Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0432c1f authored by Winson's avatar Winson
Browse files

Hook onUserUnlocked to verify no response packages 

Old v1 verification agents will not be boot aware, and thus cannot
begin boot time verification until the user unlocks their device. To
support them, this sends the broadcast once the user is unlocked and
decrypted credential storage is available.

The boot broadcast is maintained in case the verification agent is
somehow direct boot aware, allowing it to start verification as soon
as possible. It's expected that de-duplication and network response
caching by the verification agent will make this double send low
impact.

Bug: 178864286

Test: manual boot device with no verified packages with a v1 verifier

Change-Id: Id41306baeb3f94d4e709cf60dbfbc40e69cd1686
parent 804a79e7

services/core/java/com/android/server/pm/verify/domain/DomainVerificationService.java

+15 −0
Original line number Diff line number Diff line
@@ -177,6 +177,21 @@ public class DomainVerificationService extends SystemService 
        verifyPackages(null, false);

    }



    @Override

    public void onUserUnlocked(@NonNull TargetUser user) {

        super.onUserUnlocked(user);



        // Package verification is sent at both boot and user unlock. The latter will allow v1

        // verification agents to respond to the request, since they will not be directBootAware.

        // However, ideally v2 implementations are boot aware and can handle the initial boot

        // broadcast, to start verifying packages as soon as possible. It's possible this causes

        // unnecessary duplication at device start up, but the implementation is responsible for

        // de-duplicating.

        // TODO: This can be improved by checking if the broadcast was received by the

        //  verification agent in the initial boot broadcast

        verifyPackages(null, false);

    }



    @Override

    public void setProxy(@NonNull DomainVerificationProxy proxy) {

        mProxy = proxy;