Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b5439b3 authored by Song Chun Fan's avatar Song Chun Fan
Browse files

[7/N] only the current verifier can call VerificationSession APIs 

Only the current verifier bound by the system can call
VerificationSession APIs and the PackageInstaller API to change the
verification policy. This makes sure that even if there are multiple
verifiers installed on the device, only the one bound by the system can
affect the ongoing installations.

+ Removes @RequiresPermission from VerificationSession APIs because we
  no longer directly check for caller permission (instead, we are
checking for UID matches)
+ Add shell commands to get/set the global policy (for testing)
+ Improve error handling when binding to the verifier has failed
+ Some code polish

FLAG: android.content.pm.verification_service

BUG: 360129657
Test: atest CtsPackageManagerTestCases:VerifierServiceTest

Change-Id: If90d075ff117c666ae71bb593cad284f65f4d123
parent 425d3d5a

core/api/system-current.txt

+6 −6
Original line number Original line Diff line number Diff line
@@ -4636,7 +4636,7 @@ package android.content.pm.verify.pkg { 
















  @FlaggedApi("android.content.pm.verification_service") public final class VerificationSession implements android.os.Parcelable {







  @FlaggedApi("android.content.pm.verification_service") public final class VerificationSession implements android.os.Parcelable {











    method public int describeContents();







    method public int describeContents();











    method @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT) public long extendTimeRemaining(long);







    method public long extendTimeRemaining(long);











    method @NonNull public java.util.List<android.content.pm.SharedLibraryInfo> getDeclaredLibraries();







    method @NonNull public java.util.List<android.content.pm.SharedLibraryInfo> getDeclaredLibraries();











    method @NonNull public android.os.PersistableBundle getExtensionParams();







    method @NonNull public android.os.PersistableBundle getExtensionParams();











    method public int getId();







    method public int getId();









@@ -4644,12 +4644,12 @@ package android.content.pm.verify.pkg {









    method @NonNull public String getPackageName();







    method @NonNull public String getPackageName();











    method @NonNull public android.content.pm.SigningInfo getSigningInfo();







    method @NonNull public android.content.pm.SigningInfo getSigningInfo();











    method @NonNull public android.net.Uri getStagedPackageUri();







    method @NonNull public android.net.Uri getStagedPackageUri();











    method @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT) public long getTimeoutTime();







    method public long getTimeoutTime();











    method public int getVerificationPolicy();







    method public int getVerificationPolicy();











    method @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT) public void reportVerificationComplete(@NonNull android.content.pm.verify.pkg.VerificationStatus);







    method public void reportVerificationComplete(@NonNull android.content.pm.verify.pkg.VerificationStatus);











    method @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT) public void reportVerificationComplete(@NonNull android.content.pm.verify.pkg.VerificationStatus, @NonNull android.os.PersistableBundle);







    method public void reportVerificationComplete(@NonNull android.content.pm.verify.pkg.VerificationStatus, @NonNull android.os.PersistableBundle);











    method @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT) public void reportVerificationIncomplete(int);







    method public void reportVerificationIncomplete(int);











    method @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT) public boolean setVerificationPolicy(int);







    method public boolean setVerificationPolicy(int);











    method public void writeToParcel(@NonNull android.os.Parcel, int);







    method public void writeToParcel(@NonNull android.os.Parcel, int);











    field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.verify.pkg.VerificationSession> CREATOR;







    field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.verify.pkg.VerificationSession> CREATOR;











    field public static final int VERIFICATION_INCOMPLETE_NETWORK_UNAVAILABLE = 1; // 0x1







    field public static final int VERIFICATION_INCOMPLETE_NETWORK_UNAVAILABLE = 1; // 0x1

























core/java/android/content/pm/IPackageInstaller.aidl



+2
−2




























Original line number
Original line
Diff line number
Diff line








@@ -94,9 +94,9 @@ interface IPackageInstaller {









    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES,android.Manifest.permission.REQUEST_INSTALL_PACKAGES})")







    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(anyOf={android.Manifest.permission.INSTALL_PACKAGES,android.Manifest.permission.REQUEST_INSTALL_PACKAGES})")











    void reportUnarchivalStatus(int unarchiveId, int status, long requiredStorageBytes, in PendingIntent userActionIntent, in UserHandle userHandle);







    void reportUnarchivalStatus(int unarchiveId, int status, long requiredStorageBytes, in PendingIntent userActionIntent, in UserHandle userHandle);































