content.pm.SigningDetails import android.content.pm.parsing.component.ParsedActivityImpl import android.content.pm.parsing.component.ParsedIntentInfoImpl import android.content.pm.verify.domain.DomainVerificationManager Loading @@ -26,6 +27,7 @@ import android.content.pm.verify.domain.DomainVerificationState import android.os.Build import android.os.Process import android.util.ArraySet import android.util.IndentingPrintWriter import android.util.SparseArray import androidx.test.platform.app.InstrumentationRegistry import com.android.server.pm.parsing.pkg.AndroidPackage Loading @@ -46,6 +48,7 @@ import org.mockito.Mockito.anyInt import org.mockito.Mockito.anyLong import org.mockito.Mockito.anyString import org.mockito.Mockito.eq import org.mockito.Mockito.mock import org.mockito.Mockito.verifyNoMoreInteractions import java.util.UUID import java.util.concurrent.atomic.AtomicBoolean Loading Loading @@ -204,6 +207,14 @@ class DomainVerificationEnforcerTest { service(Type.QUERENT, "getInfo") { getDomainVerificationInfo(it.targetPackageName) }, service(Type.QUERENT, "printState") { printState(mock(IndentingPrintWriter::class.java), null, null) }, service(Type.QUERENT, "printStateInternal") { printState(mock(IndentingPrintWriter::class.java), null, null) { mockPkgState(it, UUID.randomUUID()) } }, service(Type.VERIFIER, "setStatus") { setDomainVerificationStatus( it.targetDomainSetId, Loading Loading @@ -311,6 +322,7 @@ class DomainVerificationEnforcerTest { } ) } whenever(signingDetails) { SigningDetails.UNKNOWN } } fun mockPkgState(packageName: String, domainSetId: UUID) = Loading @@ -327,6 +339,7 @@ class DomainVerificationEnforcerTest { } } whenever(isSystem) { false } whenever(signingDetails) { SigningDetails.UNKNOWN } } } Loading Loading @@ -373,6 +386,7 @@ class DomainVerificationEnforcerTest { val allowUserState = AtomicBoolean(false) val allowPreferredApps = AtomicBoolean(false) val allowQueryAll = AtomicBoolean(false) val allowDump = AtomicBoolean(false) val context: Context = mockThrowOnUnmocked { initPermission( allowUserState, Loading @@ -383,6 +397,7 @@ class DomainVerificationEnforcerTest { android.Manifest.permission.SET_PREFERRED_APPLICATIONS ) initPermission(allowQueryAll, android.Manifest.permission.QUERY_ALL_PACKAGES) initPermission(allowDump, android.Manifest.permission.DUMP) } val target = params.construct(context) Loading @@ -409,6 +424,10 @@ class DomainVerificationEnforcerTest { allowQueryAll.set(true) assertFails { runMethod(target, NON_VERIFIER_UID) } allowDump.set(true) runMethod(target, NON_VERIFIER_UID) } private fun approvedVerifier() { Loading Loading @@ -794,9 +813,13 @@ class DomainVerificationEnforcerTest { } val valueAsInt = value as? Int if (valueAsInt != null && valueAsInt == DomainVerificationManager.STATUS_OK) { if (valueAsInt != null) { if (valueAsInt == DomainVerificationManager.STATUS_OK) { throw AssertionError("Expected call to return false, was $value") } } else { throw AssertionError("Expected call to fail") } } catch (e: SecurityException) { } catch (e: PackageManager.NameNotFoundException) { // Any of these 2 exceptions are considered failures, which is expected Loading @@ -807,7 +830,7 @@ class DomainVerificationEnforcerTest { // System/shell only INTERNAL, // INTERNAL || non-legacy domain verification agent // INTERNAL || non-legacy domain verification agent || DUMP permission QUERENT, // INTERNAL || domain verification agent Loading Loading
services/core/java/com/android/server/pm/ComputerEngine.java +1 −1 Original line number Diff line number Diff line Loading @@ -3156,7 +3156,7 @@ public class ComputerEngine implements Computer { try { mDomainVerificationManager.printState(writer, packageName, UserHandle.USER_ALL, mSettings::getPackage); } catch (PackageManager.NameNotFoundException e) { } catch (Exception e) { pw.println("Failure printing domain verification information"); Slog.e(TAG, "Failure printing domain verification information", e); } Loading
services/core/java/com/android/server/pm/verify/domain/DomainVerificationEnforcer.java +5 −2 Original line number Diff line number Diff line Loading @@ -70,8 +70,11 @@ public class DomainVerificationEnforcer { break; default: if (!proxy.isCallerVerifier(callingUid)) { throw new SecurityException( "Caller is not allowed to query domain verification state"); mContext.enforcePermission(android.Manifest.permission.DUMP, Binder.getCallingPid(), callingUid, "Caller " + callingUid + " is not allowed to query domain verification state"); break; } mContext.enforcePermission(android.Manifest.permission.QUERY_ALL_PACKAGES, Loading
