Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / e15fb0172c38a69551aedc43a28a24cd7c9647bf / . / services / core / java / com / android / server / webkit / WebViewUpdateService.java
blob: 4669676320d9ccd1747ba17901af26d8255bbd38 [file] [log] [blame]
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.webkit;
18
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]19import android.content.BroadcastReceiver;
20import android.content.Context;
21import android.content.Intent;
22import android.content.IntentFilter;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]23import android.content.pm.PackageInfo;
24import android.content.pm.PackageManager;
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]25import android.content.pm.PackageManager.NameNotFoundException;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]26import android.content.pm.Signature;
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]27import android.os.Binder;
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]28import android.os.PatternMatcher;
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]29import android.os.Process;
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]30import android.os.ResultReceiver;
Gustav Sennton23875b22016-02-09 14:11:33 +0000[diff] [blame]31import android.os.UserHandle;
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]32import android.util.Base64;
Primiano Tucci810c0522014-07-25 18:03:16 +0100[diff] [blame]33import android.util.Slog;
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]34import android.webkit.IWebViewUpdateService;
Gustav Sennton8b179262016-03-14 11:31:14 +0000[diff] [blame]35import android.webkit.WebViewFactory;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]36import android.webkit.WebViewProviderInfo;
37import android.webkit.WebViewProviderResponse;
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]38
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]39import com.android.server.SystemService;
40
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]41import java.io.FileDescriptor;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]42import java.util.ArrayList;
43import java.util.Arrays;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]44import java.util.List;
45
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]46/**
47 * Private service to wait for the updatable WebView to be ready for use.
48 * @hide
49 */
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]50public class WebViewUpdateService extends SystemService {
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]51
52 private static final String TAG = "WebViewUpdateService";
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]53 private static final int WAIT_TIMEOUT_MS = 4500; // KEY_DISPATCHING_TIMEOUT is 5000.
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]54
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]55 // Keeps track of the number of running relro creations
56 private int mNumRelroCreationsStarted = 0;
57 private int mNumRelroCreationsFinished = 0;
58 // Implies that we need to rerun relro creation because we are using an out-of-date package
59 private boolean mWebViewPackageDirty = false;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]60 private boolean mAnyWebViewInstalled = false;
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]61
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]62 private int NUMBER_OF_RELROS_UNKNOWN = Integer.MAX_VALUE;
63
64 // The WebView package currently in use (or the one we are preparing).
65 private PackageInfo mCurrentWebViewPackage = null;
Gustav Sennton6ce92c92015-10-23 11:10:39 +0100[diff] [blame]66
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]67 private BroadcastReceiver mWebViewUpdatedReceiver;
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]68 private SystemInterface mSystemInterface;
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]69
70 public WebViewUpdateService(Context context) {
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]71 super(context);
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]72 mSystemInterface = new SystemImpl();
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]73 }
74
75 @Override
76 public void onStart() {
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]77 mWebViewUpdatedReceiver = new BroadcastReceiver() {
78 @Override
79 public void onReceive(Context context, Intent intent) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]80 // When a package is replaced we will receive two intents, one representing
81 // the removal of the old package and one representing the addition of the
82 // new package.
83 // In the case where we receive an intent to remove the old version of the
Gustav Sennton26c82ff2016-03-11 13:06:40 +0000[diff] [blame]84 // package that is being replaced we early-out here so that we don't run the
85 // update-logic twice.
Gustav Sennton3098cf22015-11-10 03:33:09 +0000[diff] [blame]86 if (intent.getAction().equals(Intent.ACTION_PACKAGE_REMOVED)
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]87 && intent.getExtras().getBoolean(Intent.EXTRA_REPLACING)) {
Gustav Sennton3098cf22015-11-10 03:33:09 +0000[diff] [blame]88 return;
89 }
90
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]91 // Ensure that we only heed PACKAGE_CHANGED intents if they change an entire
92 // package, not just a component
93 if (intent.getAction().equals(Intent.ACTION_PACKAGE_CHANGED)) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]94 if (!entirePackageChanged(intent)) {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]95 return;
96 }
97 }
98
99 if (intent.getAction().equals(Intent.ACTION_USER_ADDED)) {
100 int userId =
101 intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
102 handleNewUser(userId);
103 return;
104 }
105
106 updateFallbackState(context, intent);
107
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]108 for (WebViewProviderInfo provider : mSystemInterface.getWebViewPackages()) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]109 String webviewPackage = "package:" + provider.packageName;
Gustav Sennton6ce92c92015-10-23 11:10:39 +0100[diff] [blame]110
111 if (webviewPackage.equals(intent.getDataString())) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]112 boolean updateWebView = false;
Gustav Sennton1e5d8032016-02-25 12:26:36 +0000[diff] [blame]113 boolean removedOrChangedOldPackage = false;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]114 String oldProviderName = null;
115 PackageInfo newPackage = null;
116 synchronized(WebViewUpdateService.this) {
117 try {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]118 newPackage = findPreferredWebViewPackage();
119 if (mCurrentWebViewPackage != null)
120 oldProviderName = mCurrentWebViewPackage.packageName;
121 // Only trigger update actions if the updated package is the one
122 // that will be used, or the one that was in use before the
123 // update, or if we haven't seen a valid WebView package before.
