Blame - services/core/java/com/android/server/pm/PackageVerificationState.java - platform/frameworks/base

blob: c50bf59f020665d6637d4e1d5dd0e31afc0a07ea [file] [log] [blame]

Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	1	/*
				2	* Copyright (C) 2011 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	package com.android.server.pm;
				18
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	19	import android.content.pm.PackageManager;
				20	import android.util.SparseBooleanArray;
				21
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	22	import com.android.server.pm.PackageManagerService.InstallParams;
				23
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	24	/**
				25	* Tracks the package verification state for a particular package. Each package
				26	* verification has a required verifier and zero or more sufficient verifiers.
				27	* Only one of the sufficient verifier list must return affirmative to allow the
				28	* package to be considered verified. If there are zero sufficient verifiers,
				29	* then package verification is considered complete.
				30	*/
				31	class PackageVerificationState {
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	32	private final InstallParams mParams;
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	33
				34	private final SparseBooleanArray mSufficientVerifierUids;
				35
				36	private final int mRequiredVerifierUid;
				37
				38	private boolean mSufficientVerificationComplete;
				39
				40	private boolean mSufficientVerificationPassed;
				41
				42	private boolean mRequiredVerificationComplete;
				43
				44	private boolean mRequiredVerificationPassed;
				45
rich cannings	d9ef3e5	2012-08-22 14:28:05 -0700	[diff] [blame]	46	private boolean mExtendedTimeout;
				47
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	48	/**
				49	* Create a new package verification state where {@code requiredVerifierUid}
				50	* is the user ID for the package that must reply affirmative before things
				51	* can continue.
				52	*
				53	* @param requiredVerifierUid user ID of required package verifier
				54	* @param args
				55	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	56	PackageVerificationState(int requiredVerifierUid, InstallParams params) {
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	57	mRequiredVerifierUid = requiredVerifierUid;
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	58	mParams = params;
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	59	mSufficientVerifierUids = new SparseBooleanArray();
rich cannings	d9ef3e5	2012-08-22 14:28:05 -0700	[diff] [blame]	60	mExtendedTimeout = false;
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	61	}
				62
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	63	InstallParams getInstallParams() {
				64	return mParams;
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	65	}
				66
				67	/**
				68	* Add a verifier which is added to our sufficient list.
				69	*
				70	* @param uid user ID of sufficient verifier
				71	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	72	void addSufficientVerifier(int uid) {
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	73	mSufficientVerifierUids.put(uid, true);
				74	}
				75
				76	/**
				77	* Should be called when a verification is received from an agent so the
				78	* state of the package verification can be tracked.
				79	*
				80	* @param uid user ID of the verifying agent
				81	* @return {@code true} if the verifying agent actually exists in our list
				82	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	83	boolean setVerifierResponse(int uid, int code) {
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	84	if (uid == mRequiredVerifierUid) {
				85	mRequiredVerificationComplete = true;
				86	switch (code) {
				87	case PackageManager.VERIFICATION_ALLOW_WITHOUT_SUFFICIENT:
				88	mSufficientVerifierUids.clear();
				89	// fall through
				90	case PackageManager.VERIFICATION_ALLOW:
				91	mRequiredVerificationPassed = true;
				92	break;
				93	default:
				94	mRequiredVerificationPassed = false;
				95	}
				96	return true;
				97	} else {
				98	if (mSufficientVerifierUids.get(uid)) {
				99	if (code == PackageManager.VERIFICATION_ALLOW) {
				100	mSufficientVerificationComplete = true;
				101	mSufficientVerificationPassed = true;
				102	}
				103
				104	mSufficientVerifierUids.delete(uid);
				105	if (mSufficientVerifierUids.size() == 0) {
				106	mSufficientVerificationComplete = true;
				107	}
				108
				109	return true;
				110	}
				111	}
				112
				113	return false;
				114	}
				115
				116	/**
				117	* Returns whether verification is considered complete. This means that the
				118	* required verifier and at least one of the sufficient verifiers has
				119	* returned a positive verification.
				120	*
				121	* @return {@code true} when verification is considered complete
				122	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	123	boolean isVerificationComplete() {
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	124	if (!mRequiredVerificationComplete) {
				125	return false;
				126	}
				127
				128	if (mSufficientVerifierUids.size() == 0) {
				129	return true;
				130	}
				131
				132	return mSufficientVerificationComplete;
				133	}
				134
				135	/**
				136	* Returns whether installation should be allowed. This should only be
				137	* called after {@link #isVerificationComplete()} returns {@code true}.
				138	*
				139	* @return {@code true} if installation should be allowed
				140	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	141	boolean isInstallAllowed() {
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	142	if (!mRequiredVerificationPassed) {
				143	return false;
				144	}
				145
				146	if (mSufficientVerificationComplete) {
				147	return mSufficientVerificationPassed;
				148	}
				149
				150	return true;
				151	}
rich cannings	d9ef3e5	2012-08-22 14:28:05 -0700	[diff] [blame]	152
				153	/**
				154	* Extend the timeout for this Package to be verified.
				155	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	156	void extendTimeout() {
rich cannings	d9ef3e5	2012-08-22 14:28:05 -0700	[diff] [blame]	157	if (!mExtendedTimeout) {
				158	mExtendedTimeout = true;
				159	}
				160	}
				161
				162	/**
				163	* Returns whether the timeout was extended for verification.
				164	*
				165	* @return {@code true} if a timeout was already extended.
				166	*/
Richard Uhler	b29f145	2018-09-12 16:38:15 +0100	[diff] [blame]	167	boolean timeoutExtended() {
rich cannings	d9ef3e5	2012-08-22 14:28:05 -0700	[diff] [blame]	168	return mExtendedTimeout;
				169	}
Kenny Root	05ca4c9	2011-09-15 10:36:25 -0700	[diff] [blame]	170	}