[ADI][metrics] implement metrics collection

     * assigned to this session or the default policy currently used by the system.

     */

    private final AtomicInteger mCurrentVerificationPolicy;

    /**

     * Tracks how many times the developer verification has been retried as requested by the user.

     */

    private AtomicInteger mDeveloperVerificationRetryCount = new AtomicInteger(0);

    /**

     * Note all calls must be done outside {@link #mLock} to prevent lock inversion.

     */

    private final StagingManager mStagingManager;

    @NonNull

    private final DeveloperVerifierController mDeveloperVerifierController;

    private final DeveloperVerifierCallback mDeveloperVerifierCallback =

            new DeveloperVerifierCallback();

    private final InstallDependencyHelper mInstallDependencyHelper;

        mMetrics = new SessionMetrics(mHandler, sessionId, userId, installerUid, params,

                createdMillis, committedMillis, committed, childSessionIds, parentSessionId,

                sessionErrorCode);

                sessionErrorCode, mInitialVerificationPolicy);

        if (shouldUseVerificationService()) {

            // Start binding to the verification service, if not bound already.

            mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mPm::snapshotComputer,

                    userId);

                    userId, mDeveloperVerifierCallback);

            if (!TextUtils.isEmpty(params.appPackageName)) {

                // Opportunistically notify verifier about package name so no need to check results.

                mDeveloperVerifierController.notifyPackageNameAvailable(params.appPackageName,

                        userId);

            }

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationBindStarted();

            }

        }

    }

    private void onSessionVerificationFailure(int error, String msg, Bundle extras) {

        Slog.e(TAG, "Failed to verify session " + sessionId);

        // Logging of developer verification failure.

        if (extras != null && extras.containsKey(EXTRA_DEVELOPER_VERIFICATION_FAILURE_REASON)) {

            final String packageName = getPackageName();

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationFailed(

                        extras.getInt(EXTRA_DEVELOPER_VERIFICATION_FAILURE_REASON), packageName);

            }

        }

        // Dispatch message to remove session from PackageInstallerService.

        dispatchSessionFinished(error, msg, extras);

        maybeFinishChildSessions(error, msg);

            }

            // Send the request to the verifier and wait for its response before the rest of

            // the installation can proceed.

            final VerifierCallback verifierCallback = new VerifierCallback();

            if (!mDeveloperVerifierController.startVerificationSession(mPm::snapshotComputer,

                    userId, sessionId, getPackageName(),

                    stageDir == null ? Uri.EMPTY : Uri.fromFile(stageDir), signingInfo,

                    declaredLibraries, mCurrentVerificationPolicy.get(),

                    /* extensionParams= */ params.extensionParams,

                    verifierCallback, /* retry= */ false)) {

                // A verifier is installed but cannot be connected.

                verifierCallback.onConnectionFailed();

                    mDeveloperVerifierCallback, /* retry= */ false)) {

                // A verifier is installed but cannot be connected. Maybe notify user.

                mDeveloperVerifierCallback.onConnectionInfeasible();

            }

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationRequestSent();

            }

        } else {

            // No need to check with verifier. Proceed with the rest of the verification.

        if ((params.installFlags & PackageManager.INSTALL_FROM_ADB) != 0) {

            // adb installs are exempted from verification unless explicitly requested

            if (!params.forceVerification) {

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerificationBypassedByAdb();

                }

                return false;

            }

        }

        return true;

    }

    private void startVerificationSession(Supplier<Computer> snapshotSupplier, boolean retry) {

    private void retryDeveloperVerificationSession(Supplier<Computer> snapshotSupplier) {

        final SigningInfo signingInfo;

        final List<SharedLibraryInfo> declaredLibraries;

        synchronized (mLock) {

            declaredLibraries =

                    mPackageLite == null ? null : mPackageLite.getDeclaredLibraries();

        }

        // TODO (b/360130528): limit the number of times user can retry

        mDeveloperVerificationRetryCount.getAndIncrement();

