Loading core/java/android/content/Intent.java +1 −0 Original line number Diff line number Diff line Loading @@ -11050,6 +11050,7 @@ public class Intent implements Parcelable, Cloneable { case ACTION_MEDIA_SCANNER_FINISHED: case ACTION_MEDIA_SCANNER_SCAN_FILE: case ACTION_PACKAGE_NEEDS_VERIFICATION: case ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION: case ACTION_PACKAGE_VERIFIED: case ACTION_PACKAGE_ENABLE_ROLLBACK: // Ignore legacy actions Loading services/core/java/android/content/pm/PackageManagerInternal.java +26 −5 Original line number Diff line number Diff line Loading @@ -66,6 +66,27 @@ public abstract class PackageManagerInternal { public static final int PACKAGE_WIFI = 13; public static final int PACKAGE_COMPANION = 14; @IntDef(value = { INTEGRITY_VERIFICATION_ALLOW, INTEGRITY_VERIFICATION_REJECT, }) @Retention(RetentionPolicy.SOURCE) public @interface IntegrityVerificationResult {} /** * Used as the {@code verificationCode} argument for * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the * integrity component allows the install to proceed. */ public static final int INTEGRITY_VERIFICATION_ALLOW = 1; /** * Used as the {@code verificationCode} argument for * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the * integrity component does not allow install to proceed. */ public static final int INTEGRITY_VERIFICATION_REJECT = 0; @IntDef(value = { PACKAGE_SYSTEM, PACKAGE_SETUP_WIZARD, Loading Loading @@ -842,13 +863,13 @@ public abstract class PackageManagerInternal { * {@link Intent#ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification * broadcast} to respond to the package manager. The response must include * the {@code verificationCode} which is one of * {@link PackageManager#VERIFICATION_ALLOW} or * {@link PackageManager#VERIFICATION_REJECT}. * {@link #INTEGRITY_VERIFICATION_ALLOW} and {@link #INTEGRITY_VERIFICATION_REJECT}. * * @param verificationId pending package identifier as passed via the * {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra. * @param verificationResult either {@link PackageManager#VERIFICATION_ALLOW} * or {@link PackageManager#VERIFICATION_REJECT}. * @param verificationResult either {@link #INTEGRITY_VERIFICATION_ALLOW} * or {@link #INTEGRITY_VERIFICATION_REJECT}. */ public abstract void setIntegrityVerificationResult(int verificationId, int verificationResult); public abstract void setIntegrityVerificationResult(int verificationId, @IntegrityVerificationResult int verificationResult); } services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +9 −2 Original line number Diff line number Diff line Loading @@ -23,7 +23,6 @@ import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.PackageManagerInternal; import android.os.Handler; import android.os.HandlerThread; Loading @@ -36,6 +35,8 @@ import com.android.server.LocalServices; class AppIntegrityManagerServiceImpl { private static final String TAG = "AppIntegrityManagerServiceImpl"; private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; private final Context mContext; private final Handler mHandler; private final PackageManagerInternal mPackageManagerInternal; Loading @@ -51,6 +52,11 @@ class AppIntegrityManagerServiceImpl { IntentFilter integrityVerificationFilter = new IntentFilter(); integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION); try { integrityVerificationFilter.addDataType(PACKAGE_MIME_TYPE); } catch (IntentFilter.MalformedMimeTypeException e) { throw new RuntimeException("Mime type malformed: should never happen.", e); } mContext.registerReceiver( new BroadcastReceiver() { Loading @@ -74,7 +80,8 @@ class AppIntegrityManagerServiceImpl { int verificationId = intent.getIntExtra(EXTRA_VERIFICATION_ID, -1); // TODO: implement this method. Slog.i(TAG, "Received integrity verification intent " + intent.toString()); Slog.i(TAG, "Extras " + intent.getExtras()); mPackageManagerInternal.setIntegrityVerificationResult( verificationId, PackageManager.VERIFICATION_ALLOW); verificationId, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); } } services/core/java/com/android/server/pm/PackageManagerService.java +371 −147 File changed.Preview size limit exceeded, changes collapsed. Show changes services/core/java/com/android/server/pm/PackageVerificationState.java +34 −24 Original line number Diff line number Diff line Loading @@ -22,18 +22,17 @@ import android.util.SparseBooleanArray; import com.android.server.pm.PackageManagerService.InstallParams; /** * Tracks the package verification state for a particular package. Each package * verification has a required verifier and zero or more sufficient verifiers. * Only one of the sufficient verifier list must return affirmative to allow the * package to be considered verified. If there are zero sufficient verifiers, * then package verification is considered complete. * Tracks the package verification state for a particular package. Each package verification has a * required verifier and zero or more sufficient verifiers. Only one of the sufficient verifier list * must return affirmative to allow the package to be considered verified. If there are zero * sufficient verifiers, then package verification is considered complete. */ class PackageVerificationState { private final InstallParams mParams; private final SparseBooleanArray mSufficientVerifierUids; private final int mRequiredVerifierUid; private int mRequiredVerifierUid; private boolean mSufficientVerificationComplete; Loading @@ -45,16 +44,13 @@ class PackageVerificationState { private boolean mExtendedTimeout; private boolean mIntegrityVerificationComplete; /** * Create a new package verification state where {@code requiredVerifierUid} * is the user ID for the package that must reply affirmative before things * can continue. * * @param requiredVerifierUid user ID of required package verifier * @param args * Create a new package verification state where {@code requiredVerifierUid} is the user ID for * the package that must reply affirmative before things can continue. */ PackageVerificationState(int requiredVerifierUid, InstallParams params) { mRequiredVerifierUid = requiredVerifierUid; PackageVerificationState(InstallParams params) { mParams = params; mSufficientVerifierUids = new SparseBooleanArray(); mExtendedTimeout = false; Loading @@ -64,6 +60,11 @@ class PackageVerificationState { return mParams; } /** Sets the user ID of the required package verifier. */ void setRequiredVerifierUid(int uid) { mRequiredVerifierUid = uid; } /** * Add a verifier which is added to our sufficient list. * Loading @@ -74,8 +75,8 @@ class PackageVerificationState { } /** * Should be called when a verification is received from an agent so the * state of the package verification can be tracked. * Should be called when a verification is received from an agent so the state of the package * verification can be tracked. * * @param uid user ID of the verifying agent * @return {@code true} if the verifying agent actually exists in our list Loading Loading @@ -114,9 +115,8 @@ class PackageVerificationState { } /** * Returns whether verification is considered complete. This means that the * required verifier and at least one of the sufficient verifiers has * returned a positive verification. * Returns whether verification is considered complete. This means that the required verifier * and at least one of the sufficient verifiers has returned a positive verification. * * @return {@code true} when verification is considered complete */ Loading @@ -133,8 +133,8 @@ class PackageVerificationState { } /** * Returns whether installation should be allowed. This should only be * called after {@link #isVerificationComplete()} returns {@code true}. * Returns whether installation should be allowed. This should only be called after {@link * #isVerificationComplete()} returns {@code true}. * * @return {@code true} if installation should be allowed */ Loading @@ -150,9 +150,7 @@ class PackageVerificationState { return true; } /** * Extend the timeout for this Package to be verified. */ /** Extend the timeout for this Package to be verified. */ void extendTimeout() { if (!mExtendedTimeout) { mExtendedTimeout = true; Loading @@ -167,4 +165,16 @@ class PackageVerificationState { boolean timeoutExtended() { return mExtendedTimeout; } void setIntegrityVerificationResult(int code) { mIntegrityVerificationComplete = true; } boolean isIntegrityVerificationComplete() { return mIntegrityVerificationComplete; } boolean areAllVerificationsComplete() { return mIntegrityVerificationComplete && isVerificationComplete(); } } Loading
