Add verifier device identity

This adds a special device identifier that is usable only for device validation. The user will be presented with this number encoded in easily-transcribable Base32 in the Developer options of Settings. Change-Id: I4843f55ee90d689a51d0269b22454ca04c1be7ec
author: Kenny Root <kroot@google.com> 2011-09-12 16:42:55 -0700
committer: Kenny Root <kroot@google.com> 2011-09-13 16:02:43 -0700
commit: 0aaa0d931716e9f57a1d84d795fab2df75092756 (patch)
tree: 0ada5a585584199d757e73e891ef77960d3a5280 /services
parent: 2f2eea704ef82878c7aa909a1f7dbdf19851b0fb (diff)
download: frameworks_base-0aaa0d931716e9f57a1d84d795fab2df75092756.zip
frameworks_base-0aaa0d931716e9f57a1d84d795fab2df75092756.tar.gz
frameworks_base-0aaa0d931716e9f57a1d84d795fab2df75092756.tar.bz2
2 files changed, 41 insertions, 1 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 4e5ca8e..9ebdd52 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -71,6 +71,7 @@ import android.content.pm.ServiceInfo;
 import android.content.pm.Signature;
 import android.content.pm.UserInfo;
 import android.content.pm.ManifestDigest;
+import android.content.pm.VerifierDeviceIdentity;
 import android.net.Uri;
 import android.os.Binder;
 import android.os.Build;
@@ -8405,4 +8406,15 @@ public class PackageManagerService extends IPackageManager.Stub {
         mUserManager.removeUser(userId);
         return true;
     }
+
+    @Override
+    public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+                "Only package verification agents can read the verifier device identity");
+
+        synchronized (mPackages) {
+            return mSettings.getVerifierDeviceIdentityLPw();
+        }
+    }
 }
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index f270003..7cdb5b1 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -39,6 +39,7 @@ import android.content.pm.PackageManager;
 import android.content.pm.PackageParser;
 import android.content.pm.PermissionInfo;
 import android.content.pm.Signature;
+import android.content.pm.VerifierDeviceIdentity;
 import android.os.Binder;
 import android.os.Environment;
 import android.os.FileUtils;
@@ -86,7 +87,10 @@ final class Settings {
     // used to grant newer permissions one time during a system upgrade.
     int mInternalSdkPlatform;
     int mExternalSdkPlatform;
-    
+
+    /** Device identity for the purpose of package verification. */
+    private VerifierDeviceIdentity mVerifierDeviceIdentity;
+
     // The user's preferred activities associated with particular intent
     // filters.
     final IntentResolver<PreferredActivity, PreferredActivity> mPreferredActivities =
@@ -865,6 +869,12 @@ final class Settings {
             serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform));
             serializer.endTag(null, "last-platform-version");
             
+            if (mVerifierDeviceIdentity != null) {
+                serializer.startTag(null, "verifier");
+                serializer.attribute(null, "device", mVerifierDeviceIdentity.toString());
+                serializer.endTag(null, "verifier");
+            }
+
             serializer.startTag(null, "permission-trees");
             for (BasePermission bp : mPermissionTrees.values()) {
                 writePermissionLPr(serializer, bp);
@@ -1280,6 +1290,14 @@ final class Settings {
                         }
                     } catch (NumberFormatException e) {
                     }
+                } else if (tagName.equals("verifier")) {
+                    final String deviceIdentity = parser.getAttributeValue(null, "device");
+                    try {
+                        mVerifierDeviceIdentity = VerifierDeviceIdentity.parse(deviceIdentity);
+                    } catch (IllegalArgumentException e) {
+                        Slog.w(PackageManagerService.TAG, "Discard invalid verifier device id: "
+                                + e.getMessage());
+                    }
                 } else {
                     Slog.w(PackageManagerService.TAG, "Unknown element under <packages>: "
                             + parser.getName());
@@ -1894,6 +1912,16 @@ final class Settings {
         return PackageManagerService.FIRST_APPLICATION_UID + N;
     }
 
+    public VerifierDeviceIdentity getVerifierDeviceIdentityLPw() {
+        if (mVerifierDeviceIdentity == null) {
+            mVerifierDeviceIdentity = VerifierDeviceIdentity.generate();
+
+            writeLPr();
+        }
+
+        return mVerifierDeviceIdentity;
+    }
+
     public PackageSetting getDisabledSystemPkgLPr(String name) {
         PackageSetting ps = mDisabledSysPackages.get(name);
         return ps;
author	Kenny Root <kroot@google.com>	2011-09-12 16:42:55 -0700
committer	Kenny Root <kroot@google.com>	2011-09-13 16:02:43 -0700
commit	0aaa0d931716e9f57a1d84d795fab2df75092756 (patch)
tree	0ada5a585584199d757e73e891ef77960d3a5280 /services
parent	2f2eea704ef82878c7aa909a1f7dbdf19851b0fb (diff)
download	frameworks_base-0aaa0d931716e9f57a1d84d795fab2df75092756.zip frameworks_base-0aaa0d931716e9f57a1d84d795fab2df75092756.tar.gz frameworks_base-0aaa0d931716e9f57a1d84d795fab2df75092756.tar.bz2