Organize MBA and APEX info with structs (a562ab96) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/os/IBinaryTransparencyService.aidl

+21 −0

Original line number	Original line	Diff line number	Diff line
	@@ -29,4 +29,25 @@ interface IBinaryTransparencyService {
	List getApexInfo();		List getApexInfo();

	void recordMeasurementsForAllPackages();		void recordMeasurementsForAllPackages();

			parcelable ApexInfo {
			String packageName;
			long longVersion;
			byte[] digest;
			int digestAlgorithm;
			String[] signerDigests;
			}

			parcelable AppInfo {
			String packageName;
			long longVersion;
			byte[] digest;
			int digestAlgorithm;
			String[] signerDigests;
			int mbaStatus;
			String initiator;
			String[] initiatorSignerDigests;
			String installer;
			String originator;
			}
	}		}
			No newline at end of file

services/core/java/com/android/server/BinaryTransparencyService.java

+69 −68

Original line number	Original line	Diff line number	Diff line
	@@ -285,18 +285,16 @@ public class BinaryTransparencyService extends SystemService {
	Bundle apexMeasurement = measurePackage(packageInfo);		Bundle apexMeasurement = measurePackage(packageInfo);

	if (record) {		if (record) {
	// compute digests of signing info		var apexInfo = new IBinaryTransparencyService.ApexInfo();
	String[] signerDigestHexStrings = computePackageSignerSha256Digests(		apexInfo.packageName = packageInfo.packageName;
	packageInfo.signingInfo);		apexInfo.longVersion = packageInfo.getLongVersionCode();
			apexInfo.digest = apexMeasurement.getByteArray(BUNDLE_CONTENT_DIGEST);
			apexInfo.digestAlgorithm =
			apexMeasurement.getInt(BUNDLE_CONTENT_DIGEST_ALGORITHM);
			apexInfo.signerDigests =
			computePackageSignerSha256Digests(packageInfo.signingInfo);

	// log to statsd		recordApexInfo(apexInfo);
	FrameworkStatsLog.write(FrameworkStatsLog.APEX_INFO_GATHERED,
	packageInfo.packageName,
	packageInfo.getLongVersionCode(),
	HexEncoding.encodeToString(apexMeasurement.getByteArray(
	BUNDLE_CONTENT_DIGEST), false),
	apexMeasurement.getInt(BUNDLE_CONTENT_DIGEST_ALGORITHM),
	signerDigestHexStrings);
	}		}
	}		}
	if (DEBUG) {		if (DEBUG) {
	@@ -313,11 +311,11 @@ public class BinaryTransparencyService extends SystemService {
	}		}
	packagesMeasured.add(packageInfo.packageName);		packagesMeasured.add(packageInfo.packageName);

	int mba_status = MBA_STATUS_PRELOADED;		int mbaStatus = MBA_STATUS_PRELOADED;
	if (packageInfo.signingInfo == null) {		if (packageInfo.signingInfo == null) {
	Slog.d(TAG, "Preload " + packageInfo.packageName + " at "		Slog.d(TAG, "Preload " + packageInfo.packageName + " at "
	+ packageInfo.applicationInfo.sourceDir + " has likely been updated.");		+ packageInfo.applicationInfo.sourceDir + " has likely been updated.");
	mba_status = MBA_STATUS_UPDATED_PRELOAD;		mbaStatus = MBA_STATUS_UPDATED_PRELOAD;

	PackageInfo origPackageInfo = packageInfo;		PackageInfo origPackageInfo = packageInfo;
	try {		try {
	@@ -328,32 +326,24 @@ public class BinaryTransparencyService extends SystemService {
	Slog.e(TAG, "Failed to obtain an updated PackageInfo of "		Slog.e(TAG, "Failed to obtain an updated PackageInfo of "
	+ origPackageInfo.packageName, e);		+ origPackageInfo.packageName, e);
	packageInfo = origPackageInfo;		packageInfo = origPackageInfo;
	mba_status = MBA_STATUS_ERROR;		mbaStatus = MBA_STATUS_ERROR;
	}		}
	}		}

			if (record && (mbaStatus == MBA_STATUS_UPDATED_PRELOAD)) {
	Bundle packageMeasurement = measurePackage(packageInfo);		Bundle packageMeasurement = measurePackage(packageInfo);

	if (record && (mba_status == MBA_STATUS_UPDATED_PRELOAD)) {		var appInfo = new IBinaryTransparencyService.AppInfo();
	// compute digests of signing info		appInfo.packageName = packageInfo.packageName;
	String[] signerDigestHexStrings = computePackageSignerSha256Digests(		appInfo.longVersion = packageInfo.getLongVersionCode();
	packageInfo.signingInfo);		appInfo.digest = packageMeasurement.getByteArray(BUNDLE_CONTENT_DIGEST);
			appInfo.digestAlgorithm =
			packageMeasurement.getInt(BUNDLE_CONTENT_DIGEST_ALGORITHM);
			appInfo.signerDigests =
			computePackageSignerSha256Digests(packageInfo.signingInfo);
			appInfo.mbaStatus = mbaStatus;

