Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e729070f authored by Nikita Ioffe's avatar Nikita Ioffe
Browse files

Always send verification request to sufficient verifiers 

Currently, a verification request is sent to sufficient verifiers (ones
defined in apps manifest) only there is a system-level verifier.

But there can be a setup, when system doesn't have a global verifier,
but some apps still ask for their own sufficient verifier to verify the
installation. This change changes a behaviour to make sure that
verification request will be sent in such cases.

Test: atest android.security.cts.PackageInstallerTest
Bug: 143374792
Change-Id: I35fa0f4bb86e61a3715a167342e4652e8df59704
parent 3320dd61

services/core/java/com/android/server/pm/PackageManagerService.java

+4 −5
Original line number Diff line number Diff line
@@ -14726,9 +14726,8 @@ public class PackageManagerService extends IPackageManager.Stub 
            verificationState.setRequiredVerifierUid(requiredUid);

            final int installerUid =

                    verificationInfo == null ? -1 : verificationInfo.installerUid;

            if (!origin.existing && requiredUid != -1

                    && isVerificationEnabled(

                            pkgLite, verifierUser.getIdentifier(), installFlags, installerUid)) {

            if (!origin.existing && isVerificationEnabled(pkgLite, verifierUser.getIdentifier(),

                      installFlags, installerUid)) {

                final Intent verification = new Intent(

                        Intent.ACTION_PACKAGE_NEEDS_VERIFICATION);

                verification.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
@@ -14794,9 +14793,9 @@ public class PackageManagerService extends IPackageManager.Stub 
                    }

                }













                if (mRequiredVerifierPackage != null) {















                    final ComponentName requiredVerifierComponent = matchComponentForVerifier(















                            mRequiredVerifierPackage, receivers);













                if (mRequiredVerifierPackage != null) {















                    /*















                     * Send the intent to the required verification agent,















                     * but only start the verification timeout after the