124 updateWebView =
125 provider.packageName.equals(newPackage.packageName)
126 || provider.packageName.equals(oldProviderName)
127 || mCurrentWebViewPackage == null;
128 // We removed the old package if we received an intent to remove
129 // or replace the old package.
Gustav Sennton1e5d8032016-02-25 12:26:36 +0000[diff] [blame]130 removedOrChangedOldPackage =
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]131 provider.packageName.equals(oldProviderName);
132 if (updateWebView) {
133 onWebViewProviderChanged(newPackage);
134 }
135 } catch (WebViewFactory.MissingWebViewPackageException e) {
136 Slog.e(TAG, "Could not find valid WebView package to create " +
137 "relro with " + e);
138 }
139 }
Gustav Sennton1e5d8032016-02-25 12:26:36 +0000[diff] [blame]140 if(updateWebView && !removedOrChangedOldPackage
141 && oldProviderName != null) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]142 // If the provider change is the result of adding or replacing a
143 // package that was not the previous provider then we must kill
144 // packages dependent on the old package ourselves. The framework
145 // only kills dependents of packages that are being removed.
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]146 mSystemInterface.killPackageDependents(oldProviderName);
Gustav Sennton6ce92c92015-10-23 11:10:39 +0100[diff] [blame]147 }
148 return;
149 }
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]150 }
151 }
152 };
153 IntentFilter filter = new IntentFilter();
Gustav Sennton3098cf22015-11-10 03:33:09 +0000[diff] [blame]154 filter.addAction(Intent.ACTION_PACKAGE_ADDED);
155 filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]156 filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]157 filter.addDataScheme("package");
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]158 // Make sure we only receive intents for WebView packages from our config file.
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]159 for (WebViewProviderInfo provider : mSystemInterface.getWebViewPackages()) {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]160 filter.addDataSchemeSpecificPart(provider.packageName, PatternMatcher.PATTERN_LITERAL);
161 }
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]162 getContext().registerReceiver(mWebViewUpdatedReceiver, filter);
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]163
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]164 IntentFilter userAddedFilter = new IntentFilter();
165 userAddedFilter.addAction(Intent.ACTION_USER_ADDED);
166 getContext().registerReceiver(mWebViewUpdatedReceiver, userAddedFilter);
167
Torne (Richard Coles)fc19b0a2016-02-01 16:16:57 +0000[diff] [blame]168 publishBinderService("webviewupdate", new BinderService(), true /*allowIsolated*/);
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]169 }
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]170
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]171 private boolean existsValidNonFallbackProvider(WebViewProviderInfo[] providers) {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]172 for (WebViewProviderInfo provider : providers) {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]173 if (provider.availableByDefault && !provider.isFallback) {
174 try {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]175 PackageInfo packageInfo = mSystemInterface.getPackageInfoForProvider(provider);
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]176 if (isEnabledPackage(packageInfo) && isValidProvider(provider, packageInfo)) {
177 return true;
178 }
179 } catch (NameNotFoundException e) {
180 // A non-existent provider is neither valid nor enabled
181 }
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]182 }
183 }
184 return false;
185 }
186
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]187 /**
188 * Called when a new user has been added to update the state of its fallback package.
