Loading services/core/java/com/android/server/pm/AppsFilter.java +23 −1 Original line number Original line Diff line number Diff line Loading @@ -20,10 +20,12 @@ import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER; import static android.provider.DeviceConfig.NAMESPACE_PACKAGE_MANAGER_SERVICE; import static android.provider.DeviceConfig.NAMESPACE_PACKAGE_MANAGER_SERVICE; import android.Manifest; import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.content.Intent; import android.content.Intent; import android.content.IntentFilter; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.PackageManager; import android.content.pm.PackageParser; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; Loading Loading @@ -108,6 +110,7 @@ public class AppsFilter { private final FeatureConfig mFeatureConfig; private final FeatureConfig mFeatureConfig; private final OverlayReferenceMapper mOverlayReferenceMapper; private final OverlayReferenceMapper mOverlayReferenceMapper; private PackageParser.SigningDetails mSystemSigningDetails; AppsFilter(FeatureConfig featureConfig, String[] forceQueryableWhitelist, AppsFilter(FeatureConfig featureConfig, String[] forceQueryableWhitelist, boolean systemAppsQueryable, boolean systemAppsQueryable, Loading Loading @@ -321,6 +324,17 @@ public class AppsFilter { */ */ public void addPackage(PackageSetting newPkgSetting, public void addPackage(PackageSetting newPkgSetting, ArrayMap<String, PackageSetting> existingSettings) { ArrayMap<String, PackageSetting> existingSettings) { if (Objects.equals("android", newPkgSetting.name)) { // let's set aside the framework signatures mSystemSigningDetails = newPkgSetting.signatures.mSigningDetails; // and since we add overlays before we add the framework, let's revisit already added // packages for signature matches for (PackageSetting setting : existingSettings.values()) { if (isSystemSigned(mSystemSigningDetails, setting)) { mForceQueryable.add(setting.appId); } } } Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "filter.addPackage"); Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "filter.addPackage"); try { try { final AndroidPackage newPkg = newPkgSetting.pkg; final AndroidPackage newPkg = newPkgSetting.pkg; Loading @@ -336,7 +350,9 @@ public class AppsFilter { || (newPkgSetting.isSystem() && (mSystemAppsQueryable || (newPkgSetting.isSystem() && (mSystemAppsQueryable || ArrayUtils.contains(mForceQueryableByDevicePackageNames, || ArrayUtils.contains(mForceQueryableByDevicePackageNames, newPkg.getPackageName()))); newPkg.getPackageName()))); if (newIsForceQueryable) { if (newIsForceQueryable || (mSystemSigningDetails != null && isSystemSigned(mSystemSigningDetails, newPkgSetting))) { mForceQueryable.add(newPkgSetting.appId); mForceQueryable.add(newPkgSetting.appId); } } Loading Loading @@ -382,6 +398,12 @@ public class AppsFilter { } } } } private static boolean isSystemSigned(@NonNull PackageParser.SigningDetails sysSigningDetails, PackageSetting pkgSetting) { return pkgSetting.isSystem() && pkgSetting.signatures.mSigningDetails.signaturesMatchExactly(sysSigningDetails); } /** /** * Removes a package for consideration when filtering visibility between apps. * Removes a package for consideration when filtering visibility between apps. * * Loading services/tests/servicestests/src/com/android/server/pm/AppsFilterTest.java +31 −0 Original line number Original line Diff line number Diff line Loading @@ -27,6 +27,8 @@ import android.annotation.Nullable; import android.content.Intent; import android.content.Intent; import android.content.IntentFilter; import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.ApplicationInfo; import android.content.pm.PackageParser; import android.content.pm.Signature; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; Loading @@ -48,8 +50,10 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import org.junit.runners.JUnit4; import org.mockito.Mock; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.mockito.MockitoAnnotations; import