diff options
| author | 2020-10-06 15:24:53 +0000 | |
|---|---|---|
| committer | 2020-10-06 15:24:53 +0000 | |
| commit | 0572a76bc1b5554d97ff9871b72bc359fd48fec5 (patch) | |
| tree | d23eafb3833e38d345ebf092980ac16852e644e1 | |
| parent | 13f56b66b05c673e22853f09496e9380420bea99 (diff) | |
| parent | c40b4f285144d6fd4f49aa31a1a77b966eaa658a (diff) | |
Merge "Addressing API review comments."
| -rw-r--r-- | api/current.txt | 24 | ||||
| -rw-r--r-- | core/java/android/app/ApplicationPackageManager.java | 42 | ||||
| -rw-r--r-- | core/java/android/content/pm/ApkChecksum.java | 72 | ||||
| -rw-r--r-- | core/java/android/content/pm/Checksum.java | 106 | ||||
| -rw-r--r-- | core/java/android/content/pm/IPackageManager.aidl | 2 | ||||
| -rw-r--r-- | core/java/android/content/pm/PackageInstaller.java | 10 | ||||
| -rw-r--r-- | core/java/android/content/pm/PackageManager.java | 35 | ||||
| -rw-r--r-- | non-updatable-api/current.txt | 24 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/ApkChecksums.java | 151 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageInstallerSession.java | 2 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 6 |
11 files changed, 244 insertions, 230 deletions
diff --git a/api/current.txt b/api/current.txt index 94e90a75f644..153cf69e1546 100644 --- a/api/current.txt +++ b/api/current.txt @@ -11454,10 +11454,10 @@ package android.content.pm { public final class ApkChecksum implements android.os.Parcelable { method public int describeContents(); - method public int getKind(); - method @Nullable public java.security.cert.Certificate getSourceCertificate() throws java.security.cert.CertificateException; - method @Nullable public String getSourcePackageName(); + method @Nullable public java.security.cert.Certificate getInstallerCertificate() throws java.security.cert.CertificateException; + method @Nullable public String getInstallerPackageName(); method @Nullable public String getSplitName(); + method public int getType(); method @NonNull public byte[] getValue(); method public void writeToParcel(@NonNull android.os.Parcel, int); field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.ApkChecksum> CREATOR; @@ -11567,17 +11567,17 @@ package android.content.pm { public final class Checksum implements android.os.Parcelable { ctor public Checksum(int, @NonNull byte[]); method public int describeContents(); - method public int getKind(); + method public int getType(); method @NonNull public byte[] getValue(); method public void writeToParcel(@NonNull android.os.Parcel, int); field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.Checksum> CREATOR; - field public static final int PARTIAL_MERKLE_ROOT_1M_SHA256 = 32; // 0x20 - field public static final int PARTIAL_MERKLE_ROOT_1M_SHA512 = 64; // 0x40 - field @Deprecated public static final int WHOLE_MD5 = 2; // 0x2 - field public static final int WHOLE_MERKLE_ROOT_4K_SHA256 = 1; // 0x1 - field @Deprecated public static final int WHOLE_SHA1 = 4; // 0x4 - field public static final int WHOLE_SHA256 = 8; // 0x8 - field public static final int WHOLE_SHA512 = 16; // 0x10 + field public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256 = 32; // 0x20 + field public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512 = 64; // 0x40 + field @Deprecated public static final int TYPE_WHOLE_MD5 = 2; // 0x2 + field public static final int TYPE_WHOLE_MERKLE_ROOT_4K_SHA256 = 1; // 0x1 + field @Deprecated public static final int TYPE_WHOLE_SHA1 = 4; // 0x4 + field @Deprecated public static final int TYPE_WHOLE_SHA256 = 8; // 0x8 + field @Deprecated public static final int TYPE_WHOLE_SHA512 = 16; // 0x10 } public class ComponentInfo extends android.content.pm.PackageItemInfo { @@ -12027,7 +12027,6 @@ package android.content.pm { method @Nullable public abstract android.graphics.drawable.Drawable getApplicationLogo(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException; method @NonNull public CharSequence getBackgroundPermissionOptionLabel(); method @Nullable public abstract android.content.pm.ChangedPackages getChangedPackages(@IntRange(from=0) int); - method public void getChecksums(@NonNull String, boolean, int, @Nullable java.util.List<java.security.cert.Certificate>, @NonNull android.content.IntentSender) throws java.security.cert.CertificateEncodingException, java.io.IOException, android.content.pm.PackageManager.NameNotFoundException; method public abstract int getComponentEnabledSetting(@NonNull android.content.ComponentName); method @NonNull public abstract android.graphics.drawable.Drawable getDefaultActivityIcon(); method @Nullable public abstract android.graphics.drawable.Drawable getDrawable(@NonNull String, @DrawableRes int, @Nullable android.content.pm.ApplicationInfo); @@ -12100,6 +12099,7 @@ package android.content.pm { method @Deprecated public abstract void removePackageFromPreferred(@NonNull String); method public abstract void removePermission(@NonNull String); method @RequiresPermission(value="android.permission.WHITELIST_RESTRICTED_PERMISSIONS", conditional=true) public boolean removeWhitelistedRestrictedPermission(@NonNull String, @NonNull String, int); + method public void requestChecksums(@NonNull String, boolean, int, @NonNull java.util.List<java.security.cert.Certificate>, @NonNull android.content.IntentSender) throws java.security.cert.CertificateEncodingException, android.content.pm.PackageManager.NameNotFoundException; method @Nullable public abstract android.content.pm.ResolveInfo resolveActivity(@NonNull android.content.Intent, int); method @Nullable public abstract android.content.pm.ProviderInfo resolveContentProvider(@NonNull String, int); method @Nullable public abstract android.content.pm.ResolveInfo resolveService(@NonNull android.content.Intent, int); diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index 3d966c7fbc38..7b25e25f3ff4 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -16,13 +16,13 @@ package android.app; -import static android.content.pm.Checksum.PARTIAL_MERKLE_ROOT_1M_SHA256; -import static android.content.pm.Checksum.PARTIAL_MERKLE_ROOT_1M_SHA512; -import static android.content.pm.Checksum.WHOLE_MD5; -import static android.content.pm.Checksum.WHOLE_MERKLE_ROOT_4K_SHA256; -import static android.content.pm.Checksum.WHOLE_SHA1; -import static android.content.pm.Checksum.WHOLE_SHA256; -import static android.content.pm.Checksum.WHOLE_SHA512; +import static android.content.pm.Checksum.TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256; +import static android.content.pm.Checksum.TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512; +import static