From 55b676bc4fa0212503c07de9010b838f8b232814 Mon Sep 17 00:00:00 2001 From: Christopher Tate Date: Thu, 19 Mar 2020 15:24:56 -0700 Subject: [PATCH] Only autoVerify at install for new hosts Re-run app link verification at update time only when the set of hosts has expanded. Intentionally revoke verify history when an app stops using autoVerify, as a one-time measure to place it back into the non-autoverify model for tracking the user's launch preferences. If the app starts using autoVerify again later, it behaves identically to an app that has never done so before. In the included AutoVerify test apks (all the same package name): app1 recognizes 1 host app2 recognizes the same host plus a different wildcard app3 has the same hosts as app1 but does not autoVerify app4 has the same hosts as app2 but does not autoVerify Bug: 151475497 Test: install AutoVerify app1, set to 'always', install app2, observe that it is demoted out of always Test: install app1 apk, set 'always', install app1 again, observe that no verification run is performed Test: install app2 apk, set 'always', install app1, observe that no verification run is performed Test: install app1 apk, verify still undefined/ask, install app1 again, observe that a verification is performed Test: install app2 apk, set 'always', install app1, observe that no verification run is performed, install app2 again, observe that it is reverified (and demoted out of always when verification fails) Test: install app1 apk, set 'always', install app3 apk, observe that no verification is performed & it remains in always Test: install app1 apk, set 'always', install app4 apk, observe that no verification is performed but it is demoted out of always Change-Id: I200d85085ce79842a3ed39377d1f75ec381c8991 --- .../server/pm/PackageManagerService.java | 116 +++++++++++++----- .../java/com/android/server/pm/Settings.java | 10 +- tests/AutoVerify/app1/Android.bp | 11 ++ tests/AutoVerify/app1/AndroidManifest.xml | 43 +++++++ tests/AutoVerify/app1/res/values/strings.xml | 21 ++++ .../android/test/autoverify/MainActivity.java | 15 +++ tests/AutoVerify/app2/Android.bp | 11 ++ tests/AutoVerify/app2/AndroidManifest.xml | 44 +++++++ tests/AutoVerify/app2/res/values/strings.xml | 21 ++++ .../android/test/autoverify/MainActivity.java | 15 +++ tests/AutoVerify/app3/Android.bp | 11 ++ tests/AutoVerify/app3/AndroidManifest.xml | 44 +++++++ tests/AutoVerify/app3/res/values/strings.xml | 21 ++++ .../android/test/autoverify/MainActivity.java | 15 +++ tests/AutoVerify/app4/Android.bp | 11 ++ tests/AutoVerify/app4/AndroidManifest.xml | 45 +++++++ tests/AutoVerify/app4/res/values/strings.xml | 21 ++++ .../android/test/autoverify/MainActivity.java | 15 +++ 18 files changed, 454 insertions(+), 36 deletions(-) create mode 100644 tests/AutoVerify/app1/Android.bp create mode 100644 tests/AutoVerify/app1/AndroidManifest.xml create mode 100644 tests/AutoVerify/app1/res/values/strings.xml create mode 100644 tests/AutoVerify/app1/src/com/android/test/autoverify/MainActivity.java create mode 100644 tests/AutoVerify/app2/Android.bp create mode 100644 tests/AutoVerify/app2/AndroidManifest.xml create mode 100644 tests/AutoVerify/app2/res/values/strings.xml create mode 100644 tests/AutoVerify/app2/src/com/android/test/autoverify/MainActivity.java create mode 100644 tests/AutoVerify/app3/Android.bp create mode 100644 tests/AutoVerify/app3/AndroidManifest.xml create mode 100644 tests/AutoVerify/app3/res/values/strings.xml create mode 100644 tests/AutoVerify/app3/src/com/android/test/autoverify/MainActivity.java create mode 100644 tests/AutoVerify/app4/Android.bp create mode 100644 tests/AutoVerify/app4/AndroidManifest.xml create mode 100644 tests/AutoVerify/app4/res/values/strings.xml create mode 100644 tests/AutoVerify/app4/src/com/android/test/autoverify/MainActivity.java diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index e4b4bfd7e1881..f0da25eaf10cc 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -1346,13 +1346,6 @@ public class PackageManagerService extends IPackageManager.Stub int updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED; boolean needUpdate = false; - if (DEBUG_DOMAIN_VERIFICATION) { - Slog.d(TAG, - "Updating IntentFilterVerificationInfo for package " + packageName - + " verificationId:" + verificationId - + " verified=" + verified); - } - // In a success case, we promote from undefined or ASK to ALWAYS. This // supports a flow where the app fails validation but then ships an updated // APK that passes, and therefore deserves to be in ALWAYS. @@ -17632,65 +17625,120 @@ public class PackageManagerService extends IPackageManager.Stub + " Activities needs verification ..."); int count = 0; - + boolean handlesWebUris = false; + ArraySet domains = new ArraySet<>(); + final boolean previouslyVerified; + boolean hostSetExpanded = false; + boolean needToRunVerify = false; synchronized (mLock) { // If this is a new install and we see that we've already run verification for this // package, we have nothing to do: it means the state was restored from backup. - if (!replacing) { - IntentFilterVerificationInfo ivi = - mSettings.getIntentFilterVerificationLPr(packageName); - if (ivi != null) { - if (DEBUG_DOMAIN_VERIFICATION) { - Slog.i(TAG, "Package " + packageName+ " already verified: status=" - + ivi.getStatusString()); - } - return; + IntentFilterVerificationInfo ivi = + mSettings.getIntentFilterVerificationLPr(packageName); + previouslyVerified = (ivi != null); + if (!replacing && previouslyVerified) { + if (DEBUG_DOMAIN_VERIFICATION) { + Slog.i(TAG, "Package " + packageName + " already verified: status=" + + ivi.getStatusString()); } + return; } - // If any filters need to be verified, then all need to be. - boolean needToVerify = false; + if (DEBUG_DOMAIN_VERIFICATION) { + Slog.i(TAG, " Previous verified hosts: " + + (ivi == null ? "[none]" : ivi.getDomainsString())); + } + + // If any filters need to be verified, then all need to be. In addition, we need to + // know whether an updating app has any web navigation intent filters, to re- + // examine handling policy even if not re-verifying. + final boolean needsVerification = needsNetworkVerificationLPr(packageName); for (ParsedActivity a : activities) { for (ParsedIntentInfo filter : a.getIntents()) { - if (filter.needsVerification() - && needsNetworkVerificationLPr(a.getPackageName())) { + if (filter.handlesWebUris(true)) { + handlesWebUris = true; + } + if (needsVerification && filter.needsVerification()) { if (DEBUG_DOMAIN_VERIFICATION) { - Slog.d(TAG, - "Intent filter needs verification, so processing all filters"); + Slog.d(TAG, "autoVerify requested, processing all filters"); } - needToVerify = true; + needToRunVerify = true; + // It's safe to break out here because filter.needsVerification() + // can only be true if filter.handlesWebUris(true) returned true, so + // we've already noted that. break; } } } - if (needToVerify) { - final boolean needsVerification = needsNetworkVerificationLPr(packageName); + // Compare the new set of recognized hosts if the app is either requesting + // autoVerify or has previously used autoVerify but no longer does. + if (needToRunVerify || previouslyVerified) { final int verificationId = mIntentFilterVerificationToken++; for (ParsedActivity a : activities) { for (ParsedIntentInfo filter : a.getIntents()) { // Run verification against hosts mentioned in any web-nav intent filter, // even if the filter matches non-web schemes as well - if (needsVerification && filter.handlesWebUris(false)) { + if (filter.handlesWebUris(false /*onlyWebSchemes*/)) { if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Verification needed for IntentFilter:" + filter.toString()); mIntentFilterVerifier.addOneIntentFilterVerification( verifierUid, userId, verificationId, filter, packageName); + domains.addAll(filter.getHostsList()); count++; } } } } + + if (DEBUG_DOMAIN_VERIFICATION) { + Slog.i(TAG, " Update published hosts: " + domains.toString()); + } + + // If we've previously verified this same host set (or a subset), we can trust that + // a current ALWAYS policy is still applicable. If this is the case, we're done. + // (If we aren't in ALWAYS, we want to reverify to allow for apps that had failing + // hosts in their intent filters, then pushed a new apk that removed them and now + // passes.) + // + // Cases: + // + still autoVerify (needToRunVerify): + // - preserve current state if all of: unexpanded, in always + // - otherwise rerun as usual (fall through) + // + no longer autoVerify (alreadyVerified && !needToRunVerify) + // - wipe verification history always + // - preserve current state if all of: unexpanded, in always + hostSetExpanded = !previouslyVerified + || (ivi != null && !ivi.getDomains().containsAll(domains)); + final int currentPolicy = + mSettings.getIntentFilterVerificationStatusLPr(packageName, userId); + final boolean keepCurState = !hostSetExpanded + && currentPolicy == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS; + + if (needToRunVerify && keepCurState) { + if (DEBUG_DOMAIN_VERIFICATION) { + Slog.i(TAG, "Host set not expanding + ALWAYS -> no need to reverify"); + } + ivi.setDomains(domains); + scheduleWriteSettingsLocked(); + return; + } else if (previouslyVerified && !needToRunVerify) { + // Prior autoVerify state but not requesting it now. Clear autoVerify history, + // and preserve the always policy iff the host set is not expanding. + clearIntentFilterVerificationsLPw(packageName, userId, !keepCurState); + return; + } } - if (count > 0) { + if (needToRunVerify && count > 0) { + // app requested autoVerify and has at least one matching intent filter if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Starting " + count + " IntentFilter verification" + (count > 1 ? "s" : "") + " for userId:" + userId); mIntentFilterVerifier.startVerifications(userId); } else { if (DEBUG_DOMAIN_VERIFICATION) { - Slog.d(TAG, "No filters or not all autoVerify for " + packageName); + Slog.d(TAG, "No web filters or no new host policy for " + packageName); } } } @@ -18395,7 +18443,7 @@ public class PackageManagerService extends IPackageManager.Stub if ((flags & PackageManager.DELETE_KEEP_DATA) == 0) { final SparseBooleanArray changedUsers = new SparseBooleanArray(); synchronized (mLock) { - clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL); + clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL, true); clearDefaultBrowserIfNeeded(packageName); mSettings.mKeySetManagerService.removeAppKeySetDataLPw(packageName); removedAppId = mSettings.removePackageLPw(packageName); @@ -19488,13 +19536,14 @@ public class PackageManagerService extends IPackageManager.Stub final int packageCount = mPackages.size(); for (int i = 0; i < packageCount; i++) { AndroidPackage pkg = mPackages.valueAt(i); - clearIntentFilterVerificationsLPw(pkg.getPackageName(), userId); + clearIntentFilterVerificationsLPw(pkg.getPackageName(), userId, true); } } /** This method takes a specific user id as well as UserHandle.USER_ALL. */ @GuardedBy("mLock") - void clearIntentFilterVerificationsLPw(String packageName, int userId) { + void clearIntentFilterVerificationsLPw(String packageName, int userId, + boolean alsoResetStatus) { if (userId == UserHandle.USER_ALL) { if (mSettings.removeIntentFilterVerificationLPw(packageName, mUserManager.getUserIds())) { @@ -19503,7 +19552,8 @@ public class PackageManagerService extends IPackageManager.Stub } } } else { - if (mSettings.removeIntentFilterVerificationLPw(packageName, userId)) { + if (mSettings.removeIntentFilterVerificationLPw(packageName, userId, + alsoResetStatus)) { scheduleWritePackageRestrictionsLocked(userId); } } diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java index 53c057a58a152..44a61d895be54 100644 --- a/services/core/java/com/android/server/pm/Settings.java +++ b/services/core/java/com/android/server/pm/Settings.java @@ -1282,7 +1282,8 @@ public final class Settings { return result; } - boolean removeIntentFilterVerificationLPw(String packageName, int userId) { + boolean removeIntentFilterVerificationLPw(String packageName, int userId, + boolean alsoResetStatus) { PackageSetting ps = mPackages.get(packageName); if (ps == null) { if (DEBUG_DOMAIN_VERIFICATION) { @@ -1290,14 +1291,17 @@ public final class Settings { } return false; } - ps.clearDomainVerificationStatusForUser(userId); + if (alsoResetStatus) { + ps.clearDomainVerificationStatusForUser(userId); + } + ps.setIntentFilterVerificationInfo(null); return true; } boolean removeIntentFilterVerificationLPw(String packageName, int[] userIds) { boolean result = false; for (int userId : userIds) { - result |= removeIntentFilterVerificationLPw(packageName, userId); + result |= removeIntentFilterVerificationLPw(packageName, userId, true); } return result; } diff --git a/tests/AutoVerify/app1/Android.bp b/tests/AutoVerify/app1/Android.bp new file mode 100644 index 0000000000000..548519fa653b0 --- /dev/null +++ b/tests/AutoVerify/app1/Android.bp @@ -0,0 +1,11 @@ +android_app { + name: "AutoVerifyTest", + srcs: ["src/**/*.java"], + resource_dirs: ["res"], + platform_apis: true, + min_sdk_version: "26", + target_sdk_version: "26", + optimize: { + enabled: false, + }, +} diff --git a/tests/AutoVerify/app1/AndroidManifest.xml b/tests/AutoVerify/app1/AndroidManifest.xml new file mode 100644 index 0000000000000..d9caad490d822 --- /dev/null +++ b/tests/AutoVerify/app1/AndroidManifest.xml @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/AutoVerify/app1/res/values/strings.xml