1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.content.integrity; 18 19 import android.annotation.NonNull; 20 import android.os.Parcel; 21 import android.os.Parcelable; 22 23 import java.util.Map; 24 25 /** 26 * An atomic formula that evaluates to true if the installer of the current install is specified in 27 * the "allowed installer" field in the android manifest. Note that an empty "allowed installer" by 28 * default means containing all possible installers. 29 * 30 * @hide 31 */ 32 public class InstallerAllowedByManifestFormula extends IntegrityFormula implements Parcelable { 33 34 public static final String INSTALLER_CERTIFICATE_NOT_EVALUATED = ""; 35 InstallerAllowedByManifestFormula()36 public InstallerAllowedByManifestFormula() { 37 } 38 InstallerAllowedByManifestFormula(Parcel in)39 private InstallerAllowedByManifestFormula(Parcel in) { 40 } 41 42 @NonNull 43 public static final Creator<InstallerAllowedByManifestFormula> CREATOR = 44 new Creator<InstallerAllowedByManifestFormula>() { 45 @Override 46 public InstallerAllowedByManifestFormula createFromParcel(Parcel in) { 47 return new InstallerAllowedByManifestFormula(in); 48 } 49 50 @Override 51 public InstallerAllowedByManifestFormula[] newArray(int size) { 52 return new InstallerAllowedByManifestFormula[size]; 53 } 54 }; 55 56 @Override getTag()57 public int getTag() { 58 return IntegrityFormula.INSTALLER_ALLOWED_BY_MANIFEST_FORMULA_TAG; 59 } 60 61 @Override matches(AppInstallMetadata appInstallMetadata)62 public boolean matches(AppInstallMetadata appInstallMetadata) { 63 Map<String, String> allowedInstallersAndCertificates = 64 appInstallMetadata.getAllowedInstallersAndCertificates(); 65 return allowedInstallersAndCertificates.isEmpty() 66 || installerInAllowedInstallersFromManifest( 67 appInstallMetadata, allowedInstallersAndCertificates); 68 } 69 70 @Override isAppCertificateFormula()71 public boolean isAppCertificateFormula() { 72 return false; 73 } 74 75 @Override isAppCertificateLineageFormula()76 public boolean isAppCertificateLineageFormula() { 77 return false; 78 } 79 80 @Override isInstallerFormula()81 public boolean isInstallerFormula() { 82 return true; 83 } 84 installerInAllowedInstallersFromManifest( AppInstallMetadata appInstallMetadata, Map<String, String> allowedInstallersAndCertificates)85 private static boolean installerInAllowedInstallersFromManifest( 86 AppInstallMetadata appInstallMetadata, 87 Map<String, String> allowedInstallersAndCertificates) { 88 String installerPackage = appInstallMetadata.getInstallerName(); 89 90 if (!allowedInstallersAndCertificates.containsKey(installerPackage)) { 91 return false; 92 } 93 94 // If certificate is not specified in the manifest, we do not check it. 95 if (!allowedInstallersAndCertificates.get(installerPackage) 96 .equals(INSTALLER_CERTIFICATE_NOT_EVALUATED)) { 97 return appInstallMetadata.getInstallerCertificates() 98 .contains( 99 allowedInstallersAndCertificates 100 .get(appInstallMetadata.getInstallerName())); 101 } 102 103 return true; 104 } 105 106 @Override describeContents()107 public int describeContents() { 108 return 0; 109 } 110 111 @Override writeToParcel(Parcel dest, int flags)112 public void writeToParcel(Parcel dest, int flags) { 113 } 114 } 115