Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 750b5ed8 authored by Chester Hsieh's avatar Chester Hsieh
Browse files

Allow test builds to optionally skip verification 

Currently, every build a developer creates will be verified
against the Play Store verification system. For developers, this
is a completely useless step, takes up resources, and eats into
iteration time.

This CL disables verification for debug development builds that
are reinstalled over ADB. This keeps users who install OTA safe,
and lets devs avoid the cost of verification.

There is no reduction in safety for the end user as:
1) Verification can only be skipped when installing over ADB and
   the "-t" as well as the new "--disable-verification" flags are
   specified ("-t" isn't strictly necessary).
2) The user can already disable verification over ADB by simply
   setting a flag.

Test: atest PackageVerifierTest#testAdbSkipVerification
Bug: 138672462
Change-Id: Id0bef5126f2fb49a8e30fc235193636a1c2bab2e
parent ca01d294

core/java/android/content/pm/PackageInfoLite.java

+7 −0
Original line number Diff line number Diff line
@@ -73,6 +73,11 @@ public class PackageInfoLite implements Parcelable { 
     */

    public boolean multiArch;



    /**

     * The android:debuggable flag from the package manifest.

     */

    public boolean debuggable;



    /**

     * Specifies the recommended install location. Can be one of

     * {@link PackageHelper#RECOMMEND_INSTALL_INTERNAL} to install on internal storage,
@@ -108,6 +113,7 @@ public class PackageInfoLite implements Parcelable { 
        dest.writeInt(recommendedInstallLocation);

        dest.writeInt(installLocation);

        dest.writeInt(multiArch ? 1 : 0);

        dest.writeInt(debuggable ? 1 : 0);



        if (verifiers == null || verifiers.length == 0) {

            dest.writeInt(0);
@@ -139,6 +145,7 @@ public class PackageInfoLite implements Parcelable { 
        recommendedInstallLocation = source.readInt();

        installLocation = source.readInt();

        multiArch = (source.readInt() != 0);

        debuggable = (source.readInt() != 0);



        final int verifiersLength = source.readInt();

        if (verifiersLength == 0) {

services/core/java/com/android/server/pm/PackageInstallerService.java

+11 −2
Original line number Diff line number Diff line
@@ -129,6 +129,13 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
    /** Upper bound on number of historical sessions for a UID */

    private static final long MAX_HISTORICAL_SESSIONS = 1048576;



    /**

     * Allow verification-skipping if it's a development app installed through ADB with

     * disable verification flag specified.

     */

    private static final int ADB_DEV_MODE = PackageManager.INSTALL_FROM_ADB

            | PackageManager.INSTALL_ALLOW_TEST;



    private final Context mContext;

    private final PackageManagerService mPm;

    private final ApexManager mApexManager;
@@ -531,8 +538,10 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
            params.installFlags &= ~PackageManager.INSTALL_REQUEST_DOWNGRADE;

        }



        if (callingUid != Process.SYSTEM_UID) {

            // Only system_server can use INSTALL_DISABLE_VERIFICATION.

        if (callingUid != Process.SYSTEM_UID

                && (params.installFlags & ADB_DEV_MODE) != ADB_DEV_MODE) {

            // Only system_server or tools under specific conditions (test app installed

            // through ADB, and verification disabled flag specified) can disable verification.

            params.installFlags &= ~PackageManager.INSTALL_DISABLE_VERIFICATION;

        }

services/core/java/com/android/server/pm/PackageManagerService.java

+35 −24
Original line number Diff line number Diff line
@@ -13350,24 +13350,36 @@ public class PackageManagerService extends IPackageManager.Stub 
     *

     * @return true if verification should be performed

     */

    private boolean isVerificationEnabled(int userId, int installFlags, int installerUid) {

    private boolean isVerificationEnabled(

            PackageInfoLite pkgInfoLite, int userId, int installFlags, int installerUid) {

        if (!DEFAULT_VERIFY_ENABLE) {

            return false;

        }













        if ((installFlags & PackageManager.INSTALL_DISABLE_VERIFICATION) != 0) {













            return false;













        }



























        // Check if installing from ADB















        if ((installFlags & PackageManager.INSTALL_FROM_ADB) != 0) {















            if (isUserRestricted(userId, UserManager.ENSURE_VERIFY_APPS)) {















                return true;















            }













            // Check if the developer does not want package verification for ADB installs













            // Check if the developer wants to skip verification for ADB installs













            if ((installFlags & PackageManager.INSTALL_DISABLE_VERIFICATION) != 0) {













                synchronized (mLock) {













                    if (mSettings.mPackages.get(pkgInfoLite.packageName) == null) {













                        // Always verify fresh install













                        return true;













                    }













                }













                // Only skip when apk is debuggable













                return !pkgInfoLite.debuggable;













            }















            return Global.getInt(mContext.getContentResolver(),















                    Global.PACKAGE_VERIFIER_INCLUDE_ADB, 1) != 0;













        } else {













        }

























        if ((installFlags & PackageManager.INSTALL_DISABLE_VERIFICATION) != 0) {













            return false;













        }



























        // only when not installed from ADB, skip verification for instant apps when















        // the installer and verifier are the same.















        if ((installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) {









@@ -13386,7 +13398,6 @@ public class PackageManagerService extends IPackageManager.Stub













        }















        return true;















    }













    }





























    /**















     * Check whether or not integrity verification has been enabled.










@@ -14549,7 +14560,7 @@ public class PackageManagerService extends IPackageManager.Stub













                    verificationInfo == null ? -1 : verificationInfo.installerUid;















            if (!origin.existing && requiredUid != -1















                    && isVerificationEnabled(













                    verifierUser.getIdentifier(), installFlags, installerUid)) {













                            pkgLite, verifierUser.getIdentifier(), installFlags, installerUid)) {















                final Intent verification = new Intent(















                        Intent.ACTION_PACKAGE_NEEDS_VERIFICATION);















                verification.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);

























services/core/java/com/android/server/pm/PackageManagerServiceUtils.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -794,6 +794,7 @@ public class PackageManagerServiceUtils {













        ret.verifiers = pkg.verifiers;















        ret.recommendedInstallLocation = recommendedInstallLocation;















        ret.multiArch = pkg.multiArch;













        ret.debuggable = pkg.debuggable;































        return ret;















    }

































services/core/java/com/android/server/pm/PackageManagerShellCommand.java



+3
−0




























Original line number
Diff line number
Diff line








@@ -2757,6 +2757,9 @@ class PackageManagerShellCommand extends ShellCommand {













                case "--no-wait":















                    params.mWaitForStagedSessionReady = false;















                    break;













                case "--skip-verification":













                    sessionParams.installFlags |= PackageManager.INSTALL_DISABLE_VERIFICATION;













                    break;















                default:















                    throw new IllegalArgumentException("Unknown option " + opt);















            }