189 */
190 void handleNewUser(int userId) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]191 if (!mSystemInterface.isFallbackLogicEnabled()) return;
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]192
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]193 WebViewProviderInfo[] webviewProviders = mSystemInterface.getWebViewPackages();
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]194 WebViewProviderInfo fallbackProvider = getFallbackProvider(webviewProviders);
195 if (fallbackProvider == null) return;
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]196
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]197 mSystemInterface.enablePackageForUser(fallbackProvider.packageName,
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]198 !existsValidNonFallbackProvider(webviewProviders), userId);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]199 }
200
201 /**
202 * Handle the enabled-state of our fallback package, i.e. if there exists some non-fallback
203 * package that is valid (and available by default) then disable the fallback package,
204 * otherwise, enable the fallback package.
205 */
206 void updateFallbackState(final Context context, final Intent intent) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]207 if (!mSystemInterface.isFallbackLogicEnabled()) return;
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]208
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]209 WebViewProviderInfo[] webviewProviders = mSystemInterface.getWebViewPackages();
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]210
211 if (intent != null && (intent.getAction().equals(Intent.ACTION_PACKAGE_ADDED)
212 || intent.getAction().equals(Intent.ACTION_PACKAGE_CHANGED))) {
213 // A package was changed / updated / downgraded, early out if it is not one of the
214 // webview packages that are available by default.
215 String changedPackage = null;
216 for (WebViewProviderInfo provider : webviewProviders) {
217 String webviewPackage = "package:" + provider.packageName;
218 if (webviewPackage.equals(intent.getDataString())) {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]219 if (provider.availableByDefault) {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]220 changedPackage = provider.packageName;
221 }
222 break;
223 }
224 }
225 if (changedPackage == null) return;
226 }
227
228 // If there exists a valid and enabled non-fallback package - disable the fallback
229 // package, otherwise, enable it.
230 WebViewProviderInfo fallbackProvider = getFallbackProvider(webviewProviders);
231 if (fallbackProvider == null) return;
232 boolean existsValidNonFallbackProvider = existsValidNonFallbackProvider(webviewProviders);
233
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]234 boolean isFallbackEnabled = false;
235 try {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]236 isFallbackEnabled =
237 isEnabledPackage(mSystemInterface.getPackageInfoForProvider(fallbackProvider));
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]238 } catch (NameNotFoundException e) {
239 }
240
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]241 if (existsValidNonFallbackProvider
242 // During an OTA the primary user's WebView state might differ from other users', so
243 // ignore the state of that user during boot.
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]244 && (isFallbackEnabled || intent == null)) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]245 mSystemInterface.uninstallAndDisablePackageForAllUsers(context,
246 fallbackProvider.packageName);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]247 } else if (!existsValidNonFallbackProvider
248 // During an OTA the primary user's WebView state might differ from other users', so
249 // ignore the state of that user during boot.
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]250 && (!isFallbackEnabled || intent==null)) {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]251 // Enable the fallback package for all users.
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]252 mSystemInterface.enablePackageForAllUsers(context, fallbackProvider.packageName, true);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]253 }
254 }
255
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]256 /**
257 * Returns the only fallback provider, or null if there is none.
258 */
259 private static WebViewProviderInfo getFallbackProvider(WebViewProviderInfo[] webviewPackages) {
260 for (WebViewProviderInfo provider : webviewPackages) {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]261 if (provider.isFallback) {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]262 return provider;
263 }
264 }
265 return null;
266 }
267
Gustav Sennton8b179262016-03-14 11:31:14 +0000[diff] [blame]268 private boolean isFallbackPackage(String packageName) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]269 if (packageName == null || !mSystemInterface.isFallbackLogicEnabled()) return false;
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]270
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]271 WebViewProviderInfo[] webviewPackages = mSystemInterface.getWebViewPackages();
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]272 WebViewProviderInfo fallbackProvider = getFallbackProvider(webviewPackages);
273 return (fallbackProvider != null
274 && packageName.equals(fallbackProvider.packageName));
275 }
276
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]277 /**
278 * Perform any WebView loading preparations that must happen at boot from the system server,
279 * after the package manager has started or after an update to the webview is installed.
280 * This must be called in the system server.
281 * Currently, this means spawning the child processes which will create the relro files.
282 */
283 public void prepareWebViewInSystemServer() {
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]284 updateFallbackState(getContext(), null);
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]285 try {
286 synchronized(this) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]287 mCurrentWebViewPackage = findPreferredWebViewPackage();
288 onWebViewProviderChanged(mCurrentWebViewPackage);
289 }
290 } catch (Throwable t) {
291 // Log and discard errors at this stage as we must not crash the system server.