        // Send the request to the verifier and wait for its response before the rest of

        // the installation can proceed.

        final VerifierCallback verifierCallback = new VerifierCallback();

        if (!mDeveloperVerifierController.startVerificationSession(snapshotSupplier, userId,

                sessionId, getPackageName(),

                stageDir == null ? Uri.EMPTY : Uri.fromFile(stageDir), signingInfo,

                declaredLibraries, mCurrentVerificationPolicy.get(), /* extensionParams= */ null,

                verifierCallback, retry)) {

            // A verifier is installed but cannot be connected.

            verifierCallback.onConnectionFailed();

            String errorMsg =

                    "A verifier agent is available on device but cannot be connected.";

            setSessionFailed(INSTALL_FAILED_INTERNAL_ERROR, errorMsg);

            onSessionVerificationFailure(INSTALL_FAILED_INTERNAL_ERROR, errorMsg,

                    /* extras= */ null);

            // TODO (b/360130528): maybe show error dialog to the user

                mDeveloperVerifierCallback, /* retry = */ true)) {

            // A verifier is installed but cannot be connected. Maybe prompt the user again.

            mDeveloperVerifierCallback.onConnectionInfeasible();

        }

        synchronized (mMetrics) {

            mMetrics.onDeveloperVerificationRetryRequestSent(

                    mDeveloperVerificationRetryCount.get());

        }

    }

    /**

     * Used for the VerifierController to report status back.

     */

    public class VerifierCallback {

    public class DeveloperVerifierCallback {

        /**

         * Called by the VerifierController when the verifier requests to get the current

         * verification policy for this session.

         * Called by the VerifierController to indicate that the verifier has been connected. Only

         * used for metrics logging for now.

         */

        public @PackageInstaller.DeveloperVerificationPolicy int getVerificationPolicy() {

            return mCurrentVerificationPolicy.get();

        public void onConnectionEstablished(int verifierUid) {

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerifierConnectionEstablished(verifierUid);

            }

        }

        /**

         * Called by the VerifierController when the verifier requests to change the verification

         * policy for this session.

         */

        public boolean setVerificationPolicy(

        public boolean onVerificationPolicyOverridden(

                @PackageInstaller.DeveloperVerificationPolicy int policy) {

            if (!isValidVerificationPolicy(policy)) {

                return false;

            }

            mCurrentVerificationPolicy.set(policy);

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationPolicyOverridden(policy);

            }

            return true;

        }

        /**

         * Called by the session itself when the verifier cannot be connected because of infeasible

         * reasons such as it's not installed on the target user.

         */

        private void onConnectionInfeasible() {

            mHandler.post(() -> {

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerifierResponseReceived(

                            SessionMetrics.DeveloperVerifierResponse.OTHER);

                }

                if (mCurrentVerificationPolicy.get()

                        != DEVELOPER_VERIFICATION_POLICY_BLOCK_FAIL_CLOSED) {

                    // Continue with the rest of the verification and installation.

                    resumeVerify();

                    return;

                }

                mVerificationUserActionNeededReason =

                        DEVELOPER_VERIFICATION_USER_ACTION_NEEDED_REASON_UNKNOWN;

                mVerificationFailedMessage = "A verifier agent is specified on device but cannot "

                        + "be connected because of unknown error.";

                maybeSendUserActionForVerification(/* blockingFailure= */ false,

                        /* extensionResponse= */ null);

            });

        }

        /**

         * Called by the VerifierController when the connection has failed.

         */

        public void onConnectionFailed() {

            mHandler.post(() -> {

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerifierResponseReceived(

                            SessionMetrics.DeveloperVerifierResponse.DISCONNECTED);

                }

                if (mCurrentVerificationPolicy.get()

                        != DEVELOPER_VERIFICATION_POLICY_BLOCK_FAIL_CLOSED) {

                    // Continue with the rest of the verification and installation.

            });

        }

        /**

         * Called by the VerifierController when the verifier has requested a timeout extension.