	// now we should have all the bits for the atom		writeAppInfoToLog(appInfo);
	byte[] cDigest = packageMeasurement.getByteArray(BUNDLE_CONTENT_DIGEST);
	FrameworkStatsLog.write(FrameworkStatsLog.MOBILE_BUNDLED_APP_INFO_GATHERED,
	packageInfo.packageName,
	packageInfo.getLongVersionCode(),
	(cDigest != null) ? HexEncoding.encodeToString(cDigest, false) : null,
	packageMeasurement.getInt(BUNDLE_CONTENT_DIGEST_ALGORITHM),
	signerDigestHexStrings, // signer_cert_digest
	mba_status, // mba_status
	null, // initiator
	null, // initiator_signer_digest
	null, // installer
	null // originator
	);
	}		}
	}		}
	if (DEBUG) {		if (DEBUG) {
	@@ -372,50 +362,36 @@ public class BinaryTransparencyService extends SystemService {
	Bundle packageMeasurement = measurePackage(packageInfo);		Bundle packageMeasurement = measurePackage(packageInfo);

	if (record) {		if (record) {
	// compute digests of signing info
	String[] signerDigestHexStrings = computePackageSignerSha256Digests(
	packageInfo.signingInfo);

	// then extract package's InstallSourceInfo
	if (DEBUG) {		if (DEBUG) {
	Slog.d(TAG,		Slog.d(TAG,
	"Extracting InstallSourceInfo for " + packageInfo.packageName);		"Extracting InstallSourceInfo for " + packageInfo.packageName);
	}		}
			var appInfo = new IBinaryTransparencyService.AppInfo();
			appInfo.packageName = packageInfo.packageName;
			appInfo.longVersion = packageInfo.getLongVersionCode();
			appInfo.digest = packageMeasurement.getByteArray(BUNDLE_CONTENT_DIGEST);
			appInfo.digestAlgorithm =
			packageMeasurement.getInt(BUNDLE_CONTENT_DIGEST_ALGORITHM);
			appInfo.signerDigests =
			computePackageSignerSha256Digests(packageInfo.signingInfo);
			appInfo.mbaStatus = MBA_STATUS_NEW_INSTALL;

			// extract package's InstallSourceInfo
	InstallSourceInfo installSourceInfo = getInstallSourceInfo(		InstallSourceInfo installSourceInfo = getInstallSourceInfo(
	packageInfo.packageName);		packageInfo.packageName);
	String initiator = null;
	SigningInfo initiatorSignerInfo = null;
	String[] initiatorSignerInfoDigest = null;
	String installer = null;
	String originator = null;

	if (installSourceInfo != null) {		if (installSourceInfo != null) {
	initiator = installSourceInfo.getInitiatingPackageName();		appInfo.initiator = installSourceInfo.getInitiatingPackageName();
	initiatorSignerInfo =		SigningInfo initiatorSignerInfo =
	installSourceInfo.getInitiatingPackageSigningInfo();		installSourceInfo.getInitiatingPackageSigningInfo();
	if (initiatorSignerInfo != null) {		if (initiatorSignerInfo != null) {
	initiatorSignerInfoDigest = computePackageSignerSha256Digests(		appInfo.initiatorSignerDigests =
	initiatorSignerInfo);		computePackageSignerSha256Digests(initiatorSignerInfo);
	}		}
	installer = installSourceInfo.getInstallingPackageName();		appInfo.installer = installSourceInfo.getInstallingPackageName();
	originator = installSourceInfo.getOriginatingPackageName();		appInfo.originator = installSourceInfo.getOriginatingPackageName();
	}		}

	// we should now have all the info needed for the atom		writeAppInfoToLog(appInfo);
	byte[] cDigest = packageMeasurement.getByteArray(BUNDLE_CONTENT_DIGEST);
	FrameworkStatsLog.write(FrameworkStatsLog.MOBILE_BUNDLED_APP_INFO_GATHERED,
	packageInfo.packageName,
	packageInfo.getLongVersionCode(),
	(cDigest != null) ? HexEncoding.encodeToString(cDigest, false)
	: null,
	packageMeasurement.getInt(BUNDLE_CONTENT_DIGEST_ALGORITHM),
	signerDigestHexStrings,
	MBA_STATUS_NEW_INSTALL, // mba_status
	initiator,
	initiatorSignerInfoDigest,
	installer,
	originator
	);
	}		}
	}		}
	}		}
	@@ -426,6 +402,31 @@ public class BinaryTransparencyService extends SystemService {
	}		}
	}		}

			private void recordApexInfo(IBinaryTransparencyService.ApexInfo apexInfo) {
			FrameworkStatsLog.write(FrameworkStatsLog.APEX_INFO_GATHERED,
			apexInfo.packageName,
			apexInfo.longVersion,
			(apexInfo.digest != null) ? HexEncoding.encodeToString(apexInfo.digest, false)
			: null,
			apexInfo.digestAlgorithm,
			apexInfo.signerDigests);
			}

			private void writeAppInfoToLog(IBinaryTransparencyService.AppInfo appInfo) {
			FrameworkStatsLog.write(FrameworkStatsLog.MOBILE_BUNDLED_APP_INFO_GATHERED,
			appInfo.packageName,
			appInfo.longVersion,
			(appInfo.digest != null) ? HexEncoding.encodeToString(appInfo.digest, false)
			: null,
			appInfo.digestAlgorithm,
			appInfo.signerDigests,
			appInfo.mbaStatus,
			appInfo.initiator,
			appInfo.initiatorSignerDigests,
			appInfo.installer,
			appInfo.originator);
			}

	/**		/**
	* A wrapper around		* A wrapper around
	* {@link ApkSignatureVerifier#verifySignaturesInternal(ParseInput, String, int, boolean)}.		* {@link ApkSignatureVerifier#verifySignaturesInternal(ParseInput, String, int, boolean)}.