292 Slog.e(TAG, "error preparing webview provider from system server", t);
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]293 }
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]294 }
295
296
297 /**
298 * Change WebView provider and provider setting and kill packages using the old provider.
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]299 * Return the new provider (in case we are in the middle of creating relro files this new
300 * provider will not be in use directly, but will when the relros are done).
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]301 */
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]302 private String changeProviderAndSetting(String newProviderName) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]303 PackageInfo oldPackage = null;
304 PackageInfo newPackage = null;
305 synchronized(this) {
306 oldPackage = mCurrentWebViewPackage;
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]307 mSystemInterface.updateUserSetting(getContext(), newProviderName);
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]308
309 try {
310 newPackage = findPreferredWebViewPackage();
311 if (oldPackage != null && newPackage.packageName.equals(oldPackage.packageName)) {
312 // If we don't perform the user change, revert the settings change.
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]313 mSystemInterface.updateUserSetting(getContext(), newPackage.packageName);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]314 return newPackage.packageName;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]315 }
316 } catch (WebViewFactory.MissingWebViewPackageException e) {
317 Slog.e(TAG, "Tried to change WebView provider but failed to fetch WebView package "
318 + e);
319 // If we don't perform the user change but don't have an installed WebView package,
320 // we will have changed the setting and it will be used when a package is available.
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]321 return newProviderName;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]322 }
323 onWebViewProviderChanged(newPackage);
324 }
325 // Kill apps using the old provider
Gustav Sennton8b179262016-03-14 11:31:14 +0000[diff] [blame]326 if (oldPackage != null) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]327 mSystemInterface.killPackageDependents(oldPackage.packageName);
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]328 }
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]329 return newPackage.packageName;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]330 }
331
332 /**
333 * This is called when we change WebView provider, either when the current provider is updated
334 * or a new provider is chosen / takes precedence.
335 */
336 private void onWebViewProviderChanged(PackageInfo newPackage) {
337 synchronized(this) {
338 mAnyWebViewInstalled = true;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]339 if (mNumRelroCreationsStarted == mNumRelroCreationsFinished) {
340 mCurrentWebViewPackage = newPackage;
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]341 mSystemInterface.updateUserSetting(getContext(), newPackage.packageName);
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]342
343 // The relro creations might 'finish' (not start at all) before
344 // WebViewFactory.onWebViewProviderChanged which means we might not know the number
345 // of started creations before they finish.
346 mNumRelroCreationsStarted = NUMBER_OF_RELROS_UNKNOWN;
347 mNumRelroCreationsFinished = 0;
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]348 mNumRelroCreationsStarted = mSystemInterface.onWebViewProviderChanged(newPackage);
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]349 // If the relro creations finish before we know the number of started creations we
350 // will have to do any cleanup/notifying here.
351 checkIfRelrosDoneLocked();
352 } else {
353 mWebViewPackageDirty = true;
354 }
355 }
356 }
357
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]358 private ProviderAndPackageInfo[] getValidWebViewPackagesAndInfos() {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]359 WebViewProviderInfo[] allProviders = mSystemInterface.getWebViewPackages();
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]360 List<ProviderAndPackageInfo> providers = new ArrayList<>();
361 for(int n = 0; n < allProviders.length; n++) {
362 try {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]363 PackageInfo packageInfo =
364 mSystemInterface.getPackageInfoForProvider(allProviders[n]);
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]365 if (isValidProvider(allProviders[n], packageInfo)) {
366 providers.add(new ProviderAndPackageInfo(allProviders[n], packageInfo));
367 }
368 } catch (NameNotFoundException e) {
369 // Don't add non-existent packages
370 }
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]371 }
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]372 return providers.toArray(new ProviderAndPackageInfo[providers.size()]);
373 }
374
375 /**
376 * Fetch only the currently valid WebView packages.
377 **/
378 private WebViewProviderInfo[] getValidWebViewPackages() {
379 ProviderAndPackageInfo[] providersAndPackageInfos = getValidWebViewPackagesAndInfos();
380 WebViewProviderInfo[] providers = new WebViewProviderInfo[providersAndPackageInfos.length];
381 for(int n = 0; n < providersAndPackageInfos.length; n++) {
382 providers[n] = providersAndPackageInfos[n].provider;
383 }
384 return providers;
385 }
386
387 private class ProviderAndPackageInfo {
388 public final WebViewProviderInfo provider;
389 public final PackageInfo packageInfo;
390
391 public ProviderAndPackageInfo(WebViewProviderInfo provider, PackageInfo packageInfo) {
392 this.provider = provider;
393 this.packageInfo = packageInfo;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]394 }
395 }
396
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]397 /**
398 * Returns either the package info of the WebView provider determined in the following way:
399 * If the user has chosen a provider then use that if it is valid,
400 * otherwise use the first package in the webview priority list that is valid.
401 *
402 * @hide
403 */
404 private PackageInfo findPreferredWebViewPackage() {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]405 ProviderAndPackageInfo[] providers = getValidWebViewPackagesAndInfos();
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]406
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]407 String userChosenProvider = mSystemInterface.getUserChosenWebViewProvider(getContext());
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]408
409 // If the user has chosen provider, use that
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]410 for (ProviderAndPackageInfo providerAndPackage : providers) {
411 if (providerAndPackage.provider.packageName.equals(userChosenProvider)
412 && isEnabledPackage(providerAndPackage.packageInfo)) {
413 return providerAndPackage.packageInfo;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]414 }
415 }
416
Gustav Sennton27f13de2016-01-05 20:22:02 +0000[diff] [blame]417 // User did not choose, or the choice failed; use the most stable provider that is
418 // enabled and available by default (not through user choice).
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]419 for (ProviderAndPackageInfo providerAndPackage : providers) {
420 if (providerAndPackage.provider.availableByDefault
421 && isEnabledPackage(providerAndPackage.packageInfo)) {
422 return providerAndPackage.packageInfo;
Gustav Sennton27f13de2016-01-05 20:22:02 +0000[diff] [blame]423 }
424 }
425
426 // Could not find any enabled package either, use the most stable provider.
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]427 for (ProviderAndPackageInfo providerAndPackage : providers) {
428 return providerAndPackage.packageInfo;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]429 }
Gustav Sennton27f13de2016-01-05 20:22:02 +0000[diff] [blame]430
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]431 mAnyWebViewInstalled = false;
432 throw new WebViewFactory.MissingWebViewPackageException(
433 "Could not find a loadable WebView package");
434 }
435
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]436
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]437 /**
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]438 * Returns whether this provider is valid for use as a WebView provider.
439 */
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]440 public boolean isValidProvider(WebViewProviderInfo configInfo,
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]441 PackageInfo packageInfo) {
442 if (providerHasValidSignature(configInfo, packageInfo) &&
443 WebViewFactory.getWebViewLibrary(packageInfo.applicationInfo) != null) {
444 return true;
445 }
446 return false;
447 }
448
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]449 private boolean providerHasValidSignature(WebViewProviderInfo provider,
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]450 PackageInfo packageInfo) {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]451 if (mSystemInterface.systemIsDebuggable()) {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]452 return true;
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]453 }
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]454 Signature[] packageSignatures;
455 // If no signature is declared, instead check whether the package is included in the
456 // system.
457 if (provider.signatures == null || provider.signatures.length == 0) {
458 return packageInfo.applicationInfo.isSystemApp();
459 }
460 packageSignatures = packageInfo.signatures;
461 if (packageSignatures.length != 1)
462 return false;
463
464 final byte[] packageSignature = packageSignatures[0].toByteArray();
465 // Return whether the package signature matches any of the valid signatures
466 for (String signature : provider.signatures) {
467 final byte[] validSignature = Base64.decode(signature, Base64.DEFAULT);
468 if (Arrays.equals(packageSignature, validSignature))
469 return true;
470 }
471 return false;
472 }
473
474 /**
475 * Returns whether the given package is enabled.
476 * This state can be changed by the user from Settings->Apps
477 */
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]478 public boolean isEnabledPackage(PackageInfo packageInfo) {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]479 return packageInfo.applicationInfo.enabled;
480 }
481
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]482 /**
483 * Returns whether the entire package from an ACTION_PACKAGE_CHANGED intent was changed (rather
484 * than just one of its components).
485 * @hide
486 */
487 public static boolean entirePackageChanged(Intent intent) {
488 String[] componentList =
489 intent.getStringArrayExtra(Intent.EXTRA_CHANGED_COMPONENT_NAME_LIST);
490 return Arrays.asList(componentList).contains(
491 intent.getDataString().substring("package:".length()));
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]492 }
493
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]494 /**
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]495 * Returns whether WebView is ready and is not going to go through its preparation phase again
496 * directly.
