/*
|
* Copyright (C) 2016 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
package com.android.server.pm;
|
|
import android.annotation.NonNull;
|
import android.annotation.UserIdInt;
|
import android.content.pm.PackageInfo;
|
import android.content.pm.PackageManagerInternal;
|
import android.content.pm.ShortcutInfo;
|
import android.content.pm.Signature;
|
import android.content.pm.SigningInfo;
|
import android.util.Slog;
|
|
import com.android.internal.annotations.VisibleForTesting;
|
import com.android.server.LocalServices;
|
import com.android.server.backup.BackupUtils;
|
|
import libcore.util.HexEncoding;
|
|
import org.xmlpull.v1.XmlPullParser;
|
import org.xmlpull.v1.XmlPullParserException;
|
import org.xmlpull.v1.XmlSerializer;
|
|
import java.io.IOException;
|
import java.io.PrintWriter;
|
import java.util.ArrayList;
|
import java.util.Base64;
|
|
/**
|
* Package information used by {@link android.content.pm.ShortcutManager} for backup / restore.
|
*
|
* All methods should be guarded by {@code ShortcutService.mLock}.
|
*/
|
class ShortcutPackageInfo {
|
private static final String TAG = ShortcutService.TAG;
|
|
static final String TAG_ROOT = "package-info";
|
private static final String ATTR_VERSION = "version";
|
private static final String ATTR_LAST_UPDATE_TIME = "last_udpate_time";
|
private static final String ATTR_BACKUP_SOURCE_VERSION = "bk_src_version";
|
private static final String ATTR_BACKUP_ALLOWED = "allow-backup";
|
private static final String ATTR_BACKUP_ALLOWED_INITIALIZED = "allow-backup-initialized";
|
private static final String ATTR_BACKUP_SOURCE_BACKUP_ALLOWED = "bk_src_backup-allowed";
|
private static final String ATTR_SHADOW = "shadow";
|
|
private static final String TAG_SIGNATURE = "signature";
|
private static final String ATTR_SIGNATURE_HASH = "hash";
|
|
/**
|
* When true, this package information was restored from the previous device, and the app hasn't
|
* been installed yet.
|
*/
|
private boolean mIsShadow;
|
private long mVersionCode = ShortcutInfo.VERSION_CODE_UNKNOWN;
|
private long mBackupSourceVersionCode = ShortcutInfo.VERSION_CODE_UNKNOWN;
|
private long mLastUpdateTime;
|
private ArrayList<byte[]> mSigHashes;
|
|
// mBackupAllowed didn't used to be parsisted, so we don't restore it from a file.
|
// mBackupAllowed will always start with false, and will have been updated before making a
|
// backup next time, which works file.
|
// We just don't want to print an uninitialzied mBackupAlldowed value on dumpsys, so
|
// we use this boolean to control dumpsys.
|
private boolean mBackupAllowedInitialized;
|
private boolean mBackupAllowed;
|
private boolean mBackupSourceBackupAllowed;
|
|
private ShortcutPackageInfo(long versionCode, long lastