Loading services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +2 −15 Original line number Original line Diff line number Diff line Loading @@ -52,7 +52,6 @@ import android.os.Handler; import android.os.HandlerThread; import android.os.HandlerThread; import android.os.UserHandle; import android.os.UserHandle; import android.provider.Settings; import android.provider.Settings; import android.security.FileIntegrityManager; import android.util.Slog; import android.util.Slog; import android.util.apk.SourceStampVerificationResult; import android.util.apk.SourceStampVerificationResult; import android.util.apk.SourceStampVerifier; import android.util.apk.SourceStampVerifier; Loading Loading @@ -122,7 +121,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { private final PackageManagerInternal mPackageManagerInternal; private final PackageManagerInternal mPackageManagerInternal; private final RuleEvaluationEngine mEvaluationEngine; private final RuleEvaluationEngine mEvaluationEngine; private final IntegrityFileManager mIntegrityFileManager; private final IntegrityFileManager mIntegrityFileManager; private final FileIntegrityManager mFileIntegrityManager; /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */ /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */ public static AppIntegrityManagerServiceImpl create(Context context) { public static AppIntegrityManagerServiceImpl create(Context context) { Loading @@ -134,7 +132,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { LocalServices.getService(PackageManagerInternal.class), LocalServices.getService(PackageManagerInternal.class), RuleEvaluationEngine.getRuleEvaluationEngine(), RuleEvaluationEngine.getRuleEvaluationEngine(), IntegrityFileManager.getInstance(), IntegrityFileManager.getInstance(), (FileIntegrityManager) context.getSystemService(Context.FILE_INTEGRITY_SERVICE), handlerThread.getThreadHandler()); handlerThread.getThreadHandler()); } } Loading @@ -144,13 +141,11 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { PackageManagerInternal packageManagerInternal, PackageManagerInternal packageManagerInternal, RuleEvaluationEngine evaluationEngine, RuleEvaluationEngine evaluationEngine, IntegrityFileManager integrityFileManager, IntegrityFileManager integrityFileManager, FileIntegrityManager fileIntegrityManager, Handler handler) { Handler handler) { mContext = context; mContext = context; mPackageManagerInternal = packageManagerInternal; mPackageManagerInternal = packageManagerInternal; mEvaluationEngine = evaluationEngine; mEvaluationEngine = evaluationEngine; mIntegrityFileManager = integrityFileManager; mIntegrityFileManager = integrityFileManager; mFileIntegrityManager = fileIntegrityManager; mHandler = handler; mHandler = handler; IntentFilter integrityVerificationFilter = new IntentFilter(); IntentFilter integrityVerificationFilter = new IntentFilter(); Loading Loading @@ -476,6 +471,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { SourceStampVerifier.verify(installationPath.getAbsolutePath()); SourceStampVerifier.verify(installationPath.getAbsolutePath()); appInstallMetadata.setIsStampPresent(sourceStampVerificationResult.isPresent()); appInstallMetadata.setIsStampPresent(sourceStampVerificationResult.isPresent()); appInstallMetadata.setIsStampVerified(sourceStampVerificationResult.isVerified()); appInstallMetadata.setIsStampVerified(sourceStampVerificationResult.isVerified()); // A verified stamp is set to be trusted. appInstallMetadata.setIsStampTrusted(sourceStampVerificationResult.isVerified()); if (sourceStampVerificationResult.isVerified()) { if (sourceStampVerificationResult.isVerified()) { X509Certificate sourceStampCertificate = X509Certificate sourceStampCertificate = (X509Certificate) sourceStampVerificationResult.getCertificate(); (X509Certificate) sourceStampVerificationResult.getCertificate(); Loading @@ -488,16 +485,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { throw new IllegalArgumentException( throw new IllegalArgumentException( "Error computing source stamp certificate digest", e); "Error computing source stamp certificate digest", e); } } // Checks if the source stamp certificate is trusted. try { appInstallMetadata.setIsStampTrusted( mFileIntegrityManager.isApkVeritySupported() && mFileIntegrityManager.isAppSourceCertificateTrusted( sourceStampCertificate)); } catch (CertificateEncodingException e) { throw new IllegalArgumentException( "Error checking if source stamp certificate is trusted", e); } } } } } Loading