services/core/java/com/android/server/pm/verify/domain/DomainVerificationService.java +1 −0 Original line number Diff line number Diff line Loading @@ -1197,6 +1197,7 @@ public class DomainVerificationService extends SystemService @Nullable @UserIdInt Integer userId, @NonNull Function<String, PackageStateInternal> pkgSettingFunction) throws NameNotFoundException { mEnforcer.assertApprovedQuerent(mConnection.getCallingUid(), mProxy); synchronized (mLock) { mDebug.printState(writer, packageName, userId, pkgSettingFunction, mAttachedPkgStates); } Loading
services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/verify/domain/DomainVerificationEnforcerTest.kt +26 −3 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ package com.android.server.pm.test.verify.domain import android.content.Context import android.content.Intent import android.content.pm.PackageManager import android.content.pm.SigningDetails import android.content.pm.parsing.component.ParsedActivityImpl import android.content.pm.parsing.component.ParsedIntentInfoImpl import android.content.pm.verify.domain.DomainVerificationManager Loading @@ -26,6 +27,7 @@ import android.content.pm.verify.domain.DomainVerificationState import android.os.Build import android.os.Process import android.util.ArraySet import android.util.IndentingPrintWriter import android.util.SparseArray import androidx.test.platform.app.InstrumentationRegistry import com.android.server.pm.parsing.pkg.AndroidPackage Loading @@ -46,6 +48,7 @@ import org.mockito.Mockito.anyInt import org.mockito.Mockito.anyLong import org.mockito.Mockito.anyString import org.mockito.Mockito.eq import org.mockito.Mockito.mock import org.mockito.Mockito.verifyNoMoreInteractions import java.util.UUID import java.util.concurrent.atomic.AtomicBoolean Loading Loading @@ -204,6 +207,14 @@ class DomainVerificationEnforcerTest { service(Type.QUERENT, "getInfo") { getDomainVerificationInfo(it.targetPackageName) }, service(Type.QUERENT, "printState") { printState(mock(IndentingPrintWriter::class.java), null, null) }, service(Type.QUERENT, "printStateInternal") { printState(mock(IndentingPrintWriter::class.java), null, null) { mockPkgState(it, UUID.randomUUID()) } }, service(Type.VERIFIER, "setStatus") { setDomainVerificationStatus( it.targetDomainSetId, Loading Loading @@ -311,6 +322,7 @@ class DomainVerificationEnforcerTest { } ) } whenever(signingDetails) { SigningDetails.UNKNOWN } } fun mockPkgState(packageName: String, domainSetId: UUID) = Loading @@ -327,6 +339,7 @@ class DomainVerificationEnforcerTest { } } whenever(isSystem) { false } whenever(signingDetails) { SigningDetails.UNKNOWN } } } Loading Loading @@ -373,6 +386,7 @@ class DomainVerificationEnforcerTest { val allowUserState = AtomicBoolean(false) val allowPreferredApps = AtomicBoolean(false) val allowQueryAll = AtomicBoolean(false) val allowDump = AtomicBoolean(false) val context: Context = mockThrowOnUnmocked { initPermission( allowUserState, Loading @@ -383,6 +397,7 @@ class DomainVerificationEnforcerTest { android.Manifest.permission.SET_PREFERRED_APPLICATIONS ) initPermission(allowQueryAll, android.Manifest.permission.QUERY_ALL_PACKAGES) initPermission(allowDump, android.Manifest.permission.DUMP) } val target = params.construct(context) Loading @@ -409,6 +424,10 @@ class DomainVerificationEnforcerTest { allowQueryAll.set(true) assertFails { runMethod(target, NON_VERIFIER_UID) } allowDump.set(true) runMethod(target, NON_VERIFIER_UID) } private fun approvedVerifier() { Loading Loading @@ -794,9 +813,13 @@ class DomainVerificationEnforcerTest { } val valueAsInt = value as? Int if (valueAsInt != null && valueAsInt == DomainVerificationManager.STATUS_OK) { if (valueAsInt != null) { if (valueAsInt == DomainVerificationManager.STATUS_OK) { throw AssertionError("Expected call to return false, was $value") } } else { throw AssertionError("Expected call to fail") } } catch (e: SecurityException) { } catch (e: PackageManager.NameNotFoundException) { // Any of these 2 exceptions are considered failures, which is expected Loading @@ -807,7 +830,7 @@ class DomainVerificationEnforcerTest { // System/shell only INTERNAL, // INTERNAL || non-legacy domain verification agent // INTERNAL || non-legacy domain verification agent || DUMP permission QUERENT, // INTERNAL || domain verification agent Loading