         */

        public void onTimeoutExtensionRequested() {

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationTimeoutExtensionRequested();

            }

        }

        /**

         * Called by the VerifierController when the verification request has timed out.

         */

            // Always notify the verifier, regardless of the policy.

            mDeveloperVerifierController.notifyVerificationTimeout(sessionId, userId);

            mHandler.post(() -> {

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerifierResponseReceived(

                            SessionMetrics.DeveloperVerifierResponse.TIMEOUT);

                }

                if (mCurrentVerificationPolicy.get()

                        != DEVELOPER_VERIFICATION_POLICY_BLOCK_FAIL_CLOSED) {

                    // Continue with the rest of the verification and installation.

                @NonNull DeveloperVerificationStatus statusReceived,

                @Nullable PersistableBundle extensionResponse) {

            mHandler.post(() -> {

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerifierResponseReceived(statusReceived.isVerified()

                            ? SessionMetrics.DeveloperVerifierResponse.COMPLETE_WITH_PASS

                            : SessionMetrics.DeveloperVerifierResponse.COMPLETE_WITH_REJECT);

                    mMetrics.onAslStatusReceived(statusReceived.getAslStatus());

                }

                if (mCurrentVerificationPolicy.get() == DEVELOPER_VERIFICATION_POLICY_NONE) {

                    // No policy applied. Continue with the rest of the verification and install.

                    resumeVerify();

                if (statusReceived.isVerified()) {

                    if (statusReceived.isLite()) {

                        mVerificationLiteEnabled = true;

                        synchronized (mMetrics) {

                            mMetrics.onDeveloperVerificationLiteEnabled();

                        }

                        // This is a lite verification. Need further user action.

                        mVerificationUserActionNeededReason =

                                DEVELOPER_VERIFICATION_USER_ACTION_NEEDED_REASON_LITE_VERIFICATION;

         */

        public void onVerificationIncompleteReceived(int incompleteReason) {

            mHandler.post(() -> {

                final boolean isNetworkUnavailable =

                        incompleteReason == DEVELOPER_VERIFICATION_INCOMPLETE_NETWORK_UNAVAILABLE;

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerifierResponseReceived(isNetworkUnavailable

                            ? SessionMetrics.DeveloperVerifierResponse.INCOMPLETE_NETWORK

                            : SessionMetrics.DeveloperVerifierResponse.INCOMPLETE_UNKNOWN);

                }

                if (mCurrentVerificationPolicy.get() == DEVELOPER_VERIFICATION_POLICY_NONE) {

                    // Continue with the rest of the verification and installation.

                    resumeVerify();

                StringBuilder sb = new StringBuilder(

                        "Verification cannot be completed because of ");

                if (incompleteReason == DEVELOPER_VERIFICATION_INCOMPLETE_NETWORK_UNAVAILABLE) {

                if (isNetworkUnavailable) {

                    mVerificationUserActionNeededReason =

                            DEVELOPER_VERIFICATION_USER_ACTION_NEEDED_REASON_NETWORK_UNAVAILABLE;

                    sb.append("unavailable network.");

                mVerificationUserActionNeeded = true;

                sendOnUserActionRequired(mContext, getRemoteStatusReceiver(), sessionId,

                        intent);

                synchronized (mMetrics) {

                    mMetrics.onDeveloperVerificationUserActionRequired(

                            mVerificationUserActionNeededReason);

                }

                return;

            }

            // Not sending user action. Directly return the failure to the installer.

