1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.os;
18 
19 import static java.util.Objects.requireNonNull;
20 
21 import android.annotation.FlaggedApi;
22 import android.annotation.NonNull;
23 import android.annotation.SystemService;
24 import android.content.Context;
25 
26 /**
27  * SecurityStateManager provides the functionality to query the security status of the system and
28  * platform components. For example, this includes the system and vendor security patch level.
29  */
30 @FlaggedApi(Flags.FLAG_SECURITY_STATE_SERVICE)
31 @SystemService(Context.SECURITY_STATE_SERVICE)
32 public class SecurityStateManager {
33 
34     /**
35      * The system SPL key returned as part of the {@code Bundle} from
36      * {@code getGlobalSecurityState}.
37      */
38     public static final String KEY_SYSTEM_SPL = "system_spl";
39 
40     /**
41      * The vendor SPL key returned as part of the {@code Bundle} from
42      * {@code getGlobalSecurityState}.
43      */
44     public static final String KEY_VENDOR_SPL = "vendor_spl";
45 
46     /**
47      * The kernel version key returned as part of the {@code Bundle} from
48      * {@code getGlobalSecurityState}.
49      */
50     public static final String KEY_KERNEL_VERSION = "kernel_version";
51 
52     private final ISecurityStateManager mService;
53 
54     /**
55      * @hide
56      */
SecurityStateManager(ISecurityStateManager service)57     public SecurityStateManager(ISecurityStateManager service) {
58         mService = requireNonNull(service, "missing ISecurityStateManager");
59     }
60 
61     /**
62      * Returns the current global security state. Each key-value pair is a mapping of a component
63      * of the global security state to its current version/SPL (security patch level). For example,
64      * the {@code KEY_SYSTEM_SPL} key will map to the SPL of the system as defined in
65      * {@link android.os.Build.VERSION}. The bundle will also include mappings from WebView packages
66      * and packages listed under config {@code config_securityStatePackages} to their respective
67      * versions as defined in {@link android.content.pm.PackageInfo#versionName}.
68      *
69      * @return A {@code Bundle} that contains the global security state information as
70      * string-to-string key-value pairs.
71      */
72     @FlaggedApi(Flags.FLAG_SECURITY_STATE_SERVICE)
73     @NonNull
getGlobalSecurityState()74     public Bundle getGlobalSecurityState() {
75         try {
76             return mService.getGlobalSecurityState();
77         } catch (RemoteException re) {
78             throw re.rethrowFromSystemServer();
79         }
80     }
81 }
82