Merge "Remove integrity verification from VerifyingSession" into main (8bbe3aff) · Commits · e / os / android_frameworks_base

services/core/java/android/content/pm/PackageManagerInternal.java

+8 −19

Original line number	Diff line number	Diff line
		@@ -90,6 +90,7 @@ public abstract class PackageManagerInternal {
		*/
		public static final int RESOLVE_NON_RESOLVER_ONLY = 0x00000002;

		@Deprecated
		@IntDef(value = {
		INTEGRITY_VERIFICATION_ALLOW,
		INTEGRITY_VERIFICATION_REJECT,
		@@ -97,18 +98,10 @@ public abstract class PackageManagerInternal {
		@Retention(RetentionPolicy.SOURCE)
		public @interface IntegrityVerificationResult {}

		/**
		* Used as the {@code verificationCode} argument for
		* {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the
		* integrity component allows the install to proceed.
		*/
		@Deprecated
		public static final int INTEGRITY_VERIFICATION_ALLOW = 1;

		/**
		* Used as the {@code verificationCode} argument for
		* {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the
		* integrity component does not allow install to proceed.
		*/
		@Deprecated
		public static final int INTEGRITY_VERIFICATION_REJECT = 0;

		/**
		@@ -1131,17 +1124,13 @@ public abstract class PackageManagerInternal {
		public abstract boolean isPermissionUpgradeNeeded(@UserIdInt int userId);

		/**
		* Allows the integrity component to respond to the
		* {@link Intent#ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification
		* broadcast} to respond to the package manager. The response must include
		* the {@code verificationCode} which is one of
		* {@link #INTEGRITY_VERIFICATION_ALLOW} and {@link #INTEGRITY_VERIFICATION_REJECT}.
		* Used to allow the integrity component to respond to the
		* ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification
		* broadcast to respond to the package manager.
		*
		* @param verificationId pending package identifier as passed via the
		* {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra.
		* @param verificationResult either {@link #INTEGRITY_VERIFICATION_ALLOW}
		* or {@link #INTEGRITY_VERIFICATION_REJECT}.
		* Deprecated.
		*/
		@Deprecated
		public abstract void setIntegrityVerificationResult(int verificationId,
		@IntegrityVerificationResult int verificationResult);

services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

+0 −29

Original line number	Diff line number	Diff line
		@@ -93,29 +93,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
		mContext = context;
		mPackageManagerInternal = packageManagerInternal;
		mHandler = handler;

		IntentFilter integrityVerificationFilter = new IntentFilter();
		integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION);
		try {
		integrityVerificationFilter.addDataType(PACKAGE_MIME_TYPE);
		} catch (IntentFilter.MalformedMimeTypeException e) {
		throw new RuntimeException("Mime type malformed: should never happen.", e);
		}

		mContext.registerReceiver(
		new BroadcastReceiver() {
		@Override
		public void onReceive(Context context, Intent intent) {
		if (!ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION.equals(
		intent.getAction())) {
		return;
		}
		mHandler.post(() -> handleIntegrityVerification(intent));
		}
		},
		integrityVerificationFilter,
		/* broadcastPermission= */ null,
		mHandler);
		}

		@Override
		@@ -157,10 +134,4 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
		public List<String> getWhitelistedRuleProviders() {
		return Collections.emptyList();
		}

		private void handleIntegrityVerification(Intent intent) {
		int verificationId = intent.getIntExtra(EXTRA_VERIFICATION_ID, -1);
		mPackageManagerInternal.setIntegrityVerificationResult(
		verificationId, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW);
		}
		}

services/core/java/com/android/server/pm/PackageHandler.java

+0 −74

Original line number	Diff line number	Diff line
		@@ -18,7 +18,6 @@ package com.android.server.pm;

		import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER;

		import static com.android.server.pm.PackageManagerService.CHECK_PENDING_INTEGRITY_VERIFICATION;
		import static com.android.server.pm.PackageManagerService.CHECK_PENDING_VERIFICATION;
		import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL;
		import static com.android.server.pm.PackageManagerService.DEFAULT_UNUSED_STATIC_SHARED_LIB_MIN_CACHE_PERIOD;
		@@ -29,7 +28,6 @@ import static com.android.server.pm.PackageManagerService.DOMAIN_VERIFICATION;
		import static com.android.server.pm.PackageManagerService.ENABLE_ROLLBACK_STATUS;
		import static com.android.server.pm.PackageManagerService.ENABLE_ROLLBACK_TIMEOUT;
		import static com.android.server.pm.PackageManagerService.INSTANT_APP_RESOLUTION_PHASE_TWO;
		import static com.android.server.pm.PackageManagerService.INTEGRITY_VERIFICATION_COMPLETE;
		import static com.android.server.pm.PackageManagerService.PACKAGE_VERIFIED;
		import static com.android.server.pm.PackageManagerService.POST_INSTALL;
		import static com.android.server.pm.PackageManagerService.PRUNE_UNUSED_STATIC_SHARED_LIBRARIES;
		@@ -149,42 +147,6 @@ final class PackageHandler extends Handler {

		break;
		}
		case CHECK_PENDING_INTEGRITY_VERIFICATION: {
		final int verificationId = msg.arg1;
		final PackageVerificationState state = mPm.mPendingVerification.get(verificationId);

		if (state != null && !state.isIntegrityVerificationComplete()) {
		final VerifyingSession verifyingSession = state.getVerifyingSession();
		final Uri originUri = Uri.fromFile(verifyingSession.mOriginInfo.mResolvedFile);

