Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d9a0ac73 authored by Treehugger Robot's avatar Treehugger Robot Committed by Android (Google) Code Review
Browse files

Merge changes Iff5bae75,I819bdcbf into main 

* changes:
  [ADI][39/N] update default policy
  [ADI][38/N] bypass multi-package (temporary workaround)
parents 508274fc 69f673d5

services/core/java/com/android/server/pm/PackageInstallerService.java

+5 −4
Original line number Diff line number Diff line
@@ -17,7 +17,7 @@ 
package com.android.server.pm;



import static android.app.admin.DevicePolicyResources.Strings.Core.PACKAGE_DELETED_BY_DO;

import static android.content.pm.PackageInstaller.DEVELOPER_VERIFICATION_POLICY_BLOCK_FAIL_WARN;

import static android.content.pm.PackageInstaller.DEVELOPER_VERIFICATION_POLICY_NONE;

import static android.content.pm.PackageInstaller.LOCATION_DATA_APP;

import static android.content.pm.PackageInstaller.SessionParams.MAX_PERMISSION_STATES_SIZE;

import static android.content.pm.PackageInstaller.SessionParams.MAX_URI_LENGTH;
@@ -291,9 +291,10 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements 
     */

    @GuardedBy("mVerificationPolicyPerUser")

    private final SparseIntArray mDeveloperVerificationPolicyPerUser = new SparseIntArray(1);

    // TODO(b/360129657): update the default policy.

    private static final int DEFAULT_VERIFICATION_POLICY =

            DEVELOPER_VERIFICATION_POLICY_BLOCK_FAIL_WARN;

    /**

     * Default developer verification policy for a new user.

     */

    private static final int DEFAULT_VERIFICATION_POLICY = DEVELOPER_VERIFICATION_POLICY_NONE;



    private static final class Lifecycle extends SystemService {

        private final PackageInstallerService mPackageInstallerService;

services/core/java/com/android/server/pm/PackageInstallerSession.java

+29 −15
Original line number Diff line number Diff line
@@ -189,6 +189,7 @@ import android.util.ExceptionUtils; 
import android.util.IntArray;

import android.util.Log;

import android.util.MathUtils;

import android.util.Pair;

import android.util.Slog;

import android.util.SparseArray;

import android.util.apk.ApkSignatureVerifier;
@@ -3028,24 +3029,26 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
            onSessionVerificationFailure(e.error, errorMsg, /* extras= */ null);

        }

        if (shouldUseVerificationService()) {

            final SigningInfo signingInfo;

            final List<SharedLibraryInfo> declaredLibraries;

            synchronized (mLock) {

                signingInfo = new SigningInfo(mSigningDetails);

                declaredLibraries =

                        mPackageLite == null ? null : mPackageLite.getDeclaredLibraries();

            }

            // Send the request to the verifier and wait for its response before the rest of

            // the installation can proceed.

            if (!mDeveloperVerifierController.startVerificationSession(mPm::snapshotComputer,

                    userId, sessionId, getPackageName(),

                    stageDir == null ? Uri.EMPTY : Uri.fromFile(stageDir), signingInfo,

            if (isMultiPackage()) {

                // TODO(b/360129657) perform developer verification on each children session before

                // moving on to the next installation stage.

                resumeVerify();

            } else { // Not a parent session

                final var infoPair = getSigningInfoAndDeclaredLibraries();

                final SigningInfo signingInfo = infoPair.first;

                final List<SharedLibraryInfo> declaredLibraries = infoPair.second;

                if (!mDeveloperVerifierController.startVerificationSession(

                        mPm::snapshotComputer, userId, sessionId, getPackageName(),

                        Uri.fromFile(stageDir), signingInfo,

                        declaredLibraries, mCurrentVerificationPolicy.get(),

                        /* extensionParams= */ params.extensionParams,

                        mDeveloperVerifierCallback, /* retry= */ false)) {

                    // A verifier is installed but cannot be connected. Maybe notify user.

                    mDeveloperVerifierCallback.onConnectionInfeasible();

                }

            }

            synchronized (mMetrics) {

                mMetrics.onDeveloperVerificationRequestSent();

            }
@@ -3055,6 +3058,17 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
        }

    }



    private Pair<SigningInfo, List<SharedLibraryInfo>> getSigningInfoAndDeclaredLibraries() {

        final SigningInfo signingInfo;

        final List<SharedLibraryInfo> declaredLibraries;

        synchronized (mLock) {

            signingInfo = new SigningInfo(mSigningDetails);

            declaredLibraries =

                    mPackageLite == null ? null : mPackageLite.getDeclaredLibraries();

        }

        return new Pair<>(signingInfo, declaredLibraries);

    }



    private boolean shouldUseVerificationService() {

        if (!Flags.verificationService()) {

            // Feature is not enabled.