services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java +1 −7 Original line number Original line Diff line number Diff line Loading @@ -62,7 +62,6 @@ import android.net.Uri; import android.os.Handler; import android.os.Handler; import android.os.Message; import android.os.Message; import android.provider.Settings; import android.provider.Settings; import android.security.FileIntegrityManager; import androidx.test.InstrumentationRegistry; import androidx.test.InstrumentationRegistry; Loading Loading @@ -136,7 +135,6 @@ public class AppIntegrityManagerServiceImplTest { @Mock RuleEvaluationEngine mRuleEvaluationEngine; @Mock RuleEvaluationEngine mRuleEvaluationEngine; @Mock IntegrityFileManager mIntegrityFileManager; @Mock IntegrityFileManager mIntegrityFileManager; @Mock Handler mHandler; @Mock Handler mHandler; FileIntegrityManager mFileIntegrityManager; private final Context mRealContext = InstrumentationRegistry.getTargetContext(); private final Context mRealContext = InstrumentationRegistry.getTargetContext(); Loading Loading @@ -165,16 +163,12 @@ public class AppIntegrityManagerServiceImplTest { Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); } } mFileIntegrityManager = (FileIntegrityManager) mRealContext.getSystemService(Context.FILE_INTEGRITY_SERVICE); mService = mService = new AppIntegrityManagerServiceImpl( new AppIntegrityManagerServiceImpl( mMockContext, mMockContext, mPackageManagerInternal, mPackageManagerInternal, mRuleEvaluationEngine, mRuleEvaluationEngine, mIntegrityFileManager, mIntegrityFileManager, mFileIntegrityManager, mHandler); mHandler); mSpyPackageManager = spy(mRealContext.getPackageManager()); mSpyPackageManager = spy(mRealContext.getPackageManager()); Loading Loading @@ -379,7 +373,7 @@ public class AppIntegrityManagerServiceImplTest { AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); assertTrue(appInstallMetadata.isStampPresent()); assertTrue(appInstallMetadata.isStampPresent()); assertTrue(appInstallMetadata.isStampVerified()); assertTrue(appInstallMetadata.isStampVerified()); assertFalse(appInstallMetadata.isStampTrusted()); assertTrue(appInstallMetadata.isStampTrusted()); assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash()); assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash()); } } Loading Loading
services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +2 −15 Original line number Original line Diff line number Diff line Loading @@ -52,7 +52,6 @@ import android.os.Handler; import android.os.HandlerThread; import android.os.HandlerThread; import android.os.UserHandle; import android.os.UserHandle; import android.provider.Settings; import android.provider.Settings; import android.security.FileIntegrityManager; import android.util.Slog; import android.util.Slog; import android.util.apk.SourceStampVerificationResult; import android.util.apk.SourceStampVerificationResult; import android.util.apk.SourceStampVerifier; import android.util.apk.SourceStampVerifier; Loading Loading @@ -122,7 +121,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { private final PackageManagerInternal mPackageManagerInternal; private final PackageManagerInternal mPackageManagerInternal; private final RuleEvaluationEngine mEvaluationEngine; private final RuleEvaluationEngine mEvaluationEngine; private final IntegrityFileManager mIntegrityFileManager; private final IntegrityFileManager mIntegrityFileManager; private final FileIntegrityManager mFileIntegrityManager; /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */ /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */ public static AppIntegrityManagerServiceImpl create(Context context) { public static AppIntegrityManagerServiceImpl create(Context context) { Loading @@ -134,7 +132,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { LocalServices.getService(PackageManagerInternal.class), LocalServices.getService(PackageManagerInternal.class), RuleEvaluationEngine.getRuleEvaluationEngine(), RuleEvaluationEngine.getRuleEvaluationEngine(), IntegrityFileManager.getInstance(), IntegrityFileManager.getInstance(), (FileIntegrityManager) context.getSystemService(Context.FILE_INTEGRITY_SERVICE), handlerThread.getThreadHandler()); handlerThread.getThreadHandler()); } } Loading @@ -144,13 +141,11 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { PackageManagerInternal packageManagerInternal, PackageManagerInternal packageManagerInternal, RuleEvaluationEngine evaluationEngine, RuleEvaluationEngine evaluationEngine, IntegrityFileManager integrityFileManager, IntegrityFileManager integrityFileManager, FileIntegrityManager fileIntegrityManager, Handler handler) { Handler handler) { mContext = context; mContext = context; mPackageManagerInternal = packageManagerInternal; mPackageManagerInternal = packageManagerInternal; mEvaluationEngine = evaluationEngine; mEvaluationEngine = evaluationEngine; mIntegrityFileManager = integrityFileManager; mIntegrityFileManager = integrityFileManager; mFileIntegrityManager = fileIntegrityManager; mHandler = handler; mHandler = handler; IntentFilter integrityVerificationFilter = new IntentFilter(); IntentFilter integrityVerificationFilter = new IntentFilter(); Loading Loading @@ -476,6 +471,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { SourceStampVerifier.verify(installationPath.getAbsolutePath()); SourceStampVerifier.verify(installationPath.getAbsolutePath()); appInstallMetadata.setIsStampPresent(sourceStampVerificationResult.isPresent()); appInstallMetadata.setIsStampPresent(sourceStampVerificationResult.isPresent()); appInstallMetadata.setIsStampVerified(sourceStampVerificationResult.isVerified()); appInstallMetadata.setIsStampVerified(sourceStampVerificationResult.isVerified()); // A verified stamp is set to be trusted. appInstallMetadata.setIsStampTrusted(sourceStampVerificationResult.isVerified()); if (sourceStampVerificationResult.isVerified()) { if (sourceStampVerificationResult.isVerified()) { X509Certificate sourceStampCertificate = X509Certificate sourceStampCertificate = (X509Certificate) sourceStampVerificationResult.getCertificate(); (X509Certificate) sourceStampVerificationResult.getCertificate(); Loading @@ -488,16 +485,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { throw new IllegalArgumentException( throw new IllegalArgumentException( "Error computing source stamp certificate digest", e); "Error computing source stamp certificate digest", e); } } // Checks if the source stamp certificate is trusted. try { appInstallMetadata.setIsStampTrusted( mFileIntegrityManager.isApkVeritySupported() && mFileIntegrityManager.isAppSourceCertificateTrusted( sourceStampCertificate)); } catch (CertificateEncodingException e) { throw new IllegalArgumentException( "Error checking if source stamp certificate is trusted", e); } } } } } Loading
services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java +1 −7 Original line number Original line Diff line number Diff line Loading @@ -62,7 +62,6 @@ import android.net.Uri; import android.os.Handler; import android.os.Handler; import android.os.Message; import android.os.Message; import android.provider.Settings; import android.provider.Settings; import android.security.FileIntegrityManager; import androidx.test.InstrumentationRegistry; import androidx.test.InstrumentationRegistry; Loading Loading @@ -136,7 +135,6 @@ public class AppIntegrityManagerServiceImplTest { @Mock RuleEvaluationEngine mRuleEvaluationEngine; @Mock RuleEvaluationEngine mRuleEvaluationEngine; @Mock IntegrityFileManager mIntegrityFileManager; @Mock IntegrityFileManager mIntegrityFileManager; @Mock Handler mHandler; @Mock Handler mHandler; FileIntegrityManager mFileIntegrityManager; private final Context mRealContext = InstrumentationRegistry.getTargetContext(); private final Context mRealContext = InstrumentationRegistry.getTargetContext(); Loading Loading @@ -165,16 +163,12 @@ public class AppIntegrityManagerServiceImplTest { Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); } } mFileIntegrityManager = (FileIntegrityManager) mRealContext.getSystemService(Context.FILE_INTEGRITY_SERVICE); mService = mService = new AppIntegrityManagerServiceImpl( new AppIntegrityManagerServiceImpl( mMockContext, mMockContext, mPackageManagerInternal, mPackageManagerInternal, mRuleEvaluationEngine, mRuleEvaluationEngine, mIntegrityFileManager, mIntegrityFileManager, mFileIntegrityManager, mHandler); mHandler); mSpyPackageManager = spy(mRealContext.getPackageManager()); mSpyPackageManager = spy(mRealContext.getPackageManager()); Loading Loading @@ -379,7 +373,7 @@ public class AppIntegrityManagerServiceImplTest { AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); assertTrue(appInstallMetadata.isStampPresent()); assertTrue(appInstallMetadata.isStampPresent()); assertTrue(appInstallMetadata.isStampVerified()); assertTrue(appInstallMetadata.isStampVerified()); assertFalse(appInstallMetadata.isStampTrusted()); assertTrue(appInstallMetadata.isStampTrusted()); assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash()); assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash()); } } Loading