java.security.cert.CertificateException; import java.util.Collections; import java.util.Collections; import java.util.Map; import java.util.Map; import java.util.Set; import java.util.Set; Loading Loading @@ -284,6 +288,33 @@ public class AppsFilterTest { assertFalse(appsFilter.shouldFilterApplication(DUMMY_CALLING_UID, calling, target, 0)); assertFalse(appsFilter.shouldFilterApplication(DUMMY_CALLING_UID, calling, target, 0)); } } @Test public void testSystemSignedTarget_DoesntFilter() throws CertificateException { final AppsFilter appsFilter = new AppsFilter(mFeatureConfigMock, new String[]{}, false, null); appsFilter.onSystemReady(); final Signature frameworkSignature = Mockito.mock(Signature.class); final PackageParser.SigningDetails frameworkSigningDetails = new PackageParser.SigningDetails(new Signature[]{frameworkSignature}, 1); final Signature otherSignature = Mockito.mock(Signature.class); final PackageParser.SigningDetails otherSigningDetails = new PackageParser.SigningDetails(new Signature[]{otherSignature}, 1); simulateAddPackage(appsFilter, pkg("android"), 1000, b -> b.setSigningDetails(frameworkSigningDetails)); PackageSetting target = simulateAddPackage(appsFilter, pkg("com.some.package"), DUMMY_TARGET_UID, b -> b.setSigningDetails(frameworkSigningDetails)); PackageSetting calling = simulateAddPackage(appsFilter, pkg("com.some.other.package"), DUMMY_CALLING_UID, b -> b.setSigningDetails(otherSigningDetails)); assertFalse(appsFilter.shouldFilterApplication(DUMMY_CALLING_UID, calling, target, 0)); } @Test @Test public void testForceQueryableByDevice_NonSystemCaller_Filters() { public void testForceQueryableByDevice_NonSystemCaller_Filters() { final AppsFilter appsFilter = final AppsFilter appsFilter = Loading services/tests/servicestests/src/com/android/server/pm/PackageSettingBuilder.java +11 −0 Original line number Original line Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.pm; package com.android.server.pm; import android.content.pm.PackageParser; import android.content.pm.PackageUserState; import android.content.pm.PackageUserState; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.AndroidPackage; import android.util.SparseArray; import android.util.SparseArray; Loading @@ -42,6 +43,7 @@ public class PackageSettingBuilder { private AndroidPackage mPkg; private AndroidPackage mPkg; private int mAppId; private int mAppId; private InstallSource mInstallSource; private InstallSource mInstallSource; private PackageParser.SigningDetails mSigningDetails; public PackageSettingBuilder setPackage(AndroidPackage pkg) { public PackageSettingBuilder setPackage(AndroidPackage pkg) { this.mPkg = pkg; this.mPkg = pkg; Loading Loading @@ -143,12 +145,21 @@ public class PackageSettingBuilder { return this; return this; } } public PackageSettingBuilder setSigningDetails( PackageParser.SigningDetails signingDetails) { mSigningDetails = signingDetails; return this; } public PackageSetting build() { public PackageSetting build() { final PackageSetting packageSetting = new PackageSetting(mName, mRealName, final PackageSetting packageSetting = new PackageSetting(mName, mRealName, new File(mCodePath), new File(mResourcePath), new File(mCodePath), new File(mResourcePath), mLegacyNativeLibraryPathString, mPrimaryCpuAbiString, mSecondaryCpuAbiString, mLegacyNativeLibraryPathString, mPrimaryCpuAbiString, mSecondaryCpuAbiString, mCpuAbiOverrideString, mPVersionCode, mPkgFlags, mPrivateFlags, mSharedUserId, mCpuAbiOverrideString, mPVersionCode, mPkgFlags, mPrivateFlags, mSharedUserId, mUsesStaticLibraries, mUsesStaticLibrariesVersions); mUsesStaticLibraries, mUsesStaticLibrariesVersions); packageSetting.signatures = mSigningDetails != null ? new PackageSignatures(mSigningDetails) : new PackageSignatures(); packageSetting.pkg = mPkg; packageSetting.pkg = mPkg; packageSetting.appId = mAppId; packageSetting.appId = mAppId; packageSetting.volumeUuid = this.mVolumeUuid; packageSetting.volumeUuid = this.mVolumeUuid; Loading Loading