android.content.pm.Checksum.TYPE_WHOLE_MD5; +import static android.content.pm.Checksum.TYPE_WHOLE_MERKLE_ROOT_4K_SHA256; +import static android.content.pm.Checksum.TYPE_WHOLE_SHA1; +import static android.content.pm.Checksum.TYPE_WHOLE_SHA256; +import static android.content.pm.Checksum.TYPE_WHOLE_SHA512; import android.annotation.DrawableRes; import android.annotation.NonNull; @@ -117,7 +117,6 @@ import dalvik.system.VMRuntime; import libcore.util.EmptyArray; -import java.io.IOException; import java.lang.ref.WeakReference; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; @@ -150,10 +149,11 @@ public class ApplicationPackageManager extends PackageManager { private static final int sDefaultFlags = GET_SHARED_LIBRARY_FILES; /** Default set of checksums - includes all available checksums. - * @see PackageManager#getChecksums */ + * @see PackageManager#requestChecksums */ private static final int DEFAULT_CHECKSUMS = - WHOLE_MERKLE_ROOT_4K_SHA256 | WHOLE_MD5 | WHOLE_SHA1 | WHOLE_SHA256 | WHOLE_SHA512 - | PARTIAL_MERKLE_ROOT_1M_SHA256 | PARTIAL_MERKLE_ROOT_1M_SHA512; + TYPE_WHOLE_MERKLE_ROOT_4K_SHA256 | TYPE_WHOLE_MD5 | TYPE_WHOLE_SHA1 | TYPE_WHOLE_SHA256 + | TYPE_WHOLE_SHA512 | TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256 + | TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512; // Name of the resource which provides background permission button string public static final String APP_PERMISSION_BUTTON_ALLOW_ALWAYS = @@ -994,14 +994,24 @@ public class ApplicationPackageManager extends PackageManager { } @Override - public void getChecksums(@NonNull String packageName, boolean includeSplits, - @Checksum.Kind int required, @Nullable List<Certificate> trustedInstallers, + public void requestChecksums(@NonNull String packageName, boolean includeSplits, + @Checksum.Type int required, @NonNull List<Certificate> trustedInstallers, @NonNull IntentSender statusReceiver) - throws CertificateEncodingException, IOException, NameNotFoundException { + throws CertificateEncodingException, NameNotFoundException { Objects.requireNonNull(packageName); Objects.requireNonNull(statusReceiver); - try { - mPM.getChecksums(packageName, includeSplits, DEFAULT_CHECKSUMS, required, + Objects.requireNonNull(trustedInstallers); + try { + if (trustedInstallers == TRUST_ALL) { + trustedInstallers = null; + } else if (trustedInstallers == TRUST_NONE) { + trustedInstallers = Collections.emptyList(); + } else if (trustedInstallers.isEmpty()) { + throw new IllegalArgumentException( + "trustedInstallers has to be one of TRUST_ALL/TRUST_NONE or a non-empty " + + "list of certificates."); + } + mPM.requestChecksums(packageName, includeSplits, DEFAULT_CHECKSUMS, required, encodeCertificates(trustedInstallers), statusReceiver, getUserId()); } catch (ParcelableException e) { e.maybeRethrow(PackageManager.NameNotFoundException.class); diff --git a/core/java/android/content/pm/ApkChecksum.java b/core/java/android/content/pm/ApkChecksum.java index bf678419cbef..eca48eca9e4b 100644 --- a/core/java/android/content/pm/ApkChecksum.java +++ b/core/java/android/content/pm/ApkChecksum.java @@ -18,7 +18,6 @@ package android.content.pm; import android.annotation.NonNull; import android.annotation.Nullable; -import android.content.IntentSender; import android.os.Parcel; import android.os.Parcelable; @@ -31,12 +30,11 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.List; /** * A typed checksum of an APK. * - * @see PackageManager#getChecksums(String, boolean, int, List, IntentSender) + * @see PackageManager#requestChecksums */ @DataClass(genHiddenConstructor = true) @DataClass.Suppress({"getChecksum"}) @@ -52,20 +50,20 @@ public final class ApkChecksum implements Parcelable { /** * For Installer-provided checksums, package name of the Installer. */ - private final @Nullable String mSourcePackageName; + private final @Nullable String mInstallerPackageName; /** * For Installer-provided checksums, certificate of the Installer. */ - private final @Nullable byte[] mSourceCertificate; + private final @Nullable byte[] mInstallerCertificate; /** * Constructor, internal use only. * * @hide */ - public ApkChecksum(@Nullable String splitName, @Checksum.Kind int kind, + public ApkChecksum(@Nullable String splitName, @Checksum.Type int type, @NonNull byte[] value) { - this(splitName, new Checksum(kind, value), (String) null, (byte[]) null); + this(splitName, new Checksum(type, value), (String) null, (byte[]) null); } /** @@ -73,19 +71,19 @@ public final class ApkChecksum implements Parcelable { * * @hide */ - public ApkChecksum(@Nullable String splitName, @Checksum.Kind int kind, @NonNull byte[] value, + public ApkChecksum(@Nullable String splitName, @Checksum.Type int type, @NonNull byte[] value, @Nullable String sourcePackageName, @Nullable Certificate sourceCertificate) throws CertificateEncodingException { - this(splitName, new Checksum(kind, value), sourcePackageName, + this(splitName, new Checksum(type, value), sourcePackageName, (sourceCertificate != null) ? sourceCertificate.getEncoded() : null); } /** - * Checksum kind. + * Checksum type. */ - public @Checksum.Kind int getKind() { - return mChecksum.getKind(); + public @Checksum.Type int getType() { + return mChecksum.getType(); } /** @@ -96,24 +94,24 @@ public final class ApkChecksum implements Parcelable { } /** - * Returns raw bytes representing encoded certificate of the source of this checksum. + * Returns raw bytes representing encoded certificate of the Installer. * @hide */ - public @Nullable byte[] getSourceCertificateBytes() { - return mSourceCertificate; + public @Nullable byte[] getInstallerCertificateBytes() { + return mInstallerCertificate; } /** - * Certificate of the source of this checksum. + * For Installer-provided checksums, certificate of the Installer. * @throws CertificateException in case when certificate can't be re-created from serialized * data. */ - public @Nullable Certificate getSourceCertificate() throws CertificateException { - if (mSourceCertificate == null) { + public @Nullable Certificate getInstallerCertificate() throws CertificateException { + if (mInstallerCertificate == null) { return null; } final CertificateFactory cf = CertificateFactory.getInstance("X.509"); - final InputStream is = new ByteArrayInputStream(mSourceCertificate); + final InputStream is = new ByteArrayInputStream(mInstallerCertificate); final X509Certificate cert = (X509Certificate) cf.generateCertificate(is); return cert; } @@ -140,9 +138,9 @@ public final class ApkChecksum implements Parcelable { * Checksum for which split. Null indicates base.apk. * @param checksum * Checksum. - * @param