1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.ondevicepersonalization.services.enrollment;
18 
19 import com.android.odp.module.common.PackageUtils;
20 import com.android.ondevicepersonalization.internal.util.LoggerFactory;
21 import com.android.ondevicepersonalization.services.FlagsFactory;
22 import com.android.ondevicepersonalization.services.OnDevicePersonalizationApplication;
23 import com.android.ondevicepersonalization.services.util.AllowListUtils;
24 
25 /** Check if an entity is enrolled to call ODP */
26 public class PartnerEnrollmentChecker {
27 
28     private static final LoggerFactory.Logger sLogger = LoggerFactory.getLogger();
29     private static final String TAG = PartnerEnrollmentChecker.class.getSimpleName();
30 
31     /** check if a caller app is enrolled based on package name and certificate*/
isCallerAppEnrolled(final String packageName)32     public static boolean isCallerAppEnrolled(final String packageName) {
33         boolean isEnrolled = true;
34 
35         // Enrollment check #1: packageName or packageName + certificate should be in allow list
36         final String callerAppAllowList = FlagsFactory.getFlags().getCallerAppAllowList();
37         String packageCertificate = null;
38         try {
39             packageCertificate =
40                     PackageUtils.getCertDigest(
41                             OnDevicePersonalizationApplication.getAppContext(), packageName);
42         } catch (Exception e) {
43             sLogger.d(TAG + ": not able to find certificate for package " + packageName, e);
44         }
45 
46         boolean isCallerAppAllowListed = AllowListUtils.isAllowListed(
47                 packageName,
48                 packageCertificate,
49                 callerAppAllowList);
50         isEnrolled = isEnrolled && isCallerAppAllowListed;
51         if (!isEnrolled) {
52             return isEnrolled;
53         }
54 
55         // Add more enrollment checks below
56         return isEnrolled;
57     }
58 
59     /** check if an isolated service is enrolled based on package name and certificate*/
isIsolatedServiceEnrolled(final String packageName)60     public static boolean isIsolatedServiceEnrolled(final String packageName) {
61         boolean isEnrolled = true;
62 
63         // Enrollment check #1: packageName or packageName + certificate should be in allow list
64         final String isolatedServiceAllowList =
65                 FlagsFactory.getFlags().getIsolatedServiceAllowList();
66         String packageCertificate = null;
67         try {
68             packageCertificate =
69                     PackageUtils.getCertDigest(
70                             OnDevicePersonalizationApplication.getAppContext(), packageName);
71         } catch (Exception e) {
72             sLogger.d(TAG + ": not able to find certificate for package " + packageName, e);
73         }
74 
75         boolean isIsolatedServiceAllowListed = AllowListUtils.isAllowListed(
76                 packageName,
77                 packageCertificate,
78                 isolatedServiceAllowList);
79         isEnrolled = isEnrolled && isIsolatedServiceAllowListed;
80         if (!isEnrolled) {
81             return isEnrolled;
82         }
83 
84         // Add more enrollment checks below
85         return isEnrolled;
86     }
87 }
88