services/core/java/com/android/server/pm/AppsFilter.java +23 −1 Original line number Original line Diff line number Diff line Loading @@ -20,10 +20,12 @@ import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER; import static android.provider.DeviceConfig.NAMESPACE_PACKAGE_MANAGER_SERVICE; import static android.provider.DeviceConfig.NAMESPACE_PACKAGE_MANAGER_SERVICE; import android.Manifest; import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.content.Intent; import android.content.Intent; import android.content.IntentFilter; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.PackageManager; import android.content.pm.PackageParser; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; Loading Loading @@ -108,6 +110,7 @@ public class AppsFilter { private final FeatureConfig mFeatureConfig; private final FeatureConfig mFeatureConfig; private final OverlayReferenceMapper mOverlayReferenceMapper; private final OverlayReferenceMapper mOverlayReferenceMapper; private PackageParser.SigningDetails mSystemSigningDetails; AppsFilter(FeatureConfig featureConfig, String[] forceQueryableWhitelist, AppsFilter(FeatureConfig featureConfig, String[] forceQueryableWhitelist, boolean systemAppsQueryable, boolean systemAppsQueryable, Loading Loading @@ -321,6 +324,17 @@ public class AppsFilter { */ */ public void addPackage(PackageSetting newPkgSetting, public void addPackage(PackageSetting newPkgSetting, ArrayMap<String, PackageSetting> existingSettings) { ArrayMap<String, PackageSetting> existingSettings) { if (Objects.equals("android", newPkgSetting.name)) { // let's set aside the framework signatures mSystemSigningDetails = newPkgSetting.signatures.mSigningDetails; // and since we add overlays before we add the framework, let's revisit already added // packages for signature matches for (PackageSetting setting : existingSettings.values()) { if (isSystemSigned(mSystemSigningDetails, setting)) { mForceQueryable.add(setting.appId); } } } Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "filter.addPackage"); Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "filter.addPackage"); try { try { final AndroidPackage newPkg = newPkgSetting.pkg; final AndroidPackage newPkg = newPkgSetting.pkg; Loading @@ -336,7 +350,9 @@ public class AppsFilter { || (newPkgSetting.isSystem() && (mSystemAppsQueryable || (newPkgSetting.isSystem() && (mSystemAppsQueryable || ArrayUtils.contains(mForceQueryableByDevicePackageNames, || ArrayUtils.contains(mForceQueryableByDevicePackageNames, newPkg.getPackageName()))); newPkg.getPackageName()))); if (newIsForceQueryable) { if (newIsForceQueryable || (mSystemSigningDetails != null && isSystemSigned(mSystemSigningDetails, newPkgSetting))) { mForceQueryable.add(newPkgSetting.appId); mForceQueryable.add(newPkgSetting.appId); } } Loading Loading @@ -382,6 +398,12 @@ public class AppsFilter { } } } } private static boolean isSystemSigned(@NonNull PackageParser.SigningDetails sysSigningDetails, PackageSetting pkgSetting) { return pkgSetting.isSystem() && pkgSetting.signatures.mSigningDetails.signaturesMatchExactly(sysSigningDetails); } /** /** * Removes a package for consideration when filtering visibility between apps. * Removes a package for consideration when filtering visibility between apps. * * Loading
services/tests/servicestests/src/com/android/server/pm/AppsFilterTest.java +31 −0 Original line number Original line Diff line number Diff line Loading @@ -27,6 +27,8 @@ import android.annotation.Nullable; import android.content.Intent; import android.content.Intent; import android.content.IntentFilter; import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.ApplicationInfo; import android.content.pm.PackageParser; import android.content.pm.Signature; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; import android.content.pm.parsing.ComponentParseUtils.ParsedActivity; Loading @@ -48,8 +50,10 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import org.junit.runners.JUnit4; import org.mockito.Mock; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.mockito.MockitoAnnotations; import