diff options
18 files changed, 56 insertions, 617 deletions
diff --git a/AconfigFlags.bp b/AconfigFlags.bp index 960bb5c3f276..777228292eb5 100644 --- a/AconfigFlags.bp +++ b/AconfigFlags.bp @@ -89,6 +89,7 @@ aconfig_declarations_group { "com.android.media.flags.editing-aconfig-java", "com.android.media.flags.performance-aconfig-java", "com.android.media.flags.projection-aconfig-java", + "com.android.net.http.flags-aconfig-exported-java", "com.android.net.thread.platform.flags-aconfig-java", "com.android.ranging.flags.ranging-aconfig-java-export", "com.android.server.contextualsearch.flags-java", @@ -376,6 +377,8 @@ java_aconfig_library { min_sdk_version: "30", apex_available: [ "//apex_available:platform", + "com.android.art", + "com.android.art.debug", "com.android.btservices", "com.android.mediaprovider", "com.android.permission", diff --git a/core/java/android/service/notification/NotificationListenerService.java b/core/java/android/service/notification/NotificationListenerService.java index bd9ab86fa8d1..6473cd815824 100644 --- a/core/java/android/service/notification/NotificationListenerService.java +++ b/core/java/android/service/notification/NotificationListenerService.java @@ -2310,7 +2310,6 @@ public abstract class NotificationListenerService extends Service { // -- parcelable interface -- private RankingMap(Parcel in) { - final ClassLoader cl = getClass().getClassLoader(); final int count = in.readInt(); mOrderedKeys.ensureCapacity(count); mRankings.ensureCapacity(count); diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java index e402ddfc637a..e60879e02b4b 100644 --- a/core/java/com/android/internal/os/ZygoteInit.java +++ b/core/java/com/android/internal/os/ZygoteInit.java @@ -19,6 +19,8 @@ package com.android.internal.os; import static android.system.OsConstants.S_IRWXG; import static android.system.OsConstants.S_IRWXO; +import static android.net.http.Flags.preloadHttpengineInZygote; + import static com.android.internal.util.FrameworkStatsLog.BOOT_TIME_EVENT_ELAPSED_TIME__EVENT__SECONDARY_ZYGOTE_INIT_START; import static com.android.internal.util.FrameworkStatsLog.BOOT_TIME_EVENT_ELAPSED_TIME__EVENT__ZYGOTE_INIT_START; @@ -27,6 +29,7 @@ import android.compat.annotation.UnsupportedAppUsage; import android.content.pm.SharedLibraryInfo; import android.content.res.Resources; import android.os.Build; +import android.net.http.HttpEngine; import android.os.Environment; import android.os.IInstalld; import android.os.Process; @@ -144,6 +147,23 @@ public class ZygoteInit { Trace.traceEnd(Trace.TRACE_TAG_DALVIK); preloadSharedLibraries(); preloadTextResources(); + + // TODO: remove the try/catch and the flag read as soon as the flag is ramped and 25Q2 + // starts building from source. + if (preloadHttpengineInZygote()) { + try { + HttpEngine.preload(); + } catch (NoSuchMethodError e){ + // The flag protecting this API is not an exported + // flag because ZygoteInit happens before the + // system service has initialized the flag which means + // that we can't query the real value of the flag + // from the tethering module. In order to avoid crashing + // in the case where we have (new zygote, old tethering). + // we catch the NoSuchMethodError and just log. + Log.d(TAG, "HttpEngine.preload() threw " + e); + } + } // Ask the WebViewFactory to do any initialization that must run in the zygote process, // for memory sharing purposes. WebViewFactory.prepareWebViewInZygote(); diff --git a/core/tests/coretests/src/android/os/BinderProxyTest.java b/core/tests/coretests/src/android/os/BinderProxyTest.java index a903ed91cb3d..335791c031b4 100644 --- a/core/tests/coretests/src/android/os/BinderProxyTest.java +++ b/core/tests/coretests/src/android/os/BinderProxyTest.java @@ -22,6 +22,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import android.annotation.Nullable; +import android.app.ActivityManager; import android.content.ComponentName; import android.content.Context; import android.content.Intent; @@ -42,7 +43,7 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; @RunWith(AndroidJUnit4.class) -@IgnoreUnderRavenwood(blockedBy = PowerManager.class) +@IgnoreUnderRavenwood(blockedBy = ActivityManager.class) public class BinderProxyTest { private static class CountingListener implements Binder.ProxyTransactListener { int mStartedCount; @@ -62,7 +63,7 @@ public class BinderProxyTest { public final RavenwoodRule mRavenwood = new RavenwoodRule(); private Context mContext; - private PowerManager mPowerManager; + private ActivityManager mActivityManager; /** * Setup any common data for the upcoming tests. @@ -70,7 +71,7 @@ public class BinderProxyTest { @Before public void setUp() throws Exception { mContext = InstrumentationRegistry.getInstrumentation().getTargetContext(); - mPowerManager = (PowerManager) mContext.getSystemService(Context.POWER_SERVICE); + mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE); } @Test @@ -80,7 +81,7 @@ public class BinderProxyTest { Binder.setProxyTransactListener(listener); Binder.setProxyTransactListener(null); - mPowerManager.isInteractive(); + mActivityManager.isUserRunning(7); // something which does a binder call assertEquals(0, listener.mStartedCount); assertEquals(0, listener.mEndedCount); @@ -92,7 +93,7 @@ public class BinderProxyTest { CountingListener listener = new CountingListener(); Binder.setProxyTransactListener(listener); - mPowerManager.isInteractive(); + mActivityManager.isUserRunning(27); // something which does a binder call assertEquals(1, listener.mStartedCount); assertEquals(1, listener.mEndedCount); @@ -112,7 +113,7 @@ public class BinderProxyTest { }); // Check it does not throw.. - mPowerManager.isInteractive(); + mActivityManager.isUserRunning(47); // something which does a binder call } private IBinder mRemoteBinder = null; diff --git a/nfc/java/android/nfc/cardemulation/HostApduService.java b/nfc/java/android/nfc/cardemulation/HostApduService.java index 4f601f0704b4..db1f6a2bb3b1 100644 --- a/nfc/java/android/nfc/cardemulation/HostApduService.java +++ b/nfc/java/android/nfc/cardemulation/HostApduService.java @@ -107,7 +107,7 @@ import java.util.List; * <intent-filter> * <action android:name="android.nfc.cardemulation.action.HOST_APDU_SERVICE"/> * </intent-filter> - * <meta-data android:name="android.nfc.cardemulation.host_apdu_ervice" android:resource="@xml/apduservice"/> + * <meta-data android:name="android.nfc.cardemulation.host_apdu_service" android:resource="@xml/apduservice"/> * </service></pre> * * This meta-data tag points to an apduservice.xml file. diff --git a/nfc/java/android/nfc/cardemulation/OffHostApduService.java b/nfc/java/android/nfc/cardemulation/OffHostApduService.java index 2286e8476d94..8d8a17270523 100644 --- a/nfc/java/android/nfc/cardemulation/OffHostApduService.java +++ b/nfc/java/android/nfc/cardemulation/OffHostApduService.java @@ -96,7 +96,7 @@ import android.os.IBinder; * <intent-filter> * <action android:name="android.nfc.cardemulation.action.OFF_HOST_APDU_SERVICE"/> * </intent-filter> - * <meta-data android:name="android.nfc.cardemulation.off_host_apdu_ervice" android:resource="@xml/apduservice"/> + * <meta-data android:name="android.nfc.cardemulation.off_host_apdu_service" android:resource="@xml/apduservice"/> * </service></pre> * * This meta-data tag points to an apduservice.xml file. diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsState.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsState.java index fc7802c9f9da..68b66dfa2657 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsState.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsState.java @@ -178,11 +178,6 @@ final class SettingsState { private static final String APEX_DIR = "/apex"; private static final String APEX_ACONFIG_PATH_SUFFIX = "/etc/aconfig_flags.pb"; - private static final String STORAGE_MIGRATION_FLAG = - "core_experiments_team_internal/com.android.providers.settings.storage_test_mission_1"; - private static final String STORAGE_MIGRATION_MARKER_FILE = - "/metadata/aconfig_test_missions/mission_1"; - /** * This tag is applied to all aconfig default value-loaded flags. */ @@ -1740,32 +1735,6 @@ final class SettingsState { } } - if (isConfigSettingsKey(mKey) && name != null - && name.equals(STORAGE_MIGRATION_FLAG)) { - if (value.equals("true")) { - Path path = Paths.get(STORAGE_MIGRATION_MARKER_FILE); - if (!Files.exists(path)) { - Files.createFile(path); - } - - Set<PosixFilePermission> perms = - Files.readAttributes(path, PosixFileAttributes.class).permissions(); - perms.add(PosixFilePermission.OWNER_WRITE); - perms.add(PosixFilePermission.OWNER_READ); - perms.add(PosixFilePermission.GROUP_READ); - perms.add(PosixFilePermission.OTHERS_READ); - try { - Files.setPosixFilePermissions(path, perms); - } catch (Exception e) { - Slog.e(LOG_TAG, "failed to set permissions on migration marker", e); - } - } else { - java.nio.file.Path path = Paths.get(STORAGE_MIGRATION_MARKER_FILE); - if (Files.exists(path)) { - Files.delete(path); - } - } - } mSettings.put(name, new Setting(name, value, defaultValue, packageName, tag, fromSystem, id, isPreservedInRestore)); diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java index 7f5839d4f1fb..057fb68bad78 100644 --- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java +++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java @@ -1873,7 +1873,9 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab if (posture == DEVICE_POSTURE_OPENED) { mLogger.d("Posture changed to open - attempting to request active" + " unlock and run face auth"); - getFaceAuthInteractor().onDeviceUnfolded(); + if (getFaceAuthInteractor() != null) { + getFaceAuthInteractor().onDeviceUnfolded(); + } requestActiveUnlockFromWakeReason(PowerManager.WAKE_REASON_UNFOLD_DEVICE, false); } diff --git a/services/core/java/android/content/pm/PackageManagerInternal.java b/services/core/java/android/content/pm/PackageManagerInternal.java index 43774bbc51ca..b0dae6a1f306 100644 --- a/services/core/java/android/content/pm/PackageManagerInternal.java +++ b/services/core/java/android/content/pm/PackageManagerInternal.java @@ -90,6 +90,7 @@ public abstract class PackageManagerInternal { */ public static final int RESOLVE_NON_RESOLVER_ONLY = 0x00000002; + @Deprecated @IntDef(value = { INTEGRITY_VERIFICATION_ALLOW, INTEGRITY_VERIFICATION_REJECT, @@ -97,18 +98,10 @@ public abstract class PackageManagerInternal { @Retention(RetentionPolicy.SOURCE) public @interface IntegrityVerificationResult {} - /** - * Used