Verify querent for printing app links state (e466493f) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/ComputerEngine.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -3156,7 +3156,7 @@ public class ComputerEngine implements Computer {
		try {
		mDomainVerificationManager.printState(writer, packageName,
		UserHandle.USER_ALL, mSettings::getPackage);
		} catch (PackageManager.NameNotFoundException e) {
		} catch (Exception e) {
		pw.println("Failure printing domain verification information");
		Slog.e(TAG, "Failure printing domain verification information", e);
		}

services/core/java/com/android/server/pm/verify/domain/DomainVerificationEnforcer.java

+5 −2

Original line number	Diff line number	Diff line
		@@ -70,8 +70,11 @@ public class DomainVerificationEnforcer {
		break;
		default:
		if (!proxy.isCallerVerifier(callingUid)) {
		throw new SecurityException(
		"Caller is not allowed to query domain verification state");
		mContext.enforcePermission(android.Manifest.permission.DUMP,
		Binder.getCallingPid(), callingUid,
		"Caller " + callingUid
		+ " is not allowed to query domain verification state");
		break;
		}

		mContext.enforcePermission(android.Manifest.permission.QUERY_ALL_PACKAGES,

services/core/java/com/android/server/pm/verify/domain/DomainVerificationService.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -1197,6 +1197,7 @@ public class DomainVerificationService extends SystemService
		@Nullable @UserIdInt Integer userId,
		@NonNull Function<String, PackageStateInternal> pkgSettingFunction)
		throws NameNotFoundException {
		mEnforcer.assertApprovedQuerent(mConnection.getCallingUid(), mProxy);
		synchronized (mLock) {
		mDebug.printState(writer, packageName, userId, pkgSettingFunction, mAttachedPkgStates);
		}

services/tests/PackageManagerServiceTests/unit/src/com/android/server/pm/test/verify/domain/DomainVerificationEnforcerTest.kt

+26 −3

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ package com.android.server.pm.test.verify.domain
		import android.content.Context
		import android.content.Intent
		import android.content.pm.PackageManager
		import android.content.pm.SigningDetails
		import android.content.pm.parsing.component.ParsedActivityImpl
		import android.content.pm.parsing.component.ParsedIntentInfoImpl
		import android.content.pm.verify.domain.DomainVerificationManager
		@@ -26,6 +27,7 @@ import android.content.pm.verify.domain.DomainVerificationState
		import android.os.Build
		import android.os.Process
		import android.util.ArraySet
		import android.util.IndentingPrintWriter
		import android.util.SparseArray
		import androidx.test.platform.app.InstrumentationRegistry
		import com.android.server.pm.parsing.pkg.AndroidPackage
		@@ -46,6 +48,7 @@ import org.mockito.Mockito.anyInt
		import org.mockito.Mockito.anyLong
		import org.mockito.Mockito.anyString
		import org.mockito.Mockito.eq
		import org.mockito.Mockito.mock
		import org.mockito.Mockito.verifyNoMoreInteractions
		import java.util.UUID
		import java.util.concurrent.atomic.AtomicBoolean
		@@ -204,6 +207,14 @@ class DomainVerificationEnforcerTest {
		service(Type.QUERENT, "getInfo") {
		getDomainVerificationInfo(it.targetPackageName)
		},
		service(Type.QUERENT, "printState") {
		printState(mock(IndentingPrintWriter::class.java), null, null)
		},
		service(Type.QUERENT, "printStateInternal") {
		printState(mock(IndentingPrintWriter::class.java), null, null) {
		mockPkgState(it, UUID.randomUUID())
		}
		},
		service(Type.VERIFIER, "setStatus") {
		setDomainVerificationStatus(
		it.targetDomainSetId,
		@@ -311,6 +322,7 @@ class DomainVerificationEnforcerTest {
		}
		)
		}
		whenever(signingDetails) { SigningDetails.UNKNOWN }
		}

		fun mockPkgState(packageName: String, domainSetId: UUID) =
		@@ -327,6 +339,7 @@ class DomainVerificationEnforcerTest {
		}
		}
		whenever(isSystem) { false }
		whenever(signingDetails) { SigningDetails.UNKNOWN }
		}
		}

		@@ -373,6 +386,7 @@ class DomainVerificationEnforcerTest {
		val allowUserState = AtomicBoolean(false)
		val allowPreferredApps = AtomicBoolean(false)
		val allowQueryAll = AtomicBoolean(false)
		val allowDump = AtomicBoolean(false)
		val context: Context = mockThrowOnUnmocked {
		initPermission(
		allowUserState,
		@@ -383,6 +397,7 @@ class DomainVerificationEnforcerTest {
		android.Manifest.permission.SET_PREFERRED_APPLICATIONS
		)
		initPermission(allowQueryAll, android.Manifest.permission.QUERY_ALL_PACKAGES)
		initPermission(allowDump, android.Manifest.permission.DUMP)
		}
		val target = params.construct(context)

		@@ -409,6 +424,10 @@ class DomainVerificationEnforcerTest {
		allowQueryAll.set(true)

		assertFails { runMethod(target, NON_VERIFIER_UID) }

		allowDump.set(true)

		runMethod(target, NON_VERIFIER_UID)
		}

		private fun approvedVerifier() {
		@@ -794,9 +813,13 @@ class DomainVerificationEnforcerTest {
		}

		val valueAsInt = value as? Int
		if (valueAsInt != null && valueAsInt == DomainVerificationManager.STATUS_OK) {
		if (valueAsInt != null) {
		if (valueAsInt == DomainVerificationManager.STATUS_OK) {
		throw AssertionError("Expected call to return false, was $value")
		}
		} else {
		throw AssertionError("Expected call to fail")
		}
		} catch (e: SecurityException) {
		} catch (e: PackageManager.NameNotFoundException) {
		// Any of these 2 exceptions are considered failures, which is expected
		@@ -807,7 +830,7 @@ class DomainVerificationEnforcerTest {
		// System/shell only
		INTERNAL,

		// INTERNAL \|\| non-legacy domain verification agent
		// INTERNAL \|\| non-legacy domain verification agent \|\| DUMP permission
		QUERENT,

		// INTERNAL \|\| domain verification agent