sourcePackageName + * @param installerPackageName * For Installer-provided checksums, package name of the Installer. - * @param sourceCertificate + * @param installerCertificate * For Installer-provided checksums, certificate of the Installer. * @hide */ @@ -150,14 +148,14 @@ public final class ApkChecksum implements Parcelable { public ApkChecksum( @Nullable String splitName, @NonNull Checksum checksum, - @Nullable String sourcePackageName, - @Nullable byte[] sourceCertificate) { + @Nullable String installerPackageName, + @Nullable byte[] installerCertificate) { this.mSplitName = splitName; this.mChecksum = checksum; com.android.internal.util.AnnotationValidations.validate( NonNull.class, null, mChecksum); - this.mSourcePackageName = sourcePackageName; - this.mSourceCertificate = sourceCertificate; + this.mInstallerPackageName = installerPackageName; + this.mInstallerCertificate = installerCertificate; // onConstructed(); // You can define this method to get a callback } @@ -174,8 +172,8 @@ public final class ApkChecksum implements Parcelable { * For Installer-provided checksums, package name of the Installer. */ @DataClass.Generated.Member - public @Nullable String getSourcePackageName() { - return mSourcePackageName; + public @Nullable String getInstallerPackageName() { + return mInstallerPackageName; } @Override @@ -186,13 +184,13 @@ public final class ApkChecksum implements Parcelable { byte flg = 0; if (mSplitName != null) flg |= 0x1; - if (mSourcePackageName != null) flg |= 0x4; - if (mSourceCertificate != null) flg |= 0x8; + if (mInstallerPackageName != null) flg |= 0x4; + if (mInstallerCertificate != null) flg |= 0x8; dest.writeByte(flg); if (mSplitName != null) dest.writeString(mSplitName); dest.writeTypedObject(mChecksum, flags); - if (mSourcePackageName != null) dest.writeString(mSourcePackageName); - if (mSourceCertificate != null) dest.writeByteArray(mSourceCertificate); + if (mInstallerPackageName != null) dest.writeString(mInstallerPackageName); + if (mInstallerCertificate != null) dest.writeByteArray(mInstallerCertificate); } @Override @@ -209,15 +207,15 @@ public final class ApkChecksum implements Parcelable { byte flg = in.readByte(); String splitName = (flg & 0x1) == 0 ? null : in.readString(); Checksum checksum = (Checksum) in.readTypedObject(Checksum.CREATOR); - String sourcePackageName = (flg & 0x4) == 0 ? null : in.readString(); - byte[] sourceCertificate = (flg & 0x8) == 0 ? null : in.createByteArray(); + String installerPackageName = (flg & 0x4) == 0 ? null : in.readString(); + byte[] installerCertificate = (flg & 0x8) == 0 ? null : in.createByteArray(); this.mSplitName = splitName; this.mChecksum = checksum; com.android.internal.util.AnnotationValidations.validate( NonNull.class, null, mChecksum); - this.mSourcePackageName = sourcePackageName; - this.mSourceCertificate = sourceCertificate; + this.mInstallerPackageName = installerPackageName; + this.mInstallerCertificate = installerCertificate; // onConstructed(); // You can define this method to get a callback } @@ -237,10 +235,10 @@ public final class ApkChecksum implements Parcelable { }; @DataClass.Generated( - time = 1600407436287L, + time = 1601589269293L, codegenVersion = "1.0.15", sourceFile = "frameworks/base/core/java/android/content/pm/ApkChecksum.java", - inputSignatures = "private final @android.annotation.Nullable java.lang.String mSplitName\nprivate final @android.annotation.NonNull android.content.pm.Checksum mChecksum\nprivate final @android.annotation.Nullable java.lang.String mSourcePackageName\nprivate final @android.annotation.Nullable byte[] mSourceCertificate\npublic @android.content.pm.Checksum.Kind int getKind()\npublic @android.annotation.NonNull byte[] getValue()\npublic @android.annotation.Nullable byte[] getSourceCertificateBytes()\npublic @android.annotation.Nullable java.security.cert.Certificate getSourceCertificate()\nclass ApkChecksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genHiddenConstructor=true)") + inputSignatures = "private final @android.annotation.Nullable java.lang.String mSplitName\nprivate final @android.annotation.NonNull android.content.pm.Checksum mChecksum\nprivate final @android.annotation.Nullable java.lang.String mInstallerPackageName\nprivate final @android.annotation.Nullable byte[] mInstallerCertificate\npublic @android.content.pm.Checksum.Type int getType()\npublic @android.annotation.NonNull byte[] getValue()\npublic @android.annotation.Nullable byte[] getInstallerCertificateBytes()\npublic @android.annotation.Nullable java.security.cert.Certificate getInstallerCertificate()\nclass ApkChecksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genHiddenConstructor=true)") @Deprecated private void __metadata() {} diff --git a/core/java/android/content/pm/Checksum.java b/core/java/android/content/pm/Checksum.java index 10ca5cac5276..318d3635ede1 100644 --- a/core/java/android/content/pm/Checksum.java +++ b/core/java/android/content/pm/Checksum.java @@ -25,12 +25,12 @@ import com.android.internal.util.DataClass; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; -import java.util.List; /** * A typed checksum. * - * @see PackageInstaller.Session#addChecksums(String, List) + * @see ApkChecksum + * @see PackageManager#requestChecksums */ @DataClass(genConstDefs = false) public final class Checksum implements Parcelable { @@ -43,88 +43,89 @@ public final class Checksum implements Parcelable { * Can be used by kernel to enforce authenticity and integrity of the APK. * <a href="https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git/tree/Documentation/filesystems/fsverity.rst#">See fs-verity for details</a> * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums + * @see PackageManager#requestChecksums */ - public static final int WHOLE_MERKLE_ROOT_4K_SHA256 = 0x00000001; + public static final int TYPE_WHOLE_MERKLE_ROOT_4K_SHA256 = 0x00000001; /** * MD5 hash computed over all file bytes. * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums - * @deprecated Use SHA2 family of hashes (SHA256/SHA512) instead. - * MD5 is cryptographically broken and unsuitable for further use. + * @see PackageManager#requestChecksums + * @deprecated Not platform enforced. Cryptographically broken and unsuitable for further use. + * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. * Provided for completeness' sake and to support legacy usecases. */ @Deprecated - public static final int WHOLE_MD5 = 0x00000002; + public static final int TYPE_WHOLE_MD5 = 0x00000002; /** * SHA1 hash computed over all file bytes. * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums - * @deprecated Use SHA2 family of hashes (SHA256/SHA512) instead. - * SHA1 is broken and should not be used. + * @see PackageManager#requestChecksums + * @deprecated Not platform enforced. Broken and should not be used. + * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. * Provided for completeness' sake and to support legacy usecases. */ @Deprecated - public static final int WHOLE_SHA1 = 0x00000004; + public static final int TYPE_WHOLE_SHA1 = 0x00000004; /** * SHA256 hash computed over all file bytes. + * @deprecated Not platform enforced. + * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. + * Provided for completeness' sake and to support legacy usecases. * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums + * @see PackageManager#requestChecksums */ - public static final int WHOLE_SHA256 = 0x00000008; + @Deprecated + public static final int TYPE_WHOLE_SHA256 = 0x00000008; /** * SHA512 hash computed over all file bytes. + * @deprecated Not platform enforced. + * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. + * Provided for completeness' sake and to support legacy usecases. * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums + * @see PackageManager#requestChecksums */ - public static final int WHOLE_SHA512 = 0x00000010; + @Deprecated + public static final int TYPE_WHOLE_SHA512 = 0x00000010; /** * Root SHA256 hash of a 1M Merkle tree computed over protected content. * Excludes signing block. * <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>. * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums + * @see PackageManager#requestChecksums */ - public static final int PARTIAL_MERKLE_ROOT_1M_SHA256 = 0x00000020; + public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256 = 0x00000020; /** * Root SHA512 hash of a 1M Merkle tree computed over protected content. * Excludes signing block. * <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>. * - * @see PackageManager#getChecksums - * @see PackageInstaller.Session#addChecksums + * @see PackageManager#requestChecksums */ - public static final int PARTIAL_MERKLE_ROOT_1M_SHA512 = 0x00000040; + public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512 = 0x00000040; /** @hide */ - @IntDef(flag = true, prefix = {"WHOLE_", "PARTIAL_"}, value = { - WHOLE_MERKLE_ROOT_4K_SHA256, - WHOLE_MD5, - WHOLE_SHA1, - WHOLE_SHA256, - WHOLE_SHA512, - PARTIAL_MERKLE_ROOT_1M_SHA256, - PARTIAL_MERKLE_ROOT_1M_SHA512, + @IntDef(flag = true, prefix = {"TYPE_"}, value = { + TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, + TYPE_WHOLE_MD5, + TYPE_WHOLE_SHA1, + TYPE_WHOLE_SHA256, + TYPE_WHOLE_SHA512, + TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, + TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, }) @Retention(RetentionPolicy.SOURCE) - public @interface Kind {} + public @interface Type {} /** - * Checksum kind. + * Checksum type. */ - private final @Checksum.Kind int mKind; + private final @Checksum.Type int mType; /** * Checksum value. */ @@ -132,7 +133,6 @@ public final class Checksum implements Parcelable { - // Code below generated by codegen v1.0.15. // // DO NOT MODIFY! @@ -149,18 +149,18 @@ public final class Checksum implements Parcelable { /** * Creates a new Checksum. * - * @param kind - * Checksum kind. + * @param type + * Checksum type. * @param value * Checksum value. */ @DataClass.Generated.Member public Checksum( - @Checksum.Kind int kind, + @Checksum.Type int type, @NonNull byte[] value) { - this.mKind = kind; + this.mType = type; com.android.internal.util.AnnotationValidations.validate( - Checksum.Kind.class, null, mKind); + Checksum.Type.class, null, mType); this.mValue = value; com.android.internal.util.AnnotationValidations.validate( NonNull.class, null, mValue); @@ -169,11 +169,11 @@ public final class Checksum implements Parcelable { } /** - * Checksum kind. + * Checksum type. */ @DataClass.Generated.Member - public @Checksum.Kind int getKind() { - return mKind; + public @Checksum.Type int getType() { + return mType; } /** @@ -190,7 +190,7 @@ public final class Checksum implements Parcelable { // You can override field parcelling by defining methods like: // void parcelFieldName(Parcel dest, int flags) { ... } - dest.writeInt(mKind); + dest.writeInt(mType); dest.writeByteArray(mValue); } @@ -205,12 +205,12 @@ public final class Checksum implements Parcelable { // You can override field unparcelling by defining methods like: // static FieldType unparcelFieldName(Parcel in) { ... } - int kind = in.readInt(); + int type = in.readInt(); byte[] value = in.createByteArray(); - this.mKind = kind; + this.mType = type; com.android.internal.util.AnnotationValidations.validate( - Checksum.Kind.class, null, mKind); + Checksum.Type.class, null, mType); this.mValue = value; com.android.internal.util.AnnotationValidations.validate( NonNull.class, null, mValue); @@ -233,10 +233,10 @@ public final class Checksum implements Parcelable { }; @DataClass.Generated( - time = 1600717052366L, + time = 1601955017774L, codegenVersion = "1.0.15", sourceFile = "frameworks/base/core/java/android/content/pm/Checksum.java", - inputSignatures = "public static final int WHOLE_MERKLE_ROOT_4K_SHA256\npublic static final @java.lang.Deprecated int WHOLE_MD5\npublic static final @java.lang.Deprecated int WHOLE_SHA1\npublic static final int WHOLE_SHA256\npublic static final int WHOLE_SHA512\npublic static final int PARTIAL_MERKLE_ROOT_1M_SHA256\npublic static final int PARTIAL_MERKLE_ROOT_1M_SHA512\nprivate final @android.content.pm.Checksum.Kind int mKind\nprivate final @android.annotation.NonNull byte[] mValue\nclass Checksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genConstDefs=false)") + inputSignatures = "public static final int TYPE_WHOLE_MERKLE_ROOT_4K_SHA256\npublic static final @java.lang.Deprecated int TYPE_WHOLE_MD5\npublic static final @java.lang.Deprecated int TYPE_WHOLE_SHA1\npublic static final @java.lang.Deprecated int TYPE_WHOLE_SHA256\npublic static final @java.lang.Deprecated int TYPE_WHOLE_SHA512\npublic static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256\npublic static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512\nprivate final @android.content.pm.Checksum.Type int mType\nprivate final @android.annotation.NonNull byte[] mValue\nclass Checksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genConstDefs=false)") @Deprecated private void __metadata() {} diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl index ba894ae72017..79e3eead1234 100644 --- a/core/java/android/content/pm/IPackageManager.aidl +++ b/core/java/android/content/pm/IPackageManager.aidl @@ -749,7 +749,7 @@ interface IPackageManager { void notifyPackagesReplacedReceived(in String[] packages); - void getChecksums(in String packageName, boolean includeSplits, int optional, int required, in List trustedInstallers, in IntentSender statusReceiver, int userId); + void requestChecksums(in String packageName, boolean includeSplits, int optional, int required, in List trustedInstallers, in IntentSender statusReceiver, int userId); //------------------------------------------------------------------------ // diff --git a/core/java/android/content/pm/PackageInstaller.java b/core/java/android/content/pm/PackageInstaller.java index a9f143987cd4..f03425b9e117 100644 --- a/core/java/android/content/pm/PackageInstaller.java +++ b/core/java/android/content/pm/PackageInstaller.java @@ -1222,13 +1222,15 @@ public class PackageInstaller { * Adds installer-provided checksums for the APK file in session. * * @param name previously written as part of this session. + * {@link #openWrite} * @param checksums installer intends to make available via - * {@link PackageManager#getChecksums(String, boolean, int, List, - * IntentSender)}. + * {@link PackageManager#requestChecksums}. * @throws SecurityException if called after the session has been * committed or abandoned. - * @deprecated use platform-enforced checksums e.g. - * {@link Checksum#WHOLE_MERKLE_ROOT_4K_SHA256} + * @deprecated do not use installer-provided checksums, + * use platform-enforced checksums + * e.g. {@link Checksum#TYPE_WHOLE_MERKLE_ROOT_4K_SHA256} + * in {@link PackageManager#requestChecksums}. */ @Deprecated public void addChecksums(@NonNull String name, @NonNull List<Checksum> checksums) diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java index c293e4ad6821..1a992f519286 100644 --- a/core/java/android/content/pm/PackageManager.java +++ b/core/java/android/content/pm/PackageManager.java @@ -79,7 +79,6 @@ import com.android.internal.util.ArrayUtils; import dalvik.system.VMRuntime; import java.io.File; -import java.io.IOException; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.security.cert.Certificate; @@ -3309,7 +3308,7 @@ public abstract class PackageManager { /** * Extra field name for the ID of a package pending verification. Passed to * a package verifier and is used to call back to - * @see #getChecksums + * @see #requestChecksums */ public static final String EXTRA_CHECKSUMS = "android.content.pm.extra.CHECKSUMS"; @@ -7987,19 +7986,20 @@ public abstract class PackageManager { /** * Trust any Installer to provide checksums for the package. - * @see #getChecksums + * @see #requestChecksums */ - public static final @Nullable List<Certificate> TRUST_ALL = null; + public static final @Nullable List<Certificate> TRUST_ALL = Collections.singletonList(null); /** * Don't trust any Installer to provide checksums for the package. * This effectively disables optimized Installer-enforced checksums. - * @see #getChecksums + * @see #requestChecksums */ - public static final @NonNull List<Certificate> TRUST_NONE = Collections.emptyList(); + public static final @NonNull List<Certificate> TRUST_NONE = Collections.singletonList(null); /** - * Returns the checksums for APKs within a package. + * Requesting the checksums for APKs within a package. + * The checksums will be returned asynchronously via statusReceiver. * * By default returns all readily available checksums: * - enforced by platform, @@ -8011,21 +8011,24 @@ public abstract class PackageManager { * * @param packageName whose checksums to return. * @param includeSplits whether to include checksums for non-base splits. - * @param required explicitly request the checksum kinds. Will incur significant + * @param required explicitly request the checksum types. May incur significant * CPU/memory/disk usage. - * @param trustedInstallers for checksums enforced by Installer, which ones to be trusted. - * {@link #TRUST_ALL} will return checksums from any Installer, - * {@link #TRUST_NONE} disables optimized Installer-enforced checksums. + * @param trustedInstallers for checksums enforced by installer, which installers are to be + * trusted. + * {@link #TRUST_ALL} will return checksums from any installer, + * {@link #TRUST_NONE} disables optimized installer-enforced checksums, + * otherwise the list has to be non-empty list of certificates. * @param statusReceiver called once when the results are available as - * {@link #EXTRA_CHECKSUMS} of type ApkChecksum[]. + * {@link #EXTRA_CHECKSUMS} of type {@link ApkChecksum}[]. * @throws CertificateEncodingException if an encoding error occurs for trustedInstallers. + * @throws IllegalArgumentException if the list of trusted installer certificates is empty. * @throws NameNotFoundException if a package with the given name cannot be found on the system. */ - public void getChecksums(@NonNull String packageName, boolean includeSplits, - @Checksum.Kind int required, @Nullable List<Certificate> trustedInstallers, + public void requestChecksums(@NonNull String packageName, boolean includeSplits, + @Checksum.Type int required, @NonNull List<Certificate> trustedInstallers, @NonNull IntentSender statusReceiver) - throws CertificateEncodingException, IOException, NameNotFoundException { - throw new UnsupportedOperationException("getChecksums not implemented in subclass"); + throws CertificateEncodingException, NameNotFoundException { + throw new UnsupportedOperationException("requestChecksums not implemented in subclass"); } /** diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt index 983f20aad2e3..2bdf1a58e751 100644 --- a/non-updatable-api/current.txt +++ b/non-updatable-api/current.txt @@ -11454,10 +11454,10 @@ package android.content.pm { public final class ApkChecksum implements android.os.Parcelable { method public int describeContents(); - method public int getKind(); - method @Nullable public java.security.cert.Certificate getSourceCertificate() throws java.security.cert.CertificateException; - method @Nullable public String getSourcePackageName(); + method @Nullable public java.security.cert.Certificate getInstallerCertificate() throws java.security.cert.CertificateException; + method @Nullable public String getInstallerPackageName(); method @Nullable public String getSplitName(); + method public int getType(); method @NonNull public byte[] getValue(); method public void writeToParcel(@NonNull android.os.Parcel, int); field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.ApkChecksum> CREATOR; @@ -11567,17 +11567,17 @@ package android.content.pm { public final class Checksum implements android.os.Parcelable { ctor public Checksum(int, @NonNull