		String errorMsg = "Integrity verification timed out for " + originUri;
		Slog.i(TAG, errorMsg);

		state.setIntegrityVerificationResult(
		getDefaultIntegrityVerificationResponse());

		if (getDefaultIntegrityVerificationResponse()
		== PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW) {
		Slog.i(TAG, "Integrity check times out, continuing with " + originUri);
		} else {
		verifyingSession.setReturnCode(
		PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE,
		errorMsg);
		}

		if (state.areAllVerificationsComplete()) {
		mPm.mPendingVerification.remove(verificationId);
		}

		Trace.asyncTraceEnd(
		TRACE_TAG_PACKAGE_MANAGER,
		"integrity_verification",
		verificationId);

		verifyingSession.handleIntegrityVerificationFinished();
		}
		break;
		}
		case PACKAGE_VERIFIED: {
		final int verificationId = msg.arg1;

		@@ -205,42 +167,6 @@ final class PackageHandler extends Handler {

		break;
		}
		case INTEGRITY_VERIFICATION_COMPLETE: {
		final int verificationId = msg.arg1;

		final PackageVerificationState state = mPm.mPendingVerification.get(verificationId);
		if (state == null) {
		Slog.w(TAG, "Integrity verification with id " + verificationId
		+ " not found. It may be invalid or overridden by verifier");
		break;
		}

		final int response = (Integer) msg.obj;
		final VerifyingSession verifyingSession = state.getVerifyingSession();
		final Uri originUri = Uri.fromFile(verifyingSession.mOriginInfo.mResolvedFile);

		state.setIntegrityVerificationResult(response);

		if (response == PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW) {
		Slog.i(TAG, "Integrity check passed for " + originUri);
		} else {
		verifyingSession.setReturnCode(
		PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE,
		"Integrity check failed for " + originUri);
		}

		if (state.areAllVerificationsComplete()) {
		mPm.mPendingVerification.remove(verificationId);
		}

		Trace.asyncTraceEnd(
		TRACE_TAG_PACKAGE_MANAGER,
		"integrity_verification",
		verificationId);

		verifyingSession.handleIntegrityVerificationFinished();
		break;
		}
		case INSTANT_APP_RESOLUTION_PHASE_TWO: {
		InstantAppResolver.doInstantAppResolutionPhaseTwo(mPm.mContext,
		mPm.snapshotComputer(),

services/core/java/com/android/server/pm/PackageManagerService.java

+4 −6

Original line number	Diff line number	Diff line
		@@ -922,8 +922,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService
		static final int ENABLE_ROLLBACK_TIMEOUT = 22;
		static final int DEFERRED_NO_KILL_POST_DELETE = 23;
		static final int DEFERRED_NO_KILL_INSTALL_OBSERVER = 24;
		static final int INTEGRITY_VERIFICATION_COMPLETE = 25;
		static final int CHECK_PENDING_INTEGRITY_VERIFICATION = 26;
		// static final int UNUSED = 25;
		// static final int UNUSED = 26;
		static final int DOMAIN_VERIFICATION = 27;
		static final int PRUNE_UNUSED_STATIC_SHARED_LIBRARIES = 28;
		static final int DEFERRED_PENDING_KILL_INSTALL_OBSERVER = 29;
		@@ -7023,12 +7023,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService
		return mSettings.isPermissionUpgradeNeeded(userId);
		}

		@Deprecated
		@Override
		public void setIntegrityVerificationResult(int verificationId, int verificationResult) {
		final Message msg = mHandler.obtainMessage(INTEGRITY_VERIFICATION_COMPLETE);
		msg.arg1 = verificationId;
		msg.obj = verificationResult;
		mHandler.sendMessage(msg);
		// Do nothing.
		}

		@Override

services/core/java/com/android/server/pm/PackageVerificationState.java

+1 −11

Original line number	Diff line number	Diff line
		@@ -43,8 +43,6 @@ class PackageVerificationState {

		private boolean mRequiredVerificationPassed;

		private boolean mIntegrityVerificationComplete;

		/**
		* Create a new package verification state where {@code requiredVerifierUid} is the user ID for
		* the package that must reply affirmative before things can continue.
		@@ -213,15 +211,7 @@ class PackageVerificationState {
		return mExtendedTimeoutUids.get(uid, false);
		}

		void setIntegrityVerificationResult(int code) {
		mIntegrityVerificationComplete = true;
		}

		boolean isIntegrityVerificationComplete() {
		return mIntegrityVerificationComplete;
		}

		boolean areAllVerificationsComplete() {
		return mIntegrityVerificationComplete && isVerificationComplete();
		return isVerificationComplete();
		}
		}