as the {@code verificationCode} argument for - * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the - * integrity component allows the install to proceed. - */ + @Deprecated public static final int INTEGRITY_VERIFICATION_ALLOW = 1; - /** - * Used as the {@code verificationCode} argument for - * {@link PackageManagerInternal#setIntegrityVerificationResult(int, int)} to indicate that the - * integrity component does not allow install to proceed. - */ + @Deprecated public static final int INTEGRITY_VERIFICATION_REJECT = 0; /** @@ -1131,17 +1124,13 @@ public abstract class PackageManagerInternal { public abstract boolean isPermissionUpgradeNeeded(@UserIdInt int userId); /** - * Allows the integrity component to respond to the - * {@link Intent#ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification - * broadcast} to respond to the package manager. The response must include - * the {@code verificationCode} which is one of - * {@link #INTEGRITY_VERIFICATION_ALLOW} and {@link #INTEGRITY_VERIFICATION_REJECT}. + * Used to allow the integrity component to respond to the + * ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION package verification + * broadcast to respond to the package manager. * - * @param verificationId pending package identifier as passed via the - * {@link PackageManager#EXTRA_VERIFICATION_ID} Intent extra. - * @param verificationResult either {@link #INTEGRITY_VERIFICATION_ALLOW} - * or {@link #INTEGRITY_VERIFICATION_REJECT}. + * Deprecated. */ + @Deprecated public abstract void setIntegrityVerificationResult(int verificationId, @IntegrityVerificationResult int verificationResult); diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java index a132876b72a3..0914b7e3eeb2 100644 --- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java @@ -93,29 +93,6 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { mContext = context; mPackageManagerInternal = packageManagerInternal; mHandler = handler; - - IntentFilter integrityVerificationFilter = new IntentFilter(); - integrityVerificationFilter.addAction(ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION); - try { - integrityVerificationFilter.addDataType(PACKAGE_MIME_TYPE); - } catch (IntentFilter.MalformedMimeTypeException e) { - throw new RuntimeException("Mime type malformed: should never happen.", e); - } - - mContext.registerReceiver( - new BroadcastReceiver() { - @Override - public void onReceive(Context context, Intent intent) { - if (!ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION.equals( - intent.getAction())) { - return; - } - mHandler.post(() -> handleIntegrityVerification(intent)); - } - }, - integrityVerificationFilter, - /* broadcastPermission= */ null, - mHandler); } @Override @@ -157,10 +134,4 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { public List<String> getWhitelistedRuleProviders() { return Collections.emptyList(); } - - private void handleIntegrityVerification(Intent intent) { - int verificationId = intent.getIntExtra(EXTRA_VERIFICATION_ID, -1); - mPackageManagerInternal.setIntegrityVerificationResult( - verificationId, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); - } } diff --git a/services/core/java/com/android/server/pm/PackageHandler.java b/services/core/java/com/android/server/pm/PackageHandler.java index 0a0882d80cc1..4ea405441030 100644 --- a/services/core/java/com/android/server/pm/PackageHandler.java +++ b/services/core/java/com/android/server/pm/PackageHandler.java @@ -18,7 +18,6 @@ package com.android.server.pm; import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER; -import static com.android.server.pm.PackageManagerService.CHECK_PENDING_INTEGRITY_VERIFICATION; import static com.android.server.pm.PackageManagerService.CHECK_PENDING_VERIFICATION; import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL; import static com.android.server.pm.PackageManagerService.DEFAULT_UNUSED_STATIC_SHARED_LIB_MIN_CACHE_PERIOD; @@ -29,7 +28,6 @@ import static com.android.server.pm.PackageManagerService.DOMAIN_VERIFICATION; import static com.android.server.pm.PackageManagerService.ENABLE_ROLLBACK_STATUS; import static com.android.server.pm.PackageManagerService.ENABLE_ROLLBACK_TIMEOUT; import static com.android.server.pm.PackageManagerService.INSTANT_APP_RESOLUTION_PHASE_TWO; -import static com.android.server.pm.PackageManagerService.INTEGRITY_VERIFICATION_COMPLETE; import static com.android.server.pm.PackageManagerService.PACKAGE_VERIFIED; import static com.android.server.pm.PackageManagerService.POST_INSTALL; import static com.android.server.pm.PackageManagerService.PRUNE_UNUSED_STATIC_SHARED_LIBRARIES; @@ -149,42 +147,6 @@ final class PackageHandler extends Handler { break; } - case CHECK_PENDING_INTEGRITY_VERIFICATION: { - final int verificationId = msg.arg1; - final PackageVerificationState state = mPm.mPendingVerification.get(verificationId); - - if (state != null && !state.isIntegrityVerificationComplete()) { - final VerifyingSession verifyingSession = state.getVerifyingSession(); - final Uri originUri = Uri.fromFile(verifyingSession.mOriginInfo.mResolvedFile); - - String errorMsg = "Integrity verification timed out for " + originUri; - Slog.i(TAG, errorMsg); - - state.setIntegrityVerificationResult( - getDefaultIntegrityVerificationResponse()); - - if (getDefaultIntegrityVerificationResponse() - == PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW) { - Slog.i(TAG, "Integrity check times out, continuing with " + originUri); - } else { - verifyingSession.setReturnCode( - PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE, - errorMsg); - } - - if (state.areAllVerificationsComplete()) { - mPm.mPendingVerification.remove(verificationId); - } - - Trace.asyncTraceEnd( - TRACE_TAG_PACKAGE_MANAGER, - "integrity_verification", - verificationId); - - verifyingSession.handleIntegrityVerificationFinished(); - } - break; - } case PACKAGE_VERIFIED: { final int verificationId = msg.arg1; @@ -205,42 +167,6 @@ final class PackageHandler extends Handler { break; } - case INTEGRITY_VERIFICATION_COMPLETE: { - final int verificationId = msg.arg1; - - final PackageVerificationState state = mPm.mPendingVerification.get(verificationId); - if (state == null) { - Slog.w(TAG, "Integrity verification with id " + verificationId - + " not found. It may be invalid or overridden by verifier"); - break; - } - - final int response = (Integer) msg.obj; - final VerifyingSession verifyingSession = state.getVerifyingSession(); - final Uri originUri = Uri.fromFile(verifyingSession.mOriginInfo.mResolvedFile); - - state.setIntegrityVerificationResult(response); - - if (response == PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW) { - Slog.i(TAG, "Integrity check passed for " + originUri); - } else { - verifyingSession.setReturnCode( - PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE, - "Integrity check failed for " + originUri); - } - - if (state.areAllVerificationsComplete()) { - mPm.mPendingVerification.remove(verificationId); - } - - Trace.asyncTraceEnd( - TRACE_TAG_PACKAGE_MANAGER, - "integrity_verification", - verificationId); - - verifyingSession.handleIntegrityVerificationFinished(); - break; - } case INSTANT_APP_RESOLUTION_PHASE_TWO: { InstantAppResolver.doInstantAppResolutionPhaseTwo(mPm.mContext, mPm.snapshotComputer(), diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index f9c103762815..b22bc2b8c5be 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -922,8 +922,8 @@ public class PackageManagerService implements PackageSender, TestUtilityService static final int ENABLE_ROLLBACK_TIMEOUT = 22; static final int DEFERRED_NO_KILL_POST_DELETE = 23; static final int DEFERRED_NO_KILL_INSTALL_OBSERVER = 24; - static final int INTEGRITY_VERIFICATION_COMPLETE = 25; - static final int CHECK_PENDING_INTEGRITY_VERIFICATION = 26; + // static final int UNUSED = 25; + // static final int UNUSED = 26; static final int DOMAIN_VERIFICATION = 27; static final int PRUNE_UNUSED_STATIC_SHARED_LIBRARIES = 28; static final int DEFERRED_PENDING_KILL_INSTALL_OBSERVER = 29; @@ -7023,12 +7023,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService return mSettings.isPermissionUpgradeNeeded(userId); } + @Deprecated @Override public void setIntegrityVerificationResult(int verificationId, int verificationResult) { - final Message msg = mHandler.obtainMessage(INTEGRITY_VERIFICATION_COMPLETE); - msg.arg1 = verificationId; - msg.obj = verificationResult; - mHandler.sendMessage(msg); + // Do nothing. } @Override diff --git a/services/core/java/com/android/server/pm/PackageVerificationState.java b/services/core/java/com/android/server/pm/PackageVerificationState.java index 0b6ccc41d956..63c2ee2e5454 100644 --- a/services/core/java/com/android/server/pm/PackageVerificationState.java +++ b/services/core/java/com/android/server/pm/PackageVerificationState.java @@ -43,8 +43,6 @@ class PackageVerificationState { private boolean mRequiredVerificationPassed; - private boolean mIntegrityVerificationComplete; - /** * Create a new package verification state where {@code requiredVerifierUid} is the user ID for * the package that must reply affirmative before things can continue. @@ -213,15 +211,7 @@ class PackageVerificationState { return mExtendedTimeoutUids.get(uid, false); } - void setIntegrityVerificationResult(int code) { - mIntegrityVerificationComplete = true; - } - - boolean isIntegrityVerificationComplete() { - return mIntegrityVerificationComplete; - } - boolean areAllVerificationsComplete() { - return mIntegrityVerificationComplete && isVerificationComplete(); + return isVerificationComplete(); } } diff --git a/services/core/java/com/android/server/pm/VerifyingSession.java b/services/core/java/com/android/server/pm/VerifyingSession.java index f7eb29fe3ee9..542ae8eb9207 100644 --- a/services/core/java/com/android/server/pm/VerifyingSession.java +++ b/services/core/java/com/android/server/pm/VerifyingSession.java @@ -28,7 +28,6 @@ import static android.os.PowerWhitelistManager.REASON_PACKAGE_VERIFIER; import static android.os.PowerWhitelistManager.TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_ALLOWED; import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER; -import static com.android.server.pm.PackageManagerService.CHECK_PENDING_INTEGRITY_VERIFICATION; import static com.android.server.pm.PackageManagerService.CHECK_PENDING_VERIFICATION; import static com.android.server.pm.PackageManagerService.DEBUG_INSTALL; import static com.android.server.pm.PackageManagerService.DEBUG_VERIFY; @@ -87,11 +86,6 @@ final class VerifyingSession { * Whether verification is enabled by default. */ private static final boolean DEFAULT_VERIFY_ENABLE = true; - - /** - * Whether integrity verification is enabled by default. - */ - private static final boolean DEFAULT_INTEGRITY_VERIFY_ENABLE = true; /** * The default maximum time to wait for the integrity verification to return in * milliseconds. @@ -129,7 +123,6 @@ final class VerifyingSession { private final boolean mUserActionRequired; private final int mUserActionRequiredType; private boolean mWaitForVerificationToComplete; - private boolean mWaitForIntegrityVerificationToComplete; private boolean mWaitForEnableRollbackToComplete; private int mRet = PackageManager.INSTALL_SUCCEEDED; private String mErrorMessage = null; @@ -217,7 +210,6 @@ final class VerifyingSession { new PackageVerificationState(this); mPm.mPendingVerification.append(verificationId, verificationState); - sendIntegrityVerificationRequest(verificationId, pkgLite, verificationState); sendPackageVerificationRequest( verificationId, pkgLite, verificationState); @@ -270,89 +262,6 @@ final class VerifyingSession { mPm.mHandler.sendMessageDelayed(msg, rollbackTimeout); } - /** - * Send a request to check the integrity of the package. - */ - void sendIntegrityVerificationRequest( - int verificationId, - PackageInfoLite pkgLite, - PackageVerificationState verificationState) { - if (!isIntegrityVerificationEnabled()) { - // Consider the integrity check as passed. - verificationState.setIntegrityVerificationResult( - PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); - return; - } - - final Intent integrityVerification = - new Intent(Intent.ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION); - - integrityVerification.setDataAndType(Uri.fromFile(new File(mOriginInfo.mResolvedPath)), - PACKAGE_MIME_TYPE); - - final int flags = Intent.FLAG_GRANT_READ_URI_PERMISSION - | Intent.FLAG_RECEIVER_REGISTERED_ONLY - | Intent.FLAG_RECEIVER_FOREGROUND; - integrityVerification.addFlags(flags); - - integrityVerification.putExtra(EXTRA_VERIFICATION_ID, verificationId); - integrityVerification.putExtra(EXTRA_PACKAGE_NAME, pkgLite.packageName); - integrityVerification.putExtra(EXTRA_VERSION_CODE, pkgLite.versionCode); - integrityVerification.putExtra(EXTRA_LONG_VERSION_CODE, pkgLite.getLongVersionCode()); - populateInstallerExtras(integrityVerification); - - // send to integrity component only. - integrityVerification.setPackage("android"); - - final BroadcastOptions options = BroadcastOptions.makeBasic(); - - mPm.mContext.sendOrderedBroadcastAsUser(integrityVerification, UserHandle.SYSTEM, - /* receiverPermission= */ null, - /* appOp= */ AppOpsManager.OP_NONE, - /* options= */ options.toBundle(), - new BroadcastReceiver() { - @Override - public void onReceive(Context context, Intent intent) { - final Message msg = - mPm.mHandler.obtainMessage(CHECK_PENDING_INTEGRITY_VERIFICATION); - msg.arg1 = verificationId; - mPm.mHandler.sendMessageDelayed(msg, getIntegrityVerificationTimeout()); - } - }, /* scheduler= */ null, - /* initialCode= */ 0, - /* initialData= */ null, - /* initialExtras= */ null); - - Trace.asyncTraceBegin( - TRACE_TAG_PACKAGE_MANAGER, "integrity_verification", verificationId); - - // stop the copy until verification succeeds. - mWaitForIntegrityVerificationToComplete = true; - } - - - /** - * Get the integrity verification timeout. - * - * @return verification timeout in milliseconds - */ - private long getIntegrityVerificationTimeout() { - long timeout = Settings.Global.getLong(mPm.mContext.getContentResolver(), - Settings.Global.APP_INTEGRITY_VERIFICATION_TIMEOUT, - DEFAULT_INTEGRITY_VERIFICATION_TIMEOUT); - // The setting can be used to increase the timeout but not decrease it, since that is - // equivalent to disabling the integrity component. - return Math.max(timeout, DEFAULT_INTEGRITY_VERIFICATION_TIMEOUT); - } - - /** - * Check whether or not integrity verification has been enabled. - */ - private boolean isIntegrityVerificationEnabled() { - // We are not exposing this as a user-configurable setting because we don't want to provide - // an easy way to get around the integrity check. - return DEFAULT_INTEGRITY_VERIFY_ENABLE; - } /** * Send a request to verifier(s) to verify the package if necessary. @@ -827,11 +736,6 @@ final class VerifyingSession { handleReturnCode(); } - void handleIntegrityVerificationFinished() { - mWaitForIntegrityVerificationToComplete = false; - handleReturnCode(); - } - void handleRollbackEnabled() { // TODO(b/112431924): Consider halting the install if we // couldn't enable rollback. @@ -840,7 +744,7 @@ final class VerifyingSession { } void handleReturnCode() { - if (mWaitForVerificationToComplete || mWaitForIntegrityVerificationToComplete + if (mWaitForVerificationToComplete || mWaitForEnableRollbackToComplete) { return; } diff --git a/services/core/java/com/android/server/pm/dex/ArtManagerService.java b/services/core/java/com/android/server/pm/dex/ArtManagerService.java index e49dc8250bc7..976999cf6ae0 100644 --- a/services/core/java/com/android/server/pm/dex/ArtManagerService.java +++ b/services/core/java/com/android/server/pm/dex/ArtManagerService.java @@ -426,6 +426,7 @@ public class ArtManagerService extends android.content.pm.dex.IArtManager.Stub { private static final int TRON_COMPILATION_REASON_PREBUILT = 23; private static final int TRON_COMPILATION_REASON_VDEX = 24; private static final int TRON_COMPILATION_REASON_BOOT_AFTER_MAINLINE_UPDATE = 25; + private static final int TRON_COMPILATION_REASON_CLOUD = 26; // The annotation to add as a suffix to the compilation reason when dexopt was // performed with dex metadata. @@ -460,6 +461,8 @@ public class ArtManagerService extends android.content.pm.dex.IArtManager.Stub { return TRON_COMPILATION_REASON_INSTALL_BULK_DOWNGRADED; case "install-bulk-secondary-downgraded" : return TRON_COMPILATION_REASON_INSTALL_BULK_SECONDARY_DOWNGRADED; + case "cloud": + return TRON_COMPILATION_REASON_CLOUD; // These are special markers for dex metadata installation that do not // have an equivalent as a system property. case "install" + DEXOPT_REASON_WITH_DEX_METADATA_ANNOTATION : diff --git a/services/core/java/com/android/server/wm/WindowState.java b/services/core/java/com/android/server/wm/WindowState.java index fc7d3dca1c29..673d82d4d35f 100644 --- a/services/core/java/com/android/server/wm/WindowState.java +++ b/services/core/java/com/android/server/wm/WindowState.java @@ -2728,7 +2728,7 @@ class WindowState extends WindowContainer<WindowState> implements WindowManagerP * Expands the given rectangle by the region of window resize handle for freeform window. * @param inOutRect The rectangle to update. */ - private void adjustRegionInFreefromWindowMode(Rect inOutRect) { + private void adjustRegionInFreeformWindowMode(Rect inOutRect) { if (!inFreeformWindowingMode()) { return; } @@ -2772,7 +2772,7 @@ class WindowState extends WindowContainer<WindowState> implements WindowManagerP } } } - adjustRegionInFreefromWindowMode(mTmpRect); + adjustRegionInFreeformWindowMode(mTmpRect); outRegion.set(mTmpRect); cropRegionToRootTaskBoundsIfNeeded(outRegion); } @@ -3546,7 +3546,7 @@ class WindowState extends WindowContainer<WindowState> implements WindowManagerP } rootTask.getDimBounds(mTmpRect); - adjustRegionInFreefromWindowMode(mTmpRect); + adjustRegionInFreeformWindowMode(mTmpRect); region.op(mTmpRect, Region.Op.INTERSECT); } diff --git a/services/tests/PackageManagerServiceTests/server/src/com/android/server/pm/PackageVerificationStateTest.java b/services/tests/PackageManagerServiceTests/server/src/com/android/server/pm/PackageVerificationStateTest.java index a93e8ad93756..97f1bd46678f 100644 --- a/services/tests/PackageManagerServiceTests/server/src/com/android/server/pm/PackageVerificationStateTest.java +++ b/services/tests/PackageManagerServiceTests/server/src/com/android/server/pm/PackageVerificationStateTest.java @@ -574,57 +574,16 @@ public class PackageVerificationStateTest extends AndroidTestCase { assertTrue(state.isInstallAllowed()); } - public void testAreAllVerificationsComplete_onlyVerificationPasses() { + public void testAreAllVerificationsComplete() { PackageVerificationState state = new PackageVerificationState(null); state.addRequiredVerifierUid(REQUIRED_UID_1); assertFalse(state.areAllVerificationsComplete()); state.setVerifierResponse(REQUIRED_UID_1, PackageManager.VERIFICATION_ALLOW); - assertFalse(state.areAllVerificationsComplete()); - } - - public void testAreAllVerificationsComplete_onlyIntegrityCheckPasses() { - PackageVerificationState state = new PackageVerificationState(null); - state.addRequiredVerifierUid(REQUIRED_UID_1); - assertFalse(state.areAllVerificationsComplete()); - - state.setIntegrityVerificationResult(PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); - - assertFalse(state.areAllVerificationsComplete()); - } - - public void testAreAllVerificationsComplete_bothPasses() { - PackageVerificationState state = new PackageVerificationState(null); - state.addRequiredVerifierUid(REQUIRED_UID_1); - assertFalse(state.areAllVerificationsComplete()); - - state.setIntegrityVerificationResult(PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); - state.setVerifierResponse(REQUIRED_UID_1, PackageManager.VERIFICATION_ALLOW); - assertTrue(state.areAllVerificationsComplete()); } - public void testAreAllVerificationsComplete_onlyVerificationFails() { - PackageVerificationState state = new PackageVerificationState(null); - state.addRequiredVerifierUid(REQUIRED_UID_1); - assertFalse(state.areAllVerificationsComplete()); - - state.setVerifierResponse(REQUIRED_UID_1, PackageManager.VERIFICATION_REJECT); - - assertFalse(state.areAllVerificationsComplete()); - } - - public void testAreAllVerificationsComplete_onlyIntegrityCheckFails() { - PackageVerificationState state = new PackageVerificationState(null); - state.addRequiredVerifierUid(REQUIRED_UID_1); - assertFalse(state.areAllVerificationsComplete()); - - state.setIntegrityVerificationResult(PackageManagerInternal.INTEGRITY_VERIFICATION_REJECT); - - assertFalse(state.areAllVerificationsComplete()); - } - private void processOnTimeout(PackageVerificationState state, int code, int uid) { // CHECK_PENDING_VERIFICATION handler. assertFalse("Verification should not be marked as complete yet", diff --git a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java deleted file mode 100644 