byte[]); method public int describeContents(); - method public int getKind(); + method public int getType(); method @NonNull public byte[] getValue(); method public void writeToParcel(@NonNull android.os.Parcel, int); field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.Checksum> CREATOR; - field public static final int PARTIAL_MERKLE_ROOT_1M_SHA256 = 32; // 0x20 - field public static final int PARTIAL_MERKLE_ROOT_1M_SHA512 = 64; // 0x40 - field @Deprecated public static final int WHOLE_MD5 = 2; // 0x2 - field public static final int WHOLE_MERKLE_ROOT_4K_SHA256 = 1; // 0x1 - field @Deprecated public static final int WHOLE_SHA1 = 4; // 0x4 - field public static final int WHOLE_SHA256 = 8; // 0x8 - field public static final int WHOLE_SHA512 = 16; // 0x10 + field public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256 = 32; // 0x20 + field public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512 = 64; // 0x40 + field @Deprecated public static final int TYPE_WHOLE_MD5 = 2; // 0x2 + field public static final int TYPE_WHOLE_MERKLE_ROOT_4K_SHA256 = 1; // 0x1 + field @Deprecated public static final int TYPE_WHOLE_SHA1 = 4; // 0x4 + field @Deprecated public static final int TYPE_WHOLE_SHA256 = 8; // 0x8 + field @Deprecated public static final int TYPE_WHOLE_SHA512 = 16; // 0x10 } public class ComponentInfo extends android.content.pm.PackageItemInfo { @@ -12027,7 +12027,6 @@ package android.content.pm { method @Nullable public abstract android.graphics.drawable.Drawable getApplicationLogo(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException; method @NonNull public CharSequence getBackgroundPermissionOptionLabel(); method @Nullable public abstract android.content.pm.ChangedPackages getChangedPackages(@IntRange(from=0) int); - method public void getChecksums(@NonNull String, boolean, int, @Nullable java.util.List<java.security.cert.Certificate>, @NonNull android.content.IntentSender) throws java.security.cert.CertificateEncodingException, java.io.IOException, android.content.pm.PackageManager.NameNotFoundException; method public abstract int getComponentEnabledSetting(@NonNull android.content.ComponentName); method @NonNull public abstract android.graphics.drawable.Drawable getDefaultActivityIcon(); method @Nullable public abstract android.graphics.drawable.Drawable getDrawable(@NonNull String, @DrawableRes int, @Nullable android.content.pm.ApplicationInfo); @@ -12100,6 +12099,7 @@ package android.content.pm { method @Deprecated public abstract void removePackageFromPreferred(@NonNull String); method public abstract void removePermission(@NonNull String); method @RequiresPermission(value="android.permission.WHITELIST_RESTRICTED_PERMISSIONS", conditional=true) public boolean removeWhitelistedRestrictedPermission(@NonNull String, @NonNull String, int); + method public void requestChecksums(@NonNull String, boolean, int, @NonNull java.util.List<java.security.cert.Certificate>, @NonNull android.content.IntentSender) throws java.security.cert.CertificateEncodingException, android.content.pm.PackageManager.NameNotFoundException; method @Nullable public abstract android.content.pm.ResolveInfo resolveActivity(@NonNull android.content.Intent, int); method @Nullable public abstract android.content.pm.ProviderInfo resolveContentProvider(@NonNull String, int); method @Nullable public abstract android.content.pm.ResolveInfo resolveService(@NonNull android.content.Intent, int); diff --git a/services/core/java/com/android/server/pm/ApkChecksums.java b/services/core/java/com/android/server/pm/ApkChecksums.java index 8640dbcab33c..7e8ff9499ff8 100644 --- a/services/core/java/com/android/server/pm/ApkChecksums.java +++ b/services/core/java/com/android/server/pm/ApkChecksums.java @@ -16,13 +16,13 @@ package com.android.server.pm; -import static android.content.pm.Checksum.PARTIAL_MERKLE_ROOT_1M_SHA256; -import static android.content.pm.Checksum.PARTIAL_MERKLE_ROOT_1M_SHA512; -import static android.content.pm.Checksum.WHOLE_MD5; -import static android.content.pm.Checksum.WHOLE_MERKLE_ROOT_4K_SHA256; -import static android.content.pm.Checksum.WHOLE_SHA1; -import static android.content.pm.Checksum.WHOLE_SHA256; -import static android.content.pm.Checksum.WHOLE_SHA512; +import static android.content.pm.Checksum.TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256; +import static android.content.pm.Checksum.TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512; +import static android.content.pm.Checksum.TYPE_WHOLE_MD5; +import static android.content.pm.Checksum.TYPE_WHOLE_MERKLE_ROOT_4K_SHA256; +import static android.content.pm.Checksum.TYPE_WHOLE_SHA1; +import static android.content.pm.Checksum.TYPE_WHOLE_SHA256; +import static android.content.pm.Checksum.TYPE_WHOLE_SHA512; import static android.content.pm.PackageManager.EXTRA_CHECKSUMS; import static android.content.pm.PackageParser.APK_FILE_EXTENSION; import static android.util.apk.ApkSigningBlockUtils.CONTENT_DIGEST_CHUNKED_SHA256; @@ -182,13 +182,13 @@ public class ApkChecksums { dos.writeUTF(splitName); } - dos.writeInt(checksum.getKind()); + dos.writeInt(checksum.getType()); final byte[] valueBytes = checksum.getValue(); dos.writeInt(valueBytes.length); dos.write(valueBytes); - final String packageName = checksum.getSourcePackageName(); + final String packageName = checksum.getInstallerPackageName(); if (packageName == null) { dos.writeInt(-1); } else { @@ -196,7 +196,7 @@ public class ApkChecksums { dos.writeUTF(packageName); } - final Certificate cert = checksum.getSourceCertificate(); + final Certificate cert = checksum.getInstallerCertificate(); final byte[] certBytes = (cert == null) ? null : cert.getEncoded(); if (certBytes == null) { dos.writeInt(-1); @@ -225,7 +225,7 @@ public class ApkChecksums { splitName = dis.readUTF(); } - final int kind = dis.readInt(); + final int type = dis.readInt(); final byte[] valueBytes = new byte[dis.readInt()]; dis.read(valueBytes); @@ -245,7 +245,7 @@ public class ApkChecksums { certBytes = new byte[certBytesLength]; dis.read(certBytes); } - checksums[i] = new ApkChecksum(splitName, new Checksum(kind, valueBytes), + checksums[i] = new ApkChecksum(splitName, new Checksum(type, valueBytes), packageName, certBytes); } return checksums; @@ -265,8 +265,8 @@ public class ApkChecksums { * @param statusReceiver to receive the resulting checksums */ public static void getChecksums(List<Pair<String, File>> filesToChecksum, - @Checksum.Kind int optional, - @Checksum.Kind int required, + @Checksum.Type int optional, + @Checksum.Type int required, @Nullable Certificate[] trustedInstallers, @NonNull IntentSender