Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eae775ff authored by Automerger Merge Worker's avatar Automerger Merge Worker
Browse files

Merge "Fix a bug with the settings for skipping integrity check for... 

Merge "Fix a bug with the settings for skipping integrity check for verifiers." into rvc-dev am: 9651ab2d am: f0513277

Change-Id: I65e689cb0ca7de70b333a6c39447cff1212cb7ab
parents 41e86d8f f0513277

services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

+11 −15
Original line number Original line Diff line number Diff line
@@ -118,8 +118,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
    private final RuleEvaluationEngine mEvaluationEngine;

    private final RuleEvaluationEngine mEvaluationEngine;

    private final IntegrityFileManager mIntegrityFileManager;

    private final IntegrityFileManager mIntegrityFileManager;





    private final boolean mCheckIntegrityForRuleProviders;



    /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */

    /** Create an instance of {@link AppIntegrityManagerServiceImpl}. */

    public static AppIntegrityManagerServiceImpl create(Context context) {

    public static AppIntegrityManagerServiceImpl create(Context context) {

        HandlerThread handlerThread = new HandlerThread("AppIntegrityManagerServiceHandler");

        HandlerThread handlerThread = new HandlerThread("AppIntegrityManagerServiceHandler");
@@ -130,13 +128,7 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
                LocalServices.getService(PackageManagerInternal.class),

                LocalServices.getService(PackageManagerInternal.class),

                RuleEvaluationEngine.getRuleEvaluationEngine(),

                RuleEvaluationEngine.getRuleEvaluationEngine(),

                IntegrityFileManager.getInstance(),

                IntegrityFileManager.getInstance(),

                handlerThread.getThreadHandler(),

                handlerThread.getThreadHandler());

                Settings.Global.getInt(

                        context.getContentResolver(),

                        Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER,

                        0)

                        == 1

        );

    }

    }





    @VisibleForTesting

    @VisibleForTesting
@@ -145,14 +137,12 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
            PackageManagerInternal packageManagerInternal,

            PackageManagerInternal packageManagerInternal,

            RuleEvaluationEngine evaluationEngine,

            RuleEvaluationEngine evaluationEngine,

            IntegrityFileManager integrityFileManager,

            IntegrityFileManager integrityFileManager,

            Handler handler,

            Handler handler) {

            boolean checkIntegrityForRuleProviders) {

        mContext = context;

        mContext = context;

        mPackageManagerInternal = packageManagerInternal;

        mPackageManagerInternal = packageManagerInternal;

        mEvaluationEngine = evaluationEngine;

        mEvaluationEngine = evaluationEngine;

        mIntegrityFileManager = integrityFileManager;

        mIntegrityFileManager = integrityFileManager;

        mHandler = handler;

        mHandler = handler;

        mCheckIntegrityForRuleProviders = checkIntegrityForRuleProviders;





        IntentFilter integrityVerificationFilter = new IntentFilter();

        IntentFilter integrityVerificationFilter = new IntentFilter();

        integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION);

        integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION);
@@ -263,7 +253,7 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
            String installerPackageName = getInstallerPackageName(intent);

            String installerPackageName = getInstallerPackageName(intent);





            // Skip integrity verification if the verifier is doing the install.

            // Skip integrity verification if the verifier is doing the install.

            if (!mCheckIntegrityForRuleProviders

            if (!integrityCheckIncludesRuleProvider()

                    && isRuleProvider(installerPackageName)) {

                    && isRuleProvider(installerPackageName)) {

                Slog.i(TAG, "Verifier doing the install. Skipping integrity check.");

                Slog.i(TAG, "Verifier doing the install. Skipping integrity check.");

                mPackageManagerInternal.setIntegrityVerificationResult(

                mPackageManagerInternal.setIntegrityVerificationResult(
@@ -275,8 +265,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
            List<String> installerCertificates =

            List<String> installerCertificates =

                    getInstallerCertificateFingerprint(installerPackageName);

                    getInstallerCertificateFingerprint(installerPackageName);