index fd221185bacf..000000000000 --- a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.server.integrity; - -import static android.content.integrity.AppIntegrityManager.EXTRA_STATUS; -import static android.content.integrity.AppIntegrityManager.STATUS_FAILURE; -import static android.content.integrity.AppIntegrityManager.STATUS_SUCCESS; -import static android.content.integrity.InstallerAllowedByManifestFormula.INSTALLER_CERTIFICATE_NOT_EVALUATED; -import static android.content.pm.PackageManager.EXTRA_VERIFICATION_ID; -import static android.content.pm.PackageManager.EXTRA_VERIFICATION_INSTALLER_PACKAGE; -import static android.content.pm.PackageManager.EXTRA_VERIFICATION_INSTALLER_UID; - -import static com.google.common.truth.Truth.assertThat; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyInt; -import static org.mockito.ArgumentMatchers.anyLong; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.Mockito.atLeastOnce; -import static org.mockito.Mockito.doReturn; -import static org.mockito.Mockito.doThrow; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -import static java.nio.file.StandardCopyOption.REPLACE_EXISTING; - -import android.content.BroadcastReceiver; -import android.content.Context; -import android.content.Intent; -import android.content.IntentFilter; -import android.content.IntentSender; -import android.content.integrity.AppInstallMetadata; -import android.content.integrity.AtomicFormula; -import android.content.integrity.IntegrityFormula; -import android.content.integrity.Rule; -import android.content.pm.ApplicationInfo; -import android.content.pm.PackageInfo; -import android.content.pm.PackageManager; -import android.content.pm.PackageManagerInternal; -import android.content.pm.ParceledListSlice; -import android.content.res.Resources; -import android.net.Uri; -import android.os.Handler; -import android.os.Message; -import android.provider.Settings; - -import androidx.test.InstrumentationRegistry; - -import com.android.internal.R; -import com.android.server.compat.PlatformCompat; -import com.android.server.testutils.TestUtils; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; -import org.mockito.ArgumentCaptor; -import org.mockito.Mock; -import org.mockito.junit.MockitoJUnit; -import org.mockito.junit.MockitoRule; - -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.nio.file.Files; -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.function.Supplier; - -/** Unit test for {@link com.android.server.integrity.AppIntegrityManagerServiceImpl} */ -@RunWith(JUnit4.class) -public class AppIntegrityManagerServiceImplTest { - private static final String TEST_APP_PATH = - "AppIntegrityManagerServiceImplTest/AppIntegrityManagerServiceTestApp.apk"; - - private static final String TEST_APP_TWO_CERT_PATH = - "AppIntegrityManagerServiceImplTest/DummyAppTwoCerts.apk"; - - private static final String TEST_APP_SOURCE_STAMP_PATH = - "AppIntegrityManagerServiceImplTest/SourceStampTestApk.apk"; - - private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; - private static final String VERSION = "version"; - private static final String TEST_FRAMEWORK_PACKAGE = "com.android.frameworks.servicestests"; - - private static final String PACKAGE_NAME = "com.test.app"; - - private static final long VERSION_CODE = 100; - private static final String INSTALLER = "com.long.random.test.installer.name"; - - // These are obtained by running the test and checking logcat. - private static final String APP_CERT = - "F14CFECF5070874C05D3D2FA98E046BE20BDE02A0DC74BAF6B59C6A0E4C06850"; - // We use SHA256 for package names longer than 32 characters. - private static final String INSTALLER_SHA256 = - "30F41A7CBF96EE736A54DD6DF759B50ED3CC126ABCEF694E167C324F5976C227"; - private static final String SOURCE_STAMP_CERTIFICATE_HASH = - "C6E737809CEF2B08CC6694892215F82A5E8FBC3C2A0F6212770310B90622D2D9"; - - private static final String DUMMY_APP_TWO_CERTS_CERT_1 = - "C0369C2A1096632429DFA8433068AECEAD00BAC337CA92A175036D39CC9AFE94"; - private static final String DUMMY_APP_TWO_CERTS_CERT_2 = - "94366E0A80F3A3F0D8171A15760B88E228CD6E1101F0414C98878724FBE70147"; - - private static final String PLAY_STORE_PKG = "com.android.vending"; - private static final String ADB_INSTALLER = "adb"; - private static final String PLAY_STORE_CERT = "play_store_cert"; - - @org.junit.Rule public MockitoRule mMockitoRule = MockitoJUnit.rule(); - - @Mock PackageManagerInternal mPackageManagerInternal; - @Mock PlatformCompat mPlatformCompat; - @Mock Context mMockContext; - @Mock Resources mMockResources; - @Mock Handler mHandler; - - private final Context mRealContext = InstrumentationRegistry.getTargetContext(); - - private PackageManager mSpyPackageManager; - private File mTestApk; - private File mTestApkTwoCerts; - private File mTestApkSourceStamp; - - // under test - private AppIntegrityManagerServiceImpl mService; - - @Before - public void setup() throws Exception { - mTestApk = File.createTempFile("AppIntegrity", ".apk"); - try (InputStream inputStream = mRealContext.getAssets().open(TEST_APP_PATH)) { - Files.copy(inputStream, mTestApk.toPath(), REPLACE_EXISTING); - } - - mTestApkTwoCerts = File.createTempFile("AppIntegrityTwoCerts", ".apk"); - try (InputStream inputStream = mRealContext.getAssets().open(TEST_APP_TWO_CERT_PATH)) { - Files.copy(inputStream, mTestApkTwoCerts.toPath(), REPLACE_EXISTING); - } - - mTestApkSourceStamp = File.createTempFile("AppIntegritySourceStamp", ".apk"); - try (InputStream inputStream = mRealContext.getAssets().open(TEST_APP_SOURCE_STAMP_PATH)) { - Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); - } - - mService = - new AppIntegrityManagerServiceImpl( - mMockContext, - mPackageManagerInternal, - mHandler); - - mSpyPackageManager = spy(mRealContext.getPackageManager()); - // setup mocks to prevent NPE - when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager); - when(mMockContext.getResources()).thenReturn(mMockResources); - when(mMockResources.getStringArray(anyInt())).thenReturn(new String[] {}); - // These are needed to override the Settings.Global.get result. - when(mMockContext.getContentResolver()).thenReturn(mRealContext.getContentResolver()); - setIntegrityCheckIncludesRuleProvider(true); - } - - @After - public void tearDown() throws Exception { - mTestApk.delete(); - mTestApkTwoCerts.delete(); - mTestApkSourceStamp.delete(); - } - - @Test - public void broadcastReceiverRegistration() throws Exception { - allowlistUsAsRuleProvider(); - makeUsSystemApp(); - ArgumentCaptor<IntentFilter> intentFilterCaptor = - ArgumentCaptor.forClass(IntentFilter.class); - - verify(mMockContext).registerReceiver(any(), intentFilterCaptor.capture(), any(), any()); - assertEquals(1, intentFilterCaptor.getValue().countActions()); - assertEquals( - Intent.ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION, - intentFilterCaptor.getValue().getAction(0)); - assertEquals(1, intentFilterCaptor.getValue().countDataTypes()); - assertEquals(PACKAGE_MIME_TYPE, intentFilterCaptor.getValue().getDataType(0)); - } - - @Test - public void handleBroadcast_allow() throws Exception { - allowlistUsAsRuleProvider(); - makeUsSystemApp(); - ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = - ArgumentCaptor.forClass(BroadcastReceiver.class); - verify(mMockContext) - .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); - Intent intent = makeVerificationIntent(); - - broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); - runJobInHandler(); - - verify(mPackageManagerInternal) - .setIntegrityVerificationResult( - 1, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); - } - - private void allowlistUsAsRuleProvider() { - Resources mockResources = mock(Resources.class); - when(mockResources.getStringArray(R.array.config_integrityRuleProviderPackages)) - .thenReturn(new String[] {TEST_FRAMEWORK_PACKAGE}); - when(mMockContext.getResources()).thenReturn(mockResources); - } - - private void runJobInHandler() { - ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class); - // sendMessageAtTime is the first non-final method in the call chain when "post" is invoked. - verify(mHandler).sendMessageAtTime(messageCaptor.capture(), anyLong()); - messageCaptor.getValue().getCallback().run(); - } - - private void makeUsSystemApp() throws Exception { - makeUsSystemApp(true); - } - - private void makeUsSystemApp(boolean isSystemApp) throws Exception { - PackageInfo packageInfo = - mRealContext.getPackageManager().getPackageInfo(TEST_FRAMEWORK_PACKAGE, 0); - if (isSystemApp) { - packageInfo.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM; - } else { - packageInfo.applicationInfo.flags &= ~ApplicationInfo.FLAG_SYSTEM; - } - doReturn(packageInfo) - .when(mSpyPackageManager) - .getPackageInfo(eq(TEST_FRAMEWORK_PACKAGE), anyInt()); - when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager); - } - - private Intent makeVerificationIntent() throws Exception { - PackageInfo packageInfo = - mRealContext - .getPackageManager() - .getPackageInfo( - TEST_FRAMEWORK_PACKAGE, PackageManager.GET_SIGNING_CERTIFICATES); - doReturn(packageInfo).when(mSpyPackageManager).getPackageInfo(eq(INSTALLER), anyInt()); - doReturn(1).when(mSpyPackageManager).getPackageUid(eq(INSTALLER), anyInt()); - doReturn(new String[]{INSTALLER}).when(mSpyPackageManager).getPackagesForUid(anyInt()); - return makeVerificationIntent(INSTALLER); - } - - private Intent makeVerificationIntent(String installer) throws Exception { - Intent intent = new Intent(); - intent.setDataAndType(Uri.fromFile(mTestApk), PACKAGE_MIME_TYPE); - intent.setAction(Intent.ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION); - intent.putExtra(EXTRA_VERIFICATION_ID, 1); - intent.putExtra(Intent.EXTRA_PACKAGE_NAME, PACKAGE_NAME); - intent.putExtra(EXTRA_VERIFICATION_INSTALLER_PACKAGE, installer); - intent.putExtra( - EXTRA_VERIFICATION_INSTALLER_UID, - mMockContext.getPackageManager().getPackageUid(installer, /* flags= */ 0)); - intent.putExtra(Intent.EXTRA_LONG_VERSION_CODE, VERSION_CODE); - return intent; - } - - private void setIntegrityCheckIncludesRuleProvider(boolean shouldInclude) throws Exception { - int value = shouldInclude ? 1 : 0; - Settings.Global.putInt( - mRealContext.getContentResolver(), - Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER, - value); - assertThat( - Settings.Global.getInt( - mRealContext.getContentResolver(), - Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER, - -1) - == 1) - .isEqualTo(shouldInclude); - } -} |