b/tests/AutoVerify/app1/res/values/strings.xml new file mode 100644 index 0000000000000..e234355041c67 --- /dev/null +++ b/tests/AutoVerify/app1/res/values/strings.xml @@ -0,0 +1,21 @@ + + + + + + AutoVerify Test + diff --git a/tests/AutoVerify/app1/src/com/android/test/autoverify/MainActivity.java b/tests/AutoVerify/app1/src/com/android/test/autoverify/MainActivity.java new file mode 100644 index 0000000000000..09ef47212622e --- /dev/null +++ b/tests/AutoVerify/app1/src/com/android/test/autoverify/MainActivity.java @@ -0,0 +1,15 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ diff --git a/tests/AutoVerify/app2/Android.bp b/tests/AutoVerify/app2/Android.bp new file mode 100644 index 0000000000000..1c6c97bdf3503 --- /dev/null +++ b/tests/AutoVerify/app2/Android.bp @@ -0,0 +1,11 @@ +android_app { + name: "AutoVerifyTest2", + srcs: ["src/**/*.java"], + resource_dirs: ["res"], + platform_apis: true, + min_sdk_version: "26", + target_sdk_version: "26", + optimize: { + enabled: false, + }, +} diff --git a/tests/AutoVerify/app2/AndroidManifest.xml b/tests/AutoVerify/app2/AndroidManifest.xml new file mode 100644 index 0000000000000..a00807883cfcf --- /dev/null +++ b/tests/AutoVerify/app2/AndroidManifest.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/AutoVerify/app2/res/values/strings.xml b/tests/AutoVerify/app2/res/values/strings.xml new file mode 100644 index 0000000000000..e234355041c67 --- /dev/null +++ b/tests/AutoVerify/app2/res/values/strings.xml @@ -0,0 +1,21 @@ + + + + + + AutoVerify Test + diff --git a/tests/AutoVerify/app2/src/com/android/test/autoverify/MainActivity.java b/tests/AutoVerify/app2/src/com/android/test/autoverify/MainActivity.java new file mode 100644 index 0000000000000..09ef47212622e --- /dev/null +++ b/tests/AutoVerify/app2/src/com/android/test/autoverify/MainActivity.java @@ -0,0 +1,15 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ diff --git a/tests/AutoVerify/app3/Android.bp b/tests/AutoVerify/app3/Android.bp new file mode 100644 index 0000000000000..70a2b77d10009 --- /dev/null +++ b/tests/AutoVerify/app3/Android.bp @@ -0,0 +1,11 @@ +android_app { + name: "AutoVerifyTest3", + srcs: ["src/**/*.java"], + resource_dirs: ["res"], + platform_apis: true, + min_sdk_version: "26", + target_sdk_version: "26", + optimize: { + enabled: false, + }, +} diff --git a/tests/AutoVerify/app3/AndroidManifest.xml b/tests/AutoVerify/app3/AndroidManifest.xml new file mode 100644 index 0000000000000..efaabc9a38d3f --- /dev/null +++ b/tests/AutoVerify/app3/AndroidManifest.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/AutoVerify/app3/res/values/strings.xml b/tests/AutoVerify/app3/res/values/strings.xml new file mode 100644 index 0000000000000..e234355041c67 --- /dev/null +++ b/tests/AutoVerify/app3/res/values/strings.xml @@ -0,0 +1,21 @@ + + + + + + AutoVerify Test + diff --git a/tests/AutoVerify/app3/src/com/android/test/autoverify/MainActivity.java b/tests/AutoVerify/app3/src/com/android/test/autoverify/MainActivity.java new file mode 100644 index 0000000000000..09ef47212622e --- /dev/null +++ b/tests/AutoVerify/app3/src/com/android/test/autoverify/MainActivity.java @@ -0,0 +1,15 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ diff --git a/tests/AutoVerify/app4/Android.bp b/tests/AutoVerify/app4/Android.bp new file mode 100644 index 0000000000000..fbdae1181a7a1 --- /dev/null +++ b/tests/AutoVerify/app4/Android.bp @@ -0,0 +1,11 @@ +android_app { + name: "AutoVerifyTest4", + srcs: ["src/**/*.java"], + resource_dirs: ["res"], + platform_apis: true, + min_sdk_version: "26", + target_sdk_version: "26", + optimize: { + enabled: false, + }, +} diff --git a/tests/AutoVerify/app4/AndroidManifest.xml b/tests/AutoVerify/app4/AndroidManifest.xml new file mode 100644 index 0000000000000..1c975f8336c9b --- /dev/null +++ b/tests/AutoVerify/app4/AndroidManifest.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/AutoVerify/app4/res/values/strings.xml b/tests/AutoVerify/app4/res/values/strings.xml new file mode 100644 index 0000000000000..e234355041c67 --- /dev/null +++ b/tests/AutoVerify/app4/res/values/strings.xml @@ -0,0 +1,21 @@ + + + + + + AutoVerify Test + diff --git a/tests/AutoVerify/app4/src/com/android/test/autoverify/MainActivity.java b/tests/AutoVerify/app4/src/com/android/test/autoverify/MainActivity.java new file mode 100644 index 0000000000000..09ef47212622e --- /dev/null +++ b/tests/AutoVerify/app4/src/com/android/test/autoverify/MainActivity.java @@ -0,0 +1,15 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */