Merge "Add verifier device identity"

services/java/com/android/server/pm/PackageManagerService.java

@@ -71,6 +71,7 @@ import android.content.pm.ServiceInfo;
 import android.content.pm.Signature;
 import android.content.pm.UserInfo;
 import android.content.pm.ManifestDigest;
+import android.content.pm.VerifierDeviceIdentity;
 import android.net.Uri;
 import android.os.Binder;
 import android.os.Build;
@@ -8405,4 +8406,15 @@ public class PackageManagerService extends IPackageManager.Stub {
         mUserManager.removeUser(userId);
         return true;
     }
+
+    @Override
+    public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+                "Only package verification agents can read the verifier device identity");
+
+        synchronized (mPackages) {
+            return mSettings.getVerifierDeviceIdentityLPw();
+        }
+    }
 }

services/java/com/android/server/pm/Settings.java

@@ -39,6 +39,7 @@ import android.content.pm.PackageManager;
 import android.content.pm.PackageParser;
 import android.content.pm.PermissionInfo;
 import android.content.pm.Signature;
+import android.content.pm.VerifierDeviceIdentity;
 import android.os.Binder;
 import android.os.Environment;
 import android.os.FileUtils;
@@ -86,7 +87,10 @@ final class Settings {
     // used to grant newer permissions one time during a system upgrade.
     int mInternalSdkPlatform;
     int mExternalSdkPlatform;
-    
+
+    /** Device identity for the purpose of package verification. */
+    private VerifierDeviceIdentity mVerifierDeviceIdentity;
+
     // The user's preferred activities associated with particular intent
     // filters.
     final IntentResolver<PreferredActivity, PreferredActivity> mPreferredActivities =
@@ -865,6 +869,12 @@ final class Settings {
             serializer.attribute(null, "external", Integer.toString(mExternalSdkPlatform));
             serializer.endTag(null, "last-platform-version");
             
+            if (mVerifierDeviceIdentity != null) {
+                serializer.startTag(null, "verifier");
+                serializer.attribute(null, "device", mVerifierDeviceIdentity.toString());
+                serializer.endTag(null, "verifier");
+            }
+
             serializer.startTag(null, "permission-trees");
             for (BasePermission bp : mPermissionTrees.values()) {
                 writePermissionLPr(serializer, bp);
@@ -1280,6 +1290,14 @@ final class Settings {
                         }
                     } catch (NumberFormatException e) {
                     }
+                } else if (tagName.equals("verifier")) {
+                    final String deviceIdentity = parser.getAttributeValue(null, "device");
+                    try {
+                        mVerifierDeviceIdentity = VerifierDeviceIdentity.parse(deviceIdentity);
+                    } catch (IllegalArgumentException e) {
+                        Slog.w(PackageManagerService.TAG, "Discard invalid verifier device id: "
+                                + e.getMessage());
+                    }
                 } else {
                     Slog.w(PackageManagerService.TAG, "Unknown element under <packages>: "
                             + parser.getName());
@@ -1894,6 +1912,16 @@ final class Settings {
         return PackageManagerService.FIRST_APPLICATION_UID + N;
     }
 
+    public VerifierDeviceIdentity getVerifierDeviceIdentityLPw() {
+        if (mVerifierDeviceIdentity == null) {
+            mVerifierDeviceIdentity = VerifierDeviceIdentity.generate();
+
+            writeLPr();
+        }
+
+        return mVerifierDeviceIdentity;
+    }
+
     public PackageSetting getDisabledSystemPkgLPr(String name) {
         PackageSetting ps = mDisabledSysPackages.get(name);
         return ps;