core/java/android/content/Intent.java +1 −0 Original line number Diff line number Diff line Loading @@ -11050,6 +11050,7 @@ public class Intent implements Parcelable, Cloneable { case ACTION_MEDIA_SCANNER_FINISHED: case ACTION_MEDIA_SCANNER_SCAN_FILE: case ACTION_PACKAGE_NEEDS_VERIFICATION: case ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION: case ACTION_PACKAGE_VERIFIED: case ACTION_PACKAGE_ENABLE_ROLLBACK: // Ignore legacy actions Loading
services/core/java/android/content/pm/PackageManagerInternal.java +26 −5 Original line number Diff line number Diff line Loading @@ -66,6 +66,27 @@ public abstract class PackageManagerInternal { public static final int PACKAGE_WIFI = 13; public static final int PACKAGE_COMPANION = 14; @IntDef(value = { INTEGRITY_VERIFICATION_ALLOW, INTEGRITY_VERIFICATION_REJECT, }) @Retention(RetentionPolicy.SOURCE) public @interface IntegrityVerificationResult {} /** * Used as the {@code verificationCode} argument for * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the * integrity component allows the install to proceed. */ public static final int INTEGRITY_VERIFICATION_ALLOW = 1; /** * Used as the {@code verificationCode} argument for * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the * integrity component does not allow install to proceed. */ public static final int INTEGRITY_VERIFICATION_REJECT = 0; @IntDef(value = { PACKAGE_SYSTEM, PACKAGE_SETUP_WIZARD, Loading Loading @@ -842,13 +863,13 @@ public abstract class PackageManagerInternal { * {@link Intent#ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification * broadcast} to respond to the package manager. The response must include * the {@code verificationCode} which is one of * {@link PackageManager#VERIFICATION_ALLOW} or * {@link PackageManager#VERIFICATION_REJECT}. * {@link #INTEGRITY_VERIFICATION_ALLOW} and {@link #INTEGRITY_VERIFICATION_REJECT}. * * @param verificationId pending package identifier as passed via the * {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra. * @param verificationResult either {@link PackageManager#VERIFICATION_ALLOW} * or {@link PackageManager#VERIFICATION_REJECT}. * @param verificationResult either {@link #INTEGRITY_VERIFICATION_ALLOW} * or {@link #INTEGRITY_VERIFICATION_REJECT}. */ public abstract void setIntegrityVerificationResult(int verificationId, int verificationResult); public abstract void setIntegrityVerificationResult(int verificationId, @IntegrityVerificationResult int verificationResult); }
services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +9 −2 Original line number Diff line number Diff line Loading @@ -23,7 +23,6 @@ import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.PackageManagerInternal; import android.os.Handler; import android.os.HandlerThread; Loading @@ -36,6 +35,8 @@ import com.android.server.LocalServices; class AppIntegrityManagerServiceImpl { private static final String TAG = "AppIntegrityManagerServiceImpl"; private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; private final Context mContext; private final Handler mHandler; private final PackageManagerInternal mPackageManagerInternal; Loading @@ -51,6 +52,11 @@ class AppIntegrityManagerServiceImpl { IntentFilter integrityVerificationFilter = new IntentFilter(); integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION); try { integrityVerificationFilter.addDataType(PACKAGE_MIME_TYPE); } catch (IntentFilter.MalformedMimeTypeException e) { throw new RuntimeException("Mime type malformed: should never happen.", e); } mContext.registerReceiver( new BroadcastReceiver() { Loading @@ -74,7 +80,8 @@ class AppIntegrityManagerServiceImpl { int verificationId = intent.getIntExtra(EXTRA_VERIFICATION_ID, -1); // TODO: implement this method. Slog.i(TAG, "Received integrity verification intent " + intent.toString()); Slog.i(TAG, "Extras " + intent.getExtras()); mPackageManagerInternal.setIntegrityVerificationResult( verificationId, PackageManager.VERIFICATION_ALLOW); verificationId, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); } }
services/core/java/com/android/server/pm/PackageManagerService.java +371 −147 File changed.Preview size limit exceeded, changes collapsed. Show changes