            Slog.w(TAG, appCertificates.toString());



            AppInstallMetadata.Builder builder = new AppInstallMetadata.Builder();

            AppInstallMetadata.Builder builder = new AppInstallMetadata.Builder();





            builder.setPackageName(getPackageNameNormalized(packageName));

            builder.setPackageName(getPackageNameNormalized(packageName));
@@ -635,4 +623,12 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
        return getAllowedRuleProviders().stream()

        return getAllowedRuleProviders().stream()

                .anyMatch(ruleProvider -> ruleProvider.equals(installerPackageName));

                .anyMatch(ruleProvider -> ruleProvider.equals(installerPackageName));

    }

    }



    private boolean integrityCheckIncludesRuleProvider() {

        return Settings.Global.getInt(

                mContext.getContentResolver(),

                Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER,

                0)

                == 1;

    }

}
 
}

services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java

+28 −13
Original line number Original line Diff line number Diff line
@@ -60,6 +60,7 @@ import android.content.res.Resources; 
import android.net.Uri;

import android.net.Uri;

import android.os.Handler;

import android.os.Handler;

import android.os.Message;

import android.os.Message;

import android.provider.Settings;





import androidx.test.InstrumentationRegistry;

import androidx.test.InstrumentationRegistry;
@@ -119,7 +120,6 @@ public class AppIntegrityManagerServiceImplTest { 
    private static final String PLAY_STORE_PKG = "com.android.vending";

    private static final String PLAY_STORE_PKG = "com.android.vending";

    private static final String ADB_INSTALLER = "adb";

    private static final String ADB_INSTALLER = "adb";

    private static final String PLAY_STORE_CERT = "play_store_cert";

    private static final String PLAY_STORE_CERT = "play_store_cert";

    private static final String ADB_CERT = "";





    @org.junit.Rule

    @org.junit.Rule

    public MockitoRule mMockitoRule = MockitoJUnit.rule();

    public MockitoRule mMockitoRule = MockitoJUnit.rule();
@@ -137,11 +137,12 @@ public class AppIntegrityManagerServiceImplTest { 
    @Mock

    @Mock

    Handler mHandler;

    Handler mHandler;





    private final Context mRealContext = InstrumentationRegistry.getTargetContext();



    private PackageManager mSpyPackageManager;

    private PackageManager mSpyPackageManager;

    private File mTestApk;

    private File mTestApk;

    private File mTestApkTwoCerts;

    private File mTestApkTwoCerts;





    private final Context mRealContext = InstrumentationRegistry.getTargetContext();

    // under test

    // under test

    private AppIntegrityManagerServiceImpl mService;

    private AppIntegrityManagerServiceImpl mService;
@@ -163,8 +164,7 @@ public class AppIntegrityManagerServiceImplTest { 
                        mPackageManagerInternal,

                        mPackageManagerInternal,

                        mRuleEvaluationEngine,

                        mRuleEvaluationEngine,

                        mIntegrityFileManager,

                        mIntegrityFileManager,

                        mHandler,

                        mHandler);

                        /* checkIntegrityForRuleProviders= */ true);





        mSpyPackageManager = spy(mRealContext.getPackageManager());

        mSpyPackageManager = spy(mRealContext.getPackageManager());

        // setup mocks to prevent NPE

        // setup mocks to prevent NPE
@@ -172,6 +172,9 @@ public class AppIntegrityManagerServiceImplTest { 
        when(mMockContext.getResources()).thenReturn(mMockResources);

        when(mMockContext.getResources()).thenReturn(mMockResources);

        when(mMockResources.getStringArray(anyInt())).thenReturn(new String[]{});

        when(mMockResources.getStringArray(anyInt())).thenReturn(new String[]{});

        when(mIntegrityFileManager.initialized()).thenReturn(true);

        when(mIntegrityFileManager.initialized()).thenReturn(true);

        // These are needed to override the Settings.Global.get result.

