commit 7c4c55dcb6d386fb3843069a02c177df66df09c7
author Todd Kennedy <toddke@google.com> Thu Nov 02 10:01:39 2017 -0700
committer Todd Kennedy <toddke@google.com> Thu Nov 02 14:29:22 2017 -0700
tree 9b02a63845dafacb1d062f37506fbcc6c1888665
parent 23567494d00a97712130c82e3be81a2e2495fefd

Move code

No functional changes. Moving code from PackageManagerService to
other classes where it makes more sense. Make some methods static
when they could easily be made so.

Bug: 63539144
Test: bit FrameworksServicesTests:com.android.server.pm.
Change-Id: If515315d27d9bf3d19cde0062deade5d05924b6d

services/core/java/com/android/server/pm/KeySetManagerService.java

diff --git a/services/core/java/com/android/server/pm/KeySetManagerService.java b/services/core/java/com/android/server/pm/KeySetManagerService.java
index 3574466..fca9585 100644
--- a/services/core/java/com/android/server/pm/KeySetManagerService.java
+++ b/services/core/java/com/android/server/pm/KeySetManagerService.java
@@ -18,6 +18,8 @@
 
 import static android.content.pm.PackageManager.INSTALL_FAILED_INVALID_APK;
 
+import static com.android.server.pm.PackageManagerService.SCAN_INITIAL;
+
 import com.android.internal.util.Preconditions;
 import android.content.pm.PackageParser;
 import android.util.ArrayMap;
@@ -341,6 +343,41 @@
         return mKeySets.get(id) != null;
     }
 
+    public boolean shouldCheckUpgradeKeySetLocked(PackageSettingBase oldPs, int scanFlags) {
+        // Can't rotate keys during boot or if sharedUser.
+        if (oldPs == null || (scanFlags&SCAN_INITIAL) != 0 || oldPs.isSharedUser()
+                || !oldPs.keySetData.isUsingUpgradeKeySets()) {
+            return false;
+        }
+        // app is using upgradeKeySets; make sure all are valid
+        long[] upgradeKeySets = oldPs.keySetData.getUpgradeKeySets();
+        for (int i = 0; i < upgradeKeySets.length; i++) {
+            if (!isIdValidKeySetId(upgradeKeySets[i])) {
+                Slog.wtf(TAG, "Package "
+                         + (oldPs.name != null ? oldPs.name : "<null>")
+                         + " contains upgrade-key-set reference to unknown key-set: "
+                         + upgradeKeySets[i]
+                         + " reverting to signatures check.");
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public boolean checkUpgradeKeySetLocked(PackageSettingBase oldPS,
+            PackageParser.Package newPkg) {
+        // Upgrade keysets are being used.  Determine if new package has a superset of the
+        // required keys.
+        long[] upgradeKeySets = oldPS.keySetData.getUpgradeKeySets();
+        for (int i = 0; i < upgradeKeySets.length; i++) {
+            Set<PublicKey> upgradeSet = getPublicKeysFromKeySetLPr(upgradeKeySets[i]);
+            if (upgradeSet != null && newPkg.mSigningKeys.containsAll(upgradeSet)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     /**
      * Fetches the {@link PublicKey public keys} which belong to the specified
      * KeySet id.