    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")







    @EnforcePermission("VERIFICATION_AGENT")











    int getVerificationPolicy();







    int getVerificationPolicy();































    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")







    @EnforcePermission("VERIFICATION_AGENT")











    boolean setVerificationPolicy(int policy);







    boolean setVerificationPolicy(int policy);











}






}
























core/java/android/content/pm/verify/pkg/IVerificationSessionInterface.aidl



+1
−8




























Original line number
Original line
Diff line number
Diff line








@@ -24,16 +24,9 @@ import android.os.PersistableBundle;









 * @hide







 * @hide











 */







 */











interface IVerificationSessionInterface {







interface IVerificationSessionInterface {











    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")














    long getTimeoutTime(int verificationId);







    long getTimeoutTime(int verificationId);











    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")














    long extendTimeRemaining(int verificationId, long additionalMs);







    long extendTimeRemaining(int verificationId, long additionalMs);











    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")














    boolean setVerificationPolicy(int verificationId, int policy);







    boolean setVerificationPolicy(int verificationId, int policy);











    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")














    void reportVerificationIncomplete(int verificationId, int reason);







    void reportVerificationIncomplete(int verificationId, int reason);











    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")







    void reportVerificationComplete(int verificationId, in VerificationStatus status, in @nullable PersistableBundle extensionResponse);











    void reportVerificationComplete(int verificationId, in VerificationStatus status);














    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)")














    void reportVerificationCompleteWithExtensionResponse(int verificationId, in VerificationStatus status, in PersistableBundle response);














}






}











 No newline at end of file
























core/java/android/content/pm/verify/pkg/VerificationSession.java



+10
−11




























Original line number
Original line
Diff line number
Diff line








@@ -19,7 +19,6 @@ package android.content.pm.verify.pkg;









import android.annotation.FlaggedApi;







import android.annotation.FlaggedApi;











import android.annotation.IntDef;







import android.annotation.IntDef;











import android.annotation.NonNull;







import android.annotation.NonNull;











import android.annotation.RequiresPermission;














import android.annotation.SystemApi;







import android.annotation.SystemApi;











import android.content.pm.Flags;







import android.content.pm.Flags;











import android.content.pm.PackageInstaller;







import android.content.pm.PackageInstaller;










@@ -166,8 +165,8 @@ public final class VerificationSession implements Parcelable {









    /**







    /**











     * Get the value of Clock.elapsedRealtime() at which time this verification







     * Get the value of Clock.elapsedRealtime() at which time this verification











     * will timeout as incomplete if no other verification response is provided.







     * will timeout as incomplete if no other verification response is provided.














     * @throws SecurityException if the caller is not the current verifier bound by the system.











     */







     */











    @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)














    public long getTimeoutTime() {







    public long getTimeoutTime() {











        try {







        try {











            return mSession.getTimeoutTime(mId);







            return mSession.getTimeoutTime(mId);









@@ -190,8 +189,8 @@ public final class VerificationSession implements Parcelable {









    /**







    /**











     * Override the verification policy for this session.







     * Override the verification policy for this session.











     * @return True if the override was successful, False otherwise.







     * @return True if the override was successful, False otherwise.














     * @throws SecurityException if the caller is not the current verifier bound by the system.











     */







     */











    @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)














    public boolean setVerificationPolicy(@PackageInstaller.VerificationPolicy int policy) {







    public boolean setVerificationPolicy(@PackageInstaller.VerificationPolicy int policy) {











        if (mVerificationPolicy == policy) {







        if (mVerificationPolicy == policy) {











            // No effective policy change







            // No effective policy change









@@ -215,8 +214,8 @@ public final class VerificationSession implements Parcelable {









     * This may be called multiple times. If the request would bypass any max







     * This may be called multiple times. If the request would bypass any max











     * duration by the system, the method will return a lower value than the







     * duration by the system, the method will return a lower value than the











     * requested amount that indicates how much the time was extended.







     * requested amount that indicates how much the time was extended.














     * @throws SecurityException if the caller is not the current verifier bound by the system.