                    + "SessionID: " + sessionId);

            return;

        }

        synchronized (mMetrics) {

            mMetrics.onDeveloperVerificationUserResponseReceived(userResponse);

        }

        switch (userResponse) {

            case DEVELOPER_VERIFICATION_USER_RESPONSE_ERROR -> {

                String errorMsg = "User could not be notified about the pending verification.";

            }

            case DEVELOPER_VERIFICATION_USER_RESPONSE_RETRY -> {

                // TODO (b/360130528): limit the number of times user can retry

                startVerificationSession(mPm::snapshotComputer, /* retry= */ true);

                retryDeveloperVerificationSession(mPm::snapshotComputer /* retry= */);

            }

            case DEVELOPER_VERIFICATION_USER_RESPONSE_INSTALL_ANYWAY -> resumeVerify();

            // been sent out, which happens right after commit() is called.

            mDeveloperVerifierController.notifyVerificationCancelled(

                    params.appPackageName, userId);

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationCancelled();

            }

        }

    }

     * If the verifier agent exists but cannot be started for some reason, all the notify* methods

     * in this class will fail asynchronously and quietly. The system will learn about the failure

     * after receiving the failure from

     * {@link PackageInstallerSession.VerifierCallback#onConnectionFailed}.

     * {@link PackageInstallerSession.DeveloperVerifierCallback#onConnectionFailed}.

     */

    public boolean bindToVerifierServiceIfNeeded(Supplier<Computer> snapshotSupplier, int userId) {

    public boolean bindToVerifierServiceIfNeeded(Supplier<Computer> snapshotSupplier, int userId,

            PackageInstallerSession.DeveloperVerifierCallback callback) {

        if (DEBUG) {

            Slog.i(TAG, "Requesting to bind to the verifier service for user " + userId);

        }

                    public void onConnected(@NonNull IDeveloperVerifierService service) {

                        Slog.i(TAG, "Verifier " + verifierPackageName + " is connected"

                                + " on user " + userId);

                        // Logging the success of connecting to the verifier.

                        callback.onConnectionEstablished(verifierUid);

                        // Aggressively auto-disconnect until verification requests are sent out

                        startAutoDisconnectCountdown(

                                remoteServiceWrapper.getAutoDisconnectCallback());

            List<SharedLibraryInfo> declaredLibraries,

            @PackageInstaller.DeveloperVerificationPolicy int verificationPolicy,

            @Nullable PersistableBundle extensionParams,

            PackageInstallerSession.VerifierCallback callback,

            PackageInstallerSession.DeveloperVerifierCallback callback,

            boolean retry) {

        // Try connecting to the verifier if not already connected

        if (!bindToVerifierServiceIfNeeded(snapshotSupplier, userId)) {

        if (!bindToVerifierServiceIfNeeded(snapshotSupplier, userId, callback)) {

            return false;

        }

        // For now, the verification id is the same as the installation session id.

    private void startTimeoutCountdown(int verificationId,

            DeveloperVerificationRequestStatusTracker tracker,

            PackageInstallerSession.VerifierCallback callback, long delayMillis) {

            PackageInstallerSession.DeveloperVerifierCallback callback, long delayMillis) {

        mHandler.postDelayed(() -> {

            if (DEBUG) {

                Slog.i(TAG, "Checking request timeout for " + verificationId);

    // This class handles requests from the remote verifier

    private class DeveloperVerificationSessionInterface extends

            IDeveloperVerificationSessionInterface.Stub {

        private final PackageInstallerSession.VerifierCallback mCallback;

        private final PackageInstallerSession.DeveloperVerifierCallback mCallback;

        DeveloperVerificationSessionInterface(PackageInstallerSession.VerifierCallback callback) {

        DeveloperVerificationSessionInterface(

                PackageInstallerSession.DeveloperVerifierCallback callback) {

            mCallback = callback;

        }

                    throw new IllegalStateException("Verification session " + verificationId

                            + " doesn't exist or has finished");

                }

                mCallback.onTimeoutExtensionRequested();

                return tracker.extendTimeRemaining(additionalMs);

            }

        }

                            + " doesn't exist or has finished");

                }

            }

            return mCallback.setVerificationPolicy(policy);

            return mCallback.onVerificationPolicyOverridden(policy);

        }

        @Override

    Computer mSnapshot;

    Supplier<Computer> mSnapshotSupplier = () -> mSnapshot;

