diff options
| author | 2019-01-10 18:31:04 +0000 | |
|---|---|---|
| committer | 2019-01-10 18:31:04 +0000 | |
| commit | 56464cf533e8dfbb7bef8ee30bf5115b8201bcd8 (patch) | |
| tree | 94bc0743dd0632f2f82f15136b7f510806bb9404 | |
| parent | 736cbcd83db5adbe84ef498759689e9c85a3f6e2 (diff) | |
| parent | 276cd0757ba8a67f58a88509d0c54a9ec8095171 (diff) | |
Merge "Verify apex files on staged sessions."
| -rw-r--r-- | services/core/java/com/android/server/pm/StagingManager.java | 64 |
1 files changed, 46 insertions, 18 deletions
diff --git a/services/core/java/com/android/server/pm/StagingManager.java b/services/core/java/com/android/server/pm/StagingManager.java index 23293567be46..48ee9dcae0b6 100644 --- a/services/core/java/com/android/server/pm/StagingManager.java +++ b/services/core/java/com/android/server/pm/StagingManager.java @@ -18,6 +18,7 @@ package com.android.server.pm; import android.annotation.NonNull; import android.apex.ApexInfo; +import android.apex.ApexInfoList; import android.apex.IApexService; import android.content.pm.PackageInstaller; import android.content.pm.PackageInstaller.SessionInfo; @@ -127,28 +128,55 @@ public class StagingManager { return false; } - void commitSession(@NonNull PackageInstallerSession sessionInfo) { - updateStoredSession(sessionInfo); + private static boolean submitSessionToApexService(int sessionId, ApexInfoList apexInfoList) { + final IApexService apex = IApexService.Stub.asInterface( + ServiceManager.getService("apexservice")); + boolean success; + try { + success = apex.submitStagedSession(sessionId, apexInfoList); + } catch (RemoteException re) { + Slog.e(TAG, "Unable to contact apexservice", re); + return false; + } + return success; + } - mBgHandler.post(() -> { - sessionInfo.setStagedSessionReady(); - - SessionInfo session = sessionInfo.generateInfo(false); - // For APEXes, we validate the signature here before we write the package to the - // staging directory. For APKs, the signature verification will be done by the package - // manager at the point at which it applies the staged install. - // - // TODO: Decide whether we want to fail fast by detecting signature mismatches right - // away. - if ((sessionInfo.params.installFlags & PackageManager.INSTALL_APEX) != 0) { - if (!validateApexSignatureLocked(session.resolvedBaseCodePath, - session.appPackageName)) { - sessionInfo.setStagedSessionFailed(SessionInfo.VERIFICATION_FAILED); + void preRebootVerification(@NonNull PackageInstallerSession session) { + boolean success = true; + if ((session.params.installFlags & PackageManager.INSTALL_APEX) != 0) { + + final ApexInfoList apexInfoList = new ApexInfoList(); + + if (!submitSessionToApexService(session.sessionId, apexInfoList)) { + success = false; + } else { + // For APEXes, we validate the signature here before we mark the session as ready, + // so we fail the session early if there is a signature mismatch. For APKs, the + // signature verification will be done by the package manager at the point at which + // it applies the staged install. + // + // TODO: Decide whether we want to fail fast by detecting signature mismatches right + // away. + for (ApexInfo apexPackage : apexInfoList.apexInfos) { + if (!validateApexSignatureLocked(apexPackage.packagePath, + apexPackage.packageName)) { + success = false; + break; + } } } + } + if (success) { + session.setStagedSessionReady(); + } else { + session.setStagedSessionFailed(SessionInfo.VERIFICATION_FAILED); + } + mPm.sendSessionUpdatedBroadcast(session.generateInfo(false), session.userId); + } - mPm.sendSessionUpdatedBroadcast(sessionInfo.generateInfo(false), sessionInfo.userId); - }); + void commitSession(@NonNull PackageInstallerSession session) { + updateStoredSession(session); + mBgHandler.post(() -> preRebootVerification(session)); } void createSession(@NonNull PackageInstallerSession sessionInfo) { |