497 */
498 private boolean webViewIsReadyLocked() {
499 return !mWebViewPackageDirty
500 && (mNumRelroCreationsStarted == mNumRelroCreationsFinished)
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]501 // The current package might be replaced though we haven't received an intent declaring
502 // this yet, the following flag makes anyone loading WebView to wait in this case.
503 && mAnyWebViewInstalled;
504 }
505
506 private void checkIfRelrosDoneLocked() {
507 if (mNumRelroCreationsStarted == mNumRelroCreationsFinished) {
508 if (mWebViewPackageDirty) {
509 mWebViewPackageDirty = false;
510 // If we have changed provider since we started the relro creation we need to
511 // redo the whole process using the new package instead.
Gustav Sennton26c82ff2016-03-11 13:06:40 +0000[diff] [blame]512 PackageInfo newPackage = findPreferredWebViewPackage();
513 onWebViewProviderChanged(newPackage);
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]514 } else {
515 this.notifyAll();
516 }
517 }
Ben Murdochdc00a842014-07-17 14:55:00 +0100[diff] [blame]518 }
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]519
520 private class BinderService extends IWebViewUpdateService.Stub {
521
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]522 @Override
523 public void onShellCommand(FileDescriptor in, FileDescriptor out,
524 FileDescriptor err, String[] args, ResultReceiver resultReceiver) {
525 (new WebViewUpdateServiceShellCommand(this)).exec(
526 this, in, out, err, args, resultReceiver);
527 }
528
529
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]530 /**
531 * The shared relro process calls this to notify us that it's done trying to create a relro
532 * file. This method gets called even if the relro creation has failed or the process
533 * crashed.
534 */
535 @Override // Binder call
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]536 public void notifyRelroCreationCompleted() {
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]537 // Verify that the caller is either the shared relro process (nominal case) or the
538 // system server (only in the case the relro process crashes and we get here via the
539 // crashHandler).
540 if (Binder.getCallingUid() != Process.SHARED_RELRO_UID &&
541 Binder.getCallingUid() != Process.SYSTEM_UID) {
542 return;
543 }
544
Gustav Sennton275d13c2016-02-24 10:58:09 +0000[diff] [blame]545 long callingId = Binder.clearCallingIdentity();
546 try {
547 synchronized (WebViewUpdateService.this) {
548 mNumRelroCreationsFinished++;
549 checkIfRelrosDoneLocked();
550 }
551 } finally {
552 Binder.restoreCallingIdentity(callingId);
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]553 }
554 }
555
556 /**
557 * WebViewFactory calls this to block WebView loading until the relro file is created.
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]558 * Returns the WebView provider for which we create relro files.
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]559 */
560 @Override // Binder call
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]561 public WebViewProviderResponse waitForAndGetProvider() {
Primiano Tuccie76e81a2014-07-29 16:38:33 +0100[diff] [blame]562 // The WebViewUpdateService depends on the prepareWebViewInSystemServer call, which
563 // happens later (during the PHASE_ACTIVITY_MANAGER_READY) in SystemServer.java. If
564 // another service there tries to bring up a WebView in the between, the wait below
565 // would deadlock without the check below.
566 if (Binder.getCallingPid() == Process.myPid()) {
567 throw new IllegalStateException("Cannot create a WebView from the SystemServer");
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]568 }
569
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]570 PackageInfo webViewPackage = null;
Primiano Tuccie76e81a2014-07-29 16:38:33 +0100[diff] [blame]571 final long NS_PER_MS = 1000000;
572 final long timeoutTimeMs = System.nanoTime() / NS_PER_MS + WAIT_TIMEOUT_MS;
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]573 boolean webViewReady = false;
574 int webViewStatus = WebViewFactory.LIBLOAD_SUCCESS;
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]575 synchronized (WebViewUpdateService.this) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]576 webViewReady = WebViewUpdateService.this.webViewIsReadyLocked();
577 while (!webViewReady) {
Primiano Tuccie76e81a2014-07-29 16:38:33 +0100[diff] [blame]578 final long timeNowMs = System.nanoTime() / NS_PER_MS;
579 if (timeNowMs >= timeoutTimeMs) break;
580 try {
581 WebViewUpdateService.this.wait(timeoutTimeMs - timeNowMs);
582 } catch (InterruptedException e) {}
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]583 webViewReady = WebViewUpdateService.this.webViewIsReadyLocked();
584 }
585 // Make sure we return the provider that was used to create the relro file
586 webViewPackage = WebViewUpdateService.this.mCurrentWebViewPackage;
587 if (webViewReady) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]588 } else if (!mAnyWebViewInstalled) {
589 webViewStatus = WebViewFactory.LIBLOAD_FAILED_LISTING_WEBVIEW_PACKAGES;
590 } else {
591 // Either the current relro creation isn't done yet, or the new relro creatioin
592 // hasn't kicked off yet (the last relro creation used an out-of-date WebView).