    @Mock

    PackageInstallerSession.VerifierCallback mSessionCallback;

    PackageInstallerSession.DeveloperVerifierCallback mSessionCallback;

    @Mock

    PackageInstallerSession.VerifierCallback mSessionCallbackSecondaryUser;

    PackageInstallerSession.DeveloperVerifierCallback mSessionCallbackSecondaryUser;

    private DeveloperVerifierController mDeveloperVerifierController;

    private String mPackageName;

    public void testRebindService() {

        ArgumentCaptor<ServiceConnector.ServiceLifecycleCallbacks> captor = ArgumentCaptor.forClass(

                ServiceConnector.ServiceLifecycleCallbacks.class);

        assertThat(mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mSnapshotSupplier, 0))

                .isTrue();

        assertThat(mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mSnapshotSupplier, 0,

                mSessionCallback)).isTrue();

        verify(mMockServiceConnector).setServiceLifecycleCallbacks(captor.capture());

        ServiceConnector.ServiceLifecycleCallbacks<IDeveloperVerifierService> callbacks =

                captor.getValue();

        // Verify that the countdown to auto-disconnect has started

        ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);

        callbacks.onConnected(mMockService);

        verify(mSessionCallback, times(1)).onConnectionEstablished(anyInt());

        verify(mInjector, times(1)).removeCallbacks(eq(mHandler),

                runnableCaptor.capture());

        Runnable autoDisconnectRunnable = runnableCaptor.getValue();

        when(mSnapshot.getPackageUidInternal(

                eq(mPackageName), anyLong(), anyInt(), anyInt()

        )).thenReturn(INVALID_UID);

        assertThat(mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mSnapshotSupplier, 0))

                .isFalse();

        assertThat(mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mSnapshotSupplier, 0,

                mSessionCallback)).isFalse();

        // Test that nothing crashes if the verifier is available even though there's no bound

        mDeveloperVerifierController.notifyPackageNameAvailable(TEST_PACKAGE_NAME, 0);

        mDeveloperVerifierController.notifyVerificationCancelled(TEST_PACKAGE_NAME, 0);

    public void testUnbindService() throws Exception {

        ArgumentCaptor<ServiceConnector.ServiceLifecycleCallbacks> captor = ArgumentCaptor.forClass(

                ServiceConnector.ServiceLifecycleCallbacks.class);

        assertThat(mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mSnapshotSupplier, 0))

                .isTrue();

        assertThat(mDeveloperVerifierController.bindToVerifierServiceIfNeeded(mSnapshotSupplier, 0,

                mSessionCallback)).isTrue();

        verify(mMockServiceConnector).setServiceLifecycleCallbacks(captor.capture());

        ServiceConnector.ServiceLifecycleCallbacks<IDeveloperVerifierService> callbacks =

                captor.getValue();

        final long extendTimeMillis = TEST_TIMEOUT_DURATION_MILLIS;

        assertThat(session.extendTimeRemaining(extendTimeMillis)).isEqualTo(extendTimeMillis);

        assertThat(session.getTimeoutTime()).isEqualTo(initialTimeoutTime + extendTimeMillis);

        verify(mSessionCallback, times(1)).onTimeoutExtensionRequested();

    }

    @Test

        verify(mMockService).onVerificationRequired(captor.capture());

        DeveloperVerificationSession session = captor.getValue();

        final int policy = DEVELOPER_VERIFICATION_POLICY_BLOCK_FAIL_OPEN;

        when(mSessionCallback.setVerificationPolicy(eq(policy))).thenReturn(true);

        when(mSessionCallback.onVerificationPolicyOverridden(eq(policy))).thenReturn(true);

        assertThat(session.setVerificationPolicy(policy)).isTrue();

        assertThat(session.getVerificationPolicy()).isEqualTo(policy);

        verify(mSessionCallback, times(1)).setVerificationPolicy(eq(policy));

        verify(mSessionCallback, times(1)).onVerificationPolicyOverridden(eq(policy));

    }

    @Test