Always send verification request to sufficient verifiers
Currently, a verification request is sent to sufficient verifiers (ones
defined in apps manifest) only there is a system-level verifier.
But there can be a setup, when system doesn't have a global verifier,
but some apps still ask for their own sufficient verifier to verify the
installation. This change changes a behaviour to make sure that
verification request will be sent in such cases.
Test: atest android.security.cts.PackageInstallerTest
Bug: 143374792
Change-Id: I35fa0f4bb86e61a3715a167342e4652e8df59704
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 799ce65..f106bfb 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -14726,9 +14726,8 @@
verificationState.setRequiredVerifierUid(requiredUid);
final int installerUid =
verificationInfo == null ? -1 : verificationInfo.installerUid;
- if (!origin.existing && requiredUid != -1
- && isVerificationEnabled(
- pkgLite, verifierUser.getIdentifier(), installFlags, installerUid)) {
+ if (!origin.existing && isVerificationEnabled(pkgLite, verifierUser.getIdentifier(),
+ installFlags, installerUid)) {
final Intent verification = new Intent(
Intent.ACTION_PACKAGE_NEEDS_VERIFICATION);
verification.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
@@ -14794,9 +14793,9 @@
}
}
- final ComponentName requiredVerifierComponent = matchComponentForVerifier(
- mRequiredVerifierPackage, receivers);
if (mRequiredVerifierPackage != null) {
+ final ComponentName requiredVerifierComponent = matchComponentForVerifier(
+ mRequiredVerifierPackage, receivers);
/*
* Send the intent to the required verification agent,
* but only start the verification timeout after the