services/core/java/com/android/server/pm/PackageVerificationState.java +34 −24 Original line number Diff line number Diff line Loading @@ -22,18 +22,17 @@ import android.util.SparseBooleanArray; import com.android.server.pm.PackageManagerService.InstallParams; /** * Tracks the package verification state for a particular package. Each package * verification has a required verifier and zero or more sufficient verifiers. * Only one of the sufficient verifier list must return affirmative to allow the * package to be considered verified. If there are zero sufficient verifiers, * then package verification is considered complete. * Tracks the package verification state for a particular package. Each package verification has a * required verifier and zero or more sufficient verifiers. Only one of the sufficient verifier list * must return affirmative to allow the package to be considered verified. If there are zero * sufficient verifiers, then package verification is considered complete. */ class PackageVerificationState { private final InstallParams mParams; private final SparseBooleanArray mSufficientVerifierUids; private final int mRequiredVerifierUid; private int mRequiredVerifierUid; private boolean mSufficientVerificationComplete; Loading @@ -45,16 +44,13 @@ class PackageVerificationState { private boolean mExtendedTimeout; private boolean mIntegrityVerificationComplete; /** * Create a new package verification state where {@code requiredVerifierUid} * is the user ID for the package that must reply affirmative before things * can continue. * * @param requiredVerifierUid user ID of required package verifier * @param args * Create a new package verification state where {@code requiredVerifierUid} is the user ID for * the package that must reply affirmative before things can continue. */ PackageVerificationState(int requiredVerifierUid, InstallParams params) { mRequiredVerifierUid = requiredVerifierUid; PackageVerificationState(InstallParams params) { mParams = params; mSufficientVerifierUids = new SparseBooleanArray(); mExtendedTimeout = false; Loading @@ -64,6 +60,11 @@ class PackageVerificationState { return mParams; } /** Sets the user ID of the required package verifier. */ void setRequiredVerifierUid(int uid) { mRequiredVerifierUid = uid; } /** * Add a verifier which is added to our sufficient list. * Loading @@ -74,8 +75,8 @@ class PackageVerificationState { } /** * Should be called when a verification is received from an agent so the * state of the package verification can be tracked. * Should be called when a verification is received from an agent so the state of the package * verification can be tracked. * * @param uid user ID of the verifying agent * @return {@code true} if the verifying agent actually exists in our list Loading Loading @@ -114,9 +115,8 @@ class PackageVerificationState { } /** * Returns whether verification is considered complete. This means that the * required verifier and at least one of the sufficient verifiers has * returned a positive verification. * Returns whether verification is considered complete. This means that the required verifier * and at least one of the sufficient verifiers has returned a positive verification. * * @return {@code true} when verification is considered complete */ Loading @@ -133,8 +133,8 @@ class PackageVerificationState { } /** * Returns whether installation should be allowed. This should only be * called after {@link #isVerificationComplete()} returns {@code true}. * Returns whether installation should be allowed. This should only be called after {@link * #isVerificationComplete()} returns {@code true}. * * @return {@code true} if installation should be allowed */ Loading @@ -150,9 +150,7 @@ class PackageVerificationState { return true; } /** * Extend the timeout for this Package to be verified. */ /** Extend the timeout for this Package to be verified. */ void extendTimeout() { if (!mExtendedTimeout) { mExtendedTimeout = true; Loading @@ -167,4 +165,16 @@ class PackageVerificationState { boolean timeoutExtended() { return mExtendedTimeout; } void setIntegrityVerificationResult(int code) { mIntegrityVerificationComplete = true; } boolean isIntegrityVerificationComplete() { return mIntegrityVerificationComplete; } boolean areAllVerificationsComplete() { return mIntegrityVerificationComplete && isVerificationComplete(); } }