     */







     */











    @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)














    public long extendTimeRemaining(long additionalMs) {







    public long extendTimeRemaining(long additionalMs) {











        try {







        try {











            return mSession.extendTimeRemaining(mId, additionalMs);







            return mSession.extendTimeRemaining(mId, additionalMs);









@@ -227,9 +226,9 @@ public final class VerificationSession implements Parcelable {





























    /**







    /**











     * Report to the system that verification could not be completed along







     * Report to the system that verification could not be completed along











     * with an approximate reason to pass on to the installer.







     * with an approximate reason to pass on to the installer.]














     * @throws SecurityException if the caller is not the current verifier bound by the system.











     */







     */











    @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)














    public void reportVerificationIncomplete(@VerificationIncompleteReason int reason) {







    public void reportVerificationIncomplete(@VerificationIncompleteReason int reason) {











        try {







        try {











            mSession.reportVerificationIncomplete(mId, reason);







            mSession.reportVerificationIncomplete(mId, reason);









@@ -242,11 +241,11 @@ public final class VerificationSession implements Parcelable {









     * Report to the system that the verification has completed and the







     * Report to the system that the verification has completed and the











     * install process may act on that status to either block in the case







     * install process may act on that status to either block in the case











     * of failure or continue to process the install in the case of success.







     * of failure or continue to process the install in the case of success.














     * @throws SecurityException if the caller is not the current verifier bound by the system.











     */







     */











    @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)














    public void reportVerificationComplete(@NonNull VerificationStatus status) {







    public void reportVerificationComplete(@NonNull VerificationStatus status) {











        try {







        try {











            mSession.reportVerificationComplete(mId, status);







            mSession.reportVerificationComplete(mId, status,  /* extensionResponse= */ null);











        } catch (RemoteException e) {







        } catch (RemoteException e) {











            throw e.rethrowFromSystemServer();







            throw e.rethrowFromSystemServer();











        }







        }









@@ -256,12 +255,12 @@ public final class VerificationSession implements Parcelable {









     * Same as {@link #reportVerificationComplete(VerificationStatus)}, but also provide







     * Same as {@link #reportVerificationComplete(VerificationStatus)}, but also provide











     * a result to the extension params provided in the request, which will be passed to the







     * a result to the extension params provided in the request, which will be passed to the











     * installer in the installation result.







     * installer in the installation result.














     * @throws SecurityException if the caller is not the current verifier bound by the system.











     */







     */











    @RequiresPermission(android.Manifest.permission.VERIFICATION_AGENT)














    public void reportVerificationComplete(@NonNull VerificationStatus status,







    public void reportVerificationComplete(@NonNull VerificationStatus status,











            @NonNull PersistableBundle response) {







            @NonNull PersistableBundle extensionResponse) {











        try {







        try {











            mSession.reportVerificationCompleteWithExtensionResponse(mId, status, response);







            mSession.reportVerificationComplete(mId, status, extensionResponse);











        } catch (RemoteException e) {







        } catch (RemoteException e) {











            throw e.rethrowFromSystemServer();







            throw e.rethrowFromSystemServer();











        }







        }

































core/tests/coretests/src/android/content/pm/verify/VerificationSessionTest.java



+2
−2




























Original line number
Original line
Diff line number
Diff line








@@ -142,10 +142,10 @@ public class VerificationSessionTest {









                new VerificationStatus.Builder().setVerified(true).build();







                new VerificationStatus.Builder().setVerified(true).build();











        mTestSession.reportVerificationComplete(status);







        mTestSession.reportVerificationComplete(status);











        verify(mTestSessionInterface, times(1)).reportVerificationComplete(







        verify(mTestSessionInterface, times(1)).reportVerificationComplete(











                eq(TEST_ID), eq(status));







                eq(TEST_ID), eq(status), eq(null));











        mTestSession.reportVerificationComplete(status, response);







        mTestSession.reportVerificationComplete(status, response);











        verify(mTestSessionInterface, times(1))







        verify(mTestSessionInterface, times(1))











                .reportVerificationCompleteWithExtensionResponse(







                .reportVerificationComplete(











                        eq(TEST_ID), eq(status), eq(response));







                        eq(TEST_ID), eq(status), eq(response));































        final int reason = VerificationSession.VERIFICATION_INCOMPLETE_UNKNOWN;







        final int reason = VerificationSession.VERIFICATION_INCOMPLETE_UNKNOWN;