java.security.cert.CertificateException; import java.util.Collections; import java.util.Collections; import java.util.Map; import java.util.Map; import java.util.Set; import java.util.Set; Loading Loading @@ -284,6 +288,33 @@ public class AppsFilterTest { assertFalse(appsFilter.shouldFilterApplication(DUMMY_CALLING_UID, calling, target, 0)); assertFalse(appsFilter.shouldFilterApplication(DUMMY_CALLING_UID, calling, target, 0)); } } @Test public void testSystemSignedTarget_DoesntFilter() throws CertificateException { final AppsFilter appsFilter = new AppsFilter(mFeatureConfigMock, new String[]{}, false, null); appsFilter.onSystemReady(); final Signature frameworkSignature = Mockito.mock(Signature.class); final PackageParser.SigningDetails frameworkSigningDetails = new PackageParser.SigningDetails(new Signature[]{frameworkSignature}, 1); final Signature otherSignature = Mockito.mock(Signature.class); final PackageParser.SigningDetails otherSigningDetails = new PackageParser.SigningDetails(new Signature[]{otherSignature}, 1); simulateAddPackage(appsFilter, pkg("android"), 1000, b -> b.setSigningDetails(frameworkSigningDetails)); PackageSetting target = simulateAddPackage(appsFilter, pkg("com.some.package"), DUMMY_TARGET_UID, b -> b.setSigningDetails(frameworkSigningDetails)); PackageSetting calling = simulateAddPackage(appsFilter, pkg("com.some.other.package"), DUMMY_CALLING_UID, b -> b.setSigningDetails(otherSigningDetails)); assertFalse(appsFilter.shouldFilterApplication(DUMMY_CALLING_UID, calling, target, 0)); } @Test @Test public void testForceQueryableByDevice_NonSystemCaller_Filters() { public void testForceQueryableByDevice_NonSystemCaller_Filters() { final AppsFilter appsFilter = final AppsFilter appsFilter = Loading
services/tests/servicestests/src/com/android/server/pm/PackageSettingBuilder.java +11 −0 Original line number Original line Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.pm; package com.android.server.pm; import android.content.pm.PackageParser; import android.content.pm.PackageUserState; import android.content.pm.PackageUserState; import android.content.pm.parsing.AndroidPackage; import android.content.pm.parsing.AndroidPackage; import android.util.SparseArray; import android.util.SparseArray; Loading @@ -42,6 +43,7 @@ public class PackageSettingBuilder { private AndroidPackage mPkg; private AndroidPackage mPkg; private int mAppId; private int mAppId; private InstallSource mInstallSource; private InstallSource mInstallSource; private PackageParser.SigningDetails mSigningDetails; public PackageSettingBuilder setPackage(AndroidPackage pkg) { public PackageSettingBuilder setPackage(AndroidPackage pkg) { this.mPkg = pkg; this.mPkg = pkg; Loading Loading @@ -143,12 +145,21 @@ public class PackageSettingBuilder { return this; return this; } } public PackageSettingBuilder setSigningDetails( PackageParser.SigningDetails signingDetails) { mSigningDetails = signingDetails; return this; } public PackageSetting build() { public PackageSetting build() { final PackageSetting packageSetting = new PackageSetting(mName, mRealName, final PackageSetting packageSetting = new PackageSetting(mName, mRealName, new File(mCodePath), new File(mResourcePath), new File(mCodePath), new File(mResourcePath), mLegacyNativeLibraryPathString, mPrimaryCpuAbiString, mSecondaryCpuAbiString, mLegacyNativeLibraryPathString, mPrimaryCpuAbiString, mSecondaryCpuAbiString, mCpuAbiOverrideString, mPVersionCode, mPkgFlags, mPrivateFlags, mSharedUserId, mCpuAbiOverrideString, mPVersionCode, mPkgFlags, mPrivateFlags, mSharedUserId, mUsesStaticLibraries, mUsesStaticLibrariesVersions); mUsesStaticLibraries, mUsesStaticLibrariesVersions); packageSetting.signatures = mSigningDetails != null ? new PackageSignatures(mSigningDetails) : new PackageSignatures(); packageSetting.pkg = mPkg; packageSetting.pkg = mPkg; packageSetting.appId = mAppId; packageSetting.appId = mAppId; packageSetting.volumeUuid = this.mVolumeUuid; packageSetting.volumeUuid = this.mVolumeUuid; Loading