statusReceiver, @NonNull Injector injector) { @@ -292,7 +292,7 @@ public class ApkChecksums { private static void processRequiredChecksums(List<Pair<String, File>> filesToChecksum, List<Map<Integer, ApkChecksum>> result, - @Checksum.Kind int required, + @Checksum.Type int required, @NonNull IntentSender statusReceiver, @NonNull Injector injector, long startTime) { @@ -339,32 +339,32 @@ public class ApkChecksums { * * @param split split name, null for base * @param file to fetch checksums for - * @param kinds mask to fetch checksums + * @param types mask to fetch checksums * @param trustedInstallers array of certificate to trust, two specific cases: * null - trust anybody, * [] - trust nobody. * @param checksums resulting checksums */ private static void getAvailableApkChecksums(String split, File file, - @Checksum.Kind int kinds, + @Checksum.Type int types, @Nullable Certificate[] trustedInstallers, Map<Integer, ApkChecksum> checksums) { final String filePath = file.getAbsolutePath(); // Always available: FSI or IncFs. - if (isRequired(WHOLE_MERKLE_ROOT_4K_SHA256, kinds, checksums)) { + if (isRequired(TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, types, checksums)) { // Hashes in fs-verity and IncFS are always verified. ApkChecksum checksum = extractHashFromFS(split, filePath); if (checksum != null) { - checksums.put(checksum.getKind(), checksum); + checksums.put(checksum.getType(), checksum); } } // System enforced: v2/v3. - if (isRequired(PARTIAL_MERKLE_ROOT_1M_SHA256, kinds, checksums) || isRequired( - PARTIAL_MERKLE_ROOT_1M_SHA512, kinds, checksums)) { + if (isRequired(TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, types, checksums) || isRequired( + TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, types, checksums)) { Map<Integer, ApkChecksum> v2v3checksums = extractHashFromV2V3Signature( - split, filePath, kinds); + split, filePath, types); if (v2v3checksums != null) { checksums.putAll(v2v3checksums); } @@ -377,9 +377,9 @@ public class ApkChecksums { final ApkChecksum[] digests = readChecksums(digestsFile); final Set<Signature> trusted = convertToSet(trustedInstallers); for (ApkChecksum digest : digests) { - if (isRequired(digest.getKind(), kinds, checksums) && isTrusted(digest, + if (isRequired(digest.getType(), types, checksums) && isTrusted(digest, trusted)) { - checksums.put(digest.getKind(), digest); + checksums.put(digest.getType(), digest); } } } catch (IOException e) { @@ -395,16 +395,16 @@ public class ApkChecksums { * Whether the file is available for checksumming or we need to wait. */ private static boolean needToWait(File file, - @Checksum.Kind int kinds, + @Checksum.Type int types, Map<Integer, ApkChecksum> checksums, @NonNull Injector injector) throws IOException { - if (!isRequired(WHOLE_MERKLE_ROOT_4K_SHA256, kinds, checksums) - && !isRequired(WHOLE_MD5, kinds, checksums) - && !isRequired(WHOLE_SHA1, kinds, checksums) - && !isRequired(WHOLE_SHA256, kinds, checksums) - && !isRequired(WHOLE_SHA512, kinds, checksums) - && !isRequired(PARTIAL_MERKLE_ROOT_1M_SHA256, kinds, checksums) - && !isRequired(PARTIAL_MERKLE_ROOT_1M_SHA512, kinds, checksums)) { + if (!isRequired(TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, types, checksums) + && !isRequired(TYPE_WHOLE_MD5, types, checksums) + && !isRequired(TYPE_WHOLE_SHA1, types, checksums) + && !isRequired(TYPE_WHOLE_SHA256, types, checksums) + && !isRequired(TYPE_WHOLE_SHA512, types, checksums) + && !isRequired(TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, types, checksums) + && !isRequired(TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, types, checksums)) { return false; } @@ -432,16 +432,16 @@ public class ApkChecksums { * * @param split split name, null for base * @param file to fetch checksums for - * @param kinds mask to forcefully calculate if not available + * @param types mask to forcefully calculate if not available * @param checksums resulting checksums */ private static void getRequiredApkChecksums(String split, File file, - @Checksum.Kind int kinds, + @Checksum.Type int types, Map<Integer, ApkChecksum> checksums) { final String filePath = file.getAbsolutePath(); // Manually calculating required checksums if not readily available. - if (isRequired(WHOLE_MERKLE_ROOT_4K_SHA256, kinds, checksums)) { + if (isRequired(TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, types, checksums)) { try { byte[] generatedRootHash = VerityBuilder.generateFsVerityRootHash( filePath, /*salt=*/null, @@ -451,27 +451,28 @@ public class ApkChecksums { return ByteBuffer.allocate(capacity); } }); - checksums.put(WHOLE_MERKLE_ROOT_4K_SHA256, - new ApkChecksum(split, WHOLE_MERKLE_ROOT_4K_SHA256, generatedRootHash)); + checksums.put(TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, + new ApkChecksum(split, TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, + generatedRootHash)); } catch (IOException | NoSuchAlgorithmException | DigestException e) { Slog.e(TAG, "Error calculating WHOLE_MERKLE_ROOT_4K_SHA256", e); } } - calculateChecksumIfRequested(checksums, split, file, kinds, WHOLE_MD5); - calculateChecksumIfRequested(checksums, split, file, kinds, WHOLE_SHA1); - calculateChecksumIfRequested(checksums, split, file, kinds, WHOLE_SHA256); - calculateChecksumIfRequested(checksums, split, file, kinds, WHOLE_SHA512); + calculateChecksumIfRequested(checksums, split, file, types, TYPE_WHOLE_MD5); + calculateChecksumIfRequested(checksums, split, file, types, TYPE_WHOLE_SHA1); + calculateChecksumIfRequested(checksums, split, file, types, TYPE_WHOLE_SHA256); + calculateChecksumIfRequested(checksums, split, file, types, TYPE_WHOLE_SHA512); - calculatePartialChecksumsIfRequested(checksums, split, file, kinds); + calculatePartialChecksumsIfRequested(checksums, split, file, types); } - private static boolean isRequired(@Checksum.Kind int kind, - @Checksum.Kind int kinds, Map<Integer, ApkChecksum> checksums) { - if ((kinds & kind) == 0) { + private static boolean isRequired(@Checksum.Type int type, + @Checksum.Type int types, Map<Integer, ApkChecksum> checksums) { + if ((types & type) == 0) { return false; } - if (checksums.containsKey(kind)) { + if (checksums.containsKey(type)) { return false; } return true; @@ -497,7 +498,7 @@ public class ApkChecksums { if (trusted == null) { return true; } - final Signature signature = new Signature(checksum.getSourceCertificateBytes()); + final Signature signature = new Signature(checksum.getInstallerCertificateBytes()); return trusted.contains(signature); } @@ -506,7 +507,7 @@ public class ApkChecksums { { byte[] hash = VerityUtils.getFsverityRootHash(filePath); if (hash != null) { - return new ApkChecksum(split, WHOLE_MERKLE_ROOT_4K_SHA256, hash); + return new ApkChecksum(split, TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, hash); } } // v4 next @@ -516,7 +517,7 @@ public class ApkChecksums { byte[] hash = signer.contentDigests.getOrDefault(CONTENT_DIGEST_VERITY_CHUNKED_SHA256, null); if (hash != null) { - return new ApkChecksum(split, WHOLE_MERKLE_ROOT_4K_SHA256, hash); + return new ApkChecksum(split, TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, hash); } } catch (SignatureNotFoundException e) { // Nothing @@ -527,7 +528,7 @@ public class ApkChecksums { } private static Map<Integer, ApkChecksum> extractHashFromV2V3Signature( - String split, String filePath, int kinds) { + String split, String filePath, int types) { Map<Integer, byte[]> contentDigests = null; try { contentDigests = ApkSignatureVerifier.verifySignaturesInternal(filePath, @@ -544,56 +545,56 @@ public class ApkChecksums { } Map<Integer, ApkChecksum> checksums = new ArrayMap<>(); - if ((kinds & PARTIAL_MERKLE_ROOT_1M_SHA256) != 0) { + if ((types & TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256) != 0) { byte[] hash = contentDigests.getOrDefault(CONTENT_DIGEST_CHUNKED_SHA256, null); if (hash != null) { - checksums.put(PARTIAL_MERKLE_ROOT_1M_SHA256, - new ApkChecksum(split, PARTIAL_MERKLE_ROOT_1M_SHA256, hash)); + checksums.put(TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, + new ApkChecksum(split, TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, hash)); } } - if ((kinds & PARTIAL_MERKLE_ROOT_1M_SHA512) != 0) { + if ((types & TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512) != 0) { byte[] hash = contentDigests.getOrDefault(CONTENT_DIGEST_CHUNKED_SHA512, null); if (hash != null) { - checksums.put(PARTIAL_MERKLE_ROOT_1M_SHA512, - new ApkChecksum(split, PARTIAL_MERKLE_ROOT_1M_SHA512, hash)); + checksums.put(TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, + new ApkChecksum(split, TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, hash)); } } return checksums; } - private static String getMessageDigestAlgoForChecksumKind(int kind) + private static String getMessageDigestAlgoForChecksumKind(int type) throws NoSuchAlgorithmException { - switch (kind) { - case WHOLE_MD5: + switch (type) { + case TYPE_WHOLE_MD5: return ALGO_MD5; - case WHOLE_SHA1: + case TYPE_WHOLE_SHA1: return ALGO_SHA1; - case WHOLE_SHA256: + case TYPE_WHOLE_SHA256: return ALGO_SHA256; - case WHOLE_SHA512: + case TYPE_WHOLE_SHA512: return ALGO_SHA512; default: - throw new NoSuchAlgorithmException("Invalid checksum kind: " + kind); + throw new NoSuchAlgorithmException("Invalid checksum type: " + type); } } private static void calculateChecksumIfRequested(Map<Integer, ApkChecksum> checksums, - String split, File file, int required, int kind) { - if ((required & kind) != 0 && !checksums.containsKey(kind)) { - final byte[] checksum = getApkChecksum(file, kind); + String split, File file, int required, int type) { + if ((required & type) != 0 && !checksums.containsKey(type)) { + final byte[] checksum = getApkChecksum(file, type); if (checksum != null) { - checksums.put(kind, new ApkChecksum(split, kind, checksum)); + checksums.put(type, new ApkChecksum(split, type, checksum)); } } } - private static byte[] getApkChecksum(File file, int kind) { + private static byte[] getApkChecksum(File file, int type) { try (FileInputStream fis = new FileInputStream(file); BufferedInputStream bis = new BufferedInputStream(fis)) { byte[] dataBytes = new byte[512 * 1024]; int nread = 0; - final String algo = getMessageDigestAlgoForChecksumKind(kind); + final String algo = getMessageDigestAlgoForChecksumKind(type); MessageDigest md = MessageDigest.getInstance(algo); while ((nread = bis.read(dataBytes)) != -1) { md.update(dataBytes, 0, nread); @@ -624,9 +625,9 @@ public class ApkChecksums { private static int getChecksumKindForContentDigestAlgo(int contentDigestAlgo) { switch (contentDigestAlgo) { case CONTENT_DIGEST_CHUNKED_SHA256: - return PARTIAL_MERKLE_ROOT_1M_SHA256; + return TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256; case CONTENT_DIGEST_CHUNKED_SHA512: - return PARTIAL_MERKLE_ROOT_1M_SHA512; + return TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512; default: return -1; } @@ -635,11 +636,11 @@ public class ApkChecksums { private static void calculatePartialChecksumsIfRequested(Map<Integer, ApkChecksum> checksums, String split, File file, int required) { boolean needSignatureSha256 = - (required & PARTIAL_MERKLE_ROOT_1M_SHA256) != 0 && !checksums.containsKey( - PARTIAL_MERKLE_ROOT_1M_SHA256); + (required & TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256) != 0 && !checksums.containsKey( + TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256); boolean needSignatureSha512 = - (required & PARTIAL_MERKLE_ROOT_1M_SHA512) != 0 && !checksums.containsKey( - PARTIAL_MERKLE_ROOT_1M_SHA512); + (required & TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512) != 0 && !checksums.containsKey( + TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512); if (!needSignatureSha256 && !needSignatureSha512) { return; } diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java index 7efe0810946a..37fa9a2e19db 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerSession.java +++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java @@ -4120,7 +4120,7 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { CertifiedChecksum checksum = checksums.get(j); out.startTag(null, TAG_SESSION_CHECKSUM); writeStringAttribute(out, ATTR_NAME, fileName); - writeIntAttribute(out, ATTR_CHECKSUM_KIND, checksum.getChecksum().getKind()); + writeIntAttribute(out, ATTR_CHECKSUM_KIND, checksum.getChecksum().getType()); writeByteArrayAttribute(out, ATTR_CHECKSUM_VALUE, checksum.getChecksum().getValue()); writeStringAttribute(out, ATTR_CHECKSUM_PACKAGE, checksum.getPackageName()); diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 8f1576516e07..0f9a5cc331a0 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -2468,9 +2468,9 @@ public class PackageManagerService extends IPackageManager.Stub } @Override - public void getChecksums(@NonNull String packageName, boolean includeSplits, - @Checksum.Kind int optional, - @Checksum.Kind int required, @Nullable List trustedInstallers, + public void requestChecksums(@NonNull String packageName, boolean includeSplits, + @Checksum.Type int optional, + @Checksum.Type int required, @Nullable List trustedInstallers, @NonNull IntentSender statusReceiver, int userId) { Objects.requireNonNull(packageName); Objects.requireNonNull(statusReceiver); |