summaryrefslogtreecommitdiffstats
path: root/services/core/java/com/android/server/pm/PackageVerificationState.java
diff options
context:
space:
mode:
Diffstat (limited to 'services/core/java/com/android/server/pm/PackageVerificationState.java')
-rw-r--r--services/core/java/com/android/server/pm/PackageVerificationState.java170
1 files changed, 170 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/pm/PackageVerificationState.java b/services/core/java/com/android/server/pm/PackageVerificationState.java
new file mode 100644
index 0000000..3214e88
--- /dev/null
+++ b/services/core/java/com/android/server/pm/PackageVerificationState.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.pm;
+
+import com.android.server.pm.PackageManagerService.InstallArgs;
+
+import android.content.pm.PackageManager;
+import android.util.SparseBooleanArray;
+
+/**
+ * Tracks the package verification state for a particular package. Each package
+ * verification has a required verifier and zero or more sufficient verifiers.
+ * Only one of the sufficient verifier list must return affirmative to allow the
+ * package to be considered verified. If there are zero sufficient verifiers,
+ * then package verification is considered complete.
+ */
+class PackageVerificationState {
+ private final InstallArgs mArgs;
+
+ private final SparseBooleanArray mSufficientVerifierUids;
+
+ private final int mRequiredVerifierUid;
+
+ private boolean mSufficientVerificationComplete;
+
+ private boolean mSufficientVerificationPassed;
+
+ private boolean mRequiredVerificationComplete;
+
+ private boolean mRequiredVerificationPassed;
+
+ private boolean mExtendedTimeout;
+
+ /**
+ * Create a new package verification state where {@code requiredVerifierUid}
+ * is the user ID for the package that must reply affirmative before things
+ * can continue.
+ *
+ * @param requiredVerifierUid user ID of required package verifier
+ * @param args
+ */
+ public PackageVerificationState(int requiredVerifierUid, InstallArgs args) {
+ mRequiredVerifierUid = requiredVerifierUid;
+ mArgs = args;
+ mSufficientVerifierUids = new SparseBooleanArray();
+ mExtendedTimeout = false;
+ }
+
+ public InstallArgs getInstallArgs() {
+ return mArgs;
+ }
+
+ /**
+ * Add a verifier which is added to our sufficient list.
+ *
+ * @param uid user ID of sufficient verifier
+ */
+ public void addSufficientVerifier(int uid) {
+ mSufficientVerifierUids.put(uid, true);
+ }
+
+ /**
+ * Should be called when a verification is received from an agent so the
+ * state of the package verification can be tracked.
+ *
+ * @param uid user ID of the verifying agent
+ * @return {@code true} if the verifying agent actually exists in our list
+ */
+ public boolean setVerifierResponse(int uid, int code) {
+ if (uid == mRequiredVerifierUid) {
+ mRequiredVerificationComplete = true;
+ switch (code) {
+ case PackageManager.VERIFICATION_ALLOW_WITHOUT_SUFFICIENT:
+ mSufficientVerifierUids.clear();
+ // fall through
+ case PackageManager.VERIFICATION_ALLOW:
+ mRequiredVerificationPassed = true;
+ break;
+ default:
+ mRequiredVerificationPassed = false;
+ }
+ return true;
+ } else {
+ if (mSufficientVerifierUids.get(uid)) {
+ if (code == PackageManager.VERIFICATION_ALLOW) {
+ mSufficientVerificationComplete = true;
+ mSufficientVerificationPassed = true;
+ }
+
+ mSufficientVerifierUids.delete(uid);
+ if (mSufficientVerifierUids.size() == 0) {
+ mSufficientVerificationComplete = true;
+ }
+
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Returns whether verification is considered complete. This means that the
+ * required verifier and at least one of the sufficient verifiers has
+ * returned a positive verification.
+ *
+ * @return {@code true} when verification is considered complete
+ */
+ public boolean isVerificationComplete() {
+ if (!mRequiredVerificationComplete) {
+ return false;
+ }
+
+ if (mSufficientVerifierUids.size() == 0) {
+ return true;
+ }
+
+ return mSufficientVerificationComplete;
+ }
+
+ /**
+ * Returns whether installation should be allowed. This should only be
+ * called after {@link #isVerificationComplete()} returns {@code true}.
+ *
+ * @return {@code true} if installation should be allowed
+ */
+ public boolean isInstallAllowed() {
+ if (!mRequiredVerificationPassed) {
+ return false;
+ }
+
+ if (mSufficientVerificationComplete) {
+ return mSufficientVerificationPassed;
+ }
+
+ return true;
+ }
+
+ /**
+ * Extend the timeout for this Package to be verified.
+ */
+ public void extendTimeout() {
+ if (!mExtendedTimeout) {
+ mExtendedTimeout = true;
+ }
+ }
+
+ /**
+ * Returns whether the timeout was extended for verification.
+ *
+ * @return {@code true} if a timeout was already extended.
+ */
+ public boolean timeoutExtended() {
+ return mExtendedTimeout;
+ }
+}
generated by cgit v1.1 at 2024-06-11 01:59:02 +0000