        when(mMockContext.getContentResolver()).thenReturn(mRealContext.getContentResolver());

        setIntegrityCheckIncludesRuleProvider(true);

    }

    }





    @After

    @After
@@ -201,6 +204,7 @@ public class AppIntegrityManagerServiceImplTest { 
    @Test

    @Test

    public void updateRuleSet_notSystemApp() throws Exception {

    public void updateRuleSet_notSystemApp() throws Exception {

        whitelistUsAsRuleProvider();

        whitelistUsAsRuleProvider();

        makeUsSystemApp(false);

        Rule rule =

        Rule rule =

                new Rule(

                new Rule(

                        new AtomicFormula.BooleanAtomicFormula(AtomicFormula.PRE_INSTALLED, true),

                        new AtomicFormula.BooleanAtomicFormula(AtomicFormula.PRE_INSTALLED, true),
@@ -411,14 +415,7 @@ public class AppIntegrityManagerServiceImplTest { 
    public void verifierAsInstaller_skipIntegrityVerification() throws Exception {

    public void verifierAsInstaller_skipIntegrityVerification() throws Exception {

        whitelistUsAsRuleProvider();

        whitelistUsAsRuleProvider();

        makeUsSystemApp();

        makeUsSystemApp();

        mService =

        setIntegrityCheckIncludesRuleProvider(false);

                new AppIntegrityManagerServiceImpl(

                        mMockContext,

                        mPackageManagerInternal,

                        mRuleEvaluationEngine,

                        mIntegrityFileManager,

                        mHandler,

                        /* checkIntegrityForRuleProviders= */ false);

        ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor =

        ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor =

                ArgumentCaptor.forClass(BroadcastReceiver.class);

                ArgumentCaptor.forClass(BroadcastReceiver.class);

        verify(mMockContext, atLeastOnce())

        verify(mMockContext, atLeastOnce())
@@ -460,12 +457,21 @@ public class AppIntegrityManagerServiceImplTest { 
    }

    }





    private void makeUsSystemApp() throws Exception {

    private void makeUsSystemApp() throws Exception {

        makeUsSystemApp(true);

    }



    private void makeUsSystemApp(boolean isSystemApp) throws Exception {

        PackageInfo packageInfo =

        PackageInfo packageInfo =

                mRealContext.getPackageManager().getPackageInfo(TEST_FRAMEWORK_PACKAGE, 0);

                mRealContext.getPackageManager().getPackageInfo(TEST_FRAMEWORK_PACKAGE, 0);

        if (isSystemApp) {

            packageInfo.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM;

            packageInfo.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM;

        } else {

            packageInfo.applicationInfo.flags &= ~ApplicationInfo.FLAG_SYSTEM;

        }

        doReturn(packageInfo)

        doReturn(packageInfo)

                .when(mSpyPackageManager)

                .when(mSpyPackageManager)

                .getPackageInfo(eq(TEST_FRAMEWORK_PACKAGE), anyInt());

                .getPackageInfo(eq(TEST_FRAMEWORK_PACKAGE), anyInt());

        when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager);

    }

    }





    private Intent makeVerificationIntent() throws Exception {

    private Intent makeVerificationIntent() throws Exception {
@@ -492,4 +498,13 @@ public class AppIntegrityManagerServiceImplTest { 
        intent.putExtra(Intent.EXTRA_LONG_VERSION_CODE, VERSION_CODE);

        intent.putExtra(Intent.EXTRA_LONG_VERSION_CODE, VERSION_CODE);

        return intent;

        return intent;

    }

    }



    private void setIntegrityCheckIncludesRuleProvider(boolean shouldInclude) throws Exception {

        int value = shouldInclude ? 1 : 0;

        Settings.Global.putInt(mRealContext.getContentResolver(),

                Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER, value);

        assertThat(Settings.Global.getInt(mRealContext.getContentResolver(),

                Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER, -1) == 1).isEqualTo(

                shouldInclude);

    }

}
 
}