593 webViewStatus = WebViewFactory.LIBLOAD_FAILED_WAITING_FOR_RELRO;
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]594 }
595 }
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]596 if (!webViewReady) Slog.w(TAG, "creating relro file timed out");
597 return new WebViewProviderResponse(webViewPackage, webViewStatus);
598 }
599
600 /**
601 * This is called from DeveloperSettings when the user changes WebView provider.
602 */
603 @Override // Binder call
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]604 public String changeProviderAndSetting(String newProvider) {
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]605 if (getContext().checkCallingPermission(
606 android.Manifest.permission.WRITE_SECURE_SETTINGS)
607 != PackageManager.PERMISSION_GRANTED) {
608 String msg = "Permission Denial: changeProviderAndSetting() from pid="
609 + Binder.getCallingPid()
610 + ", uid=" + Binder.getCallingUid()
611 + " requires " + android.Manifest.permission.WRITE_SECURE_SETTINGS;
612 Slog.w(TAG, msg);
613 throw new SecurityException(msg);
614 }
615
Gustav Senntonab3b6b12016-03-16 17:38:42 +0000[diff] [blame]616 long callingId = Binder.clearCallingIdentity();
617 try {
618 return WebViewUpdateService.this.changeProviderAndSetting(newProvider);
619 } finally {
620 Binder.restoreCallingIdentity(callingId);
621 }
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]622 }
623
624 @Override // Binder call
625 public WebViewProviderInfo[] getValidWebViewPackages() {
Gustav Senntondbf5eb02016-03-30 14:53:03 +0100[diff] [blame]626 return WebViewUpdateService.this.getValidWebViewPackages();
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]627 }
628
629 @Override // Binder call
Gustav Sennton8b179262016-03-14 11:31:14 +0000[diff] [blame]630 public WebViewProviderInfo[] getAllWebViewPackages() {
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]631 return WebViewUpdateService.this.mSystemInterface.getWebViewPackages();
Gustav Sennton8b179262016-03-14 11:31:14 +0000[diff] [blame]632 }
633
634 @Override // Binder call
Gustav Sennton6258dcd2015-10-30 19:25:37 +0000[diff] [blame]635 public String getCurrentWebViewPackageName() {
636 synchronized(WebViewUpdateService.this) {
637 if (WebViewUpdateService.this.mCurrentWebViewPackage == null)
638 return null;
639 return WebViewUpdateService.this.mCurrentWebViewPackage.packageName;
640 }
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]641 }
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]642
643 @Override // Binder call
644 public boolean isFallbackPackage(String packageName) {
Gustav Sennton8b179262016-03-14 11:31:14 +0000[diff] [blame]645 return WebViewUpdateService.this.isFallbackPackage(packageName);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]646 }
647
648 @Override // Binder call
649 public void enableFallbackLogic(boolean enable) {
650 if (getContext().checkCallingPermission(
651 android.Manifest.permission.WRITE_SECURE_SETTINGS)
652 != PackageManager.PERMISSION_GRANTED) {
653 String msg = "Permission Denial: enableFallbackLogic() from pid="
654 + Binder.getCallingPid()
655 + ", uid=" + Binder.getCallingUid()
656 + " requires " + android.Manifest.permission.WRITE_SECURE_SETTINGS;
657 Slog.w(TAG, msg);
658 throw new SecurityException(msg);
659 }
660
Gustav Sennton065b7e62016-04-01 15:11:43 +0100[diff] [blame]661 WebViewUpdateService.this.mSystemInterface.enableFallbackLogic(enable);
Gustav Senntonc83e3fa2016-02-18 12:19:13 +0000[diff] [blame]662 }
Torne (Richard Coles)4dbeb352014-07-29 19:14:24 +0100[diff] [blame]663 }
Torne (Richard Coles)08cfaf62014-05-08 16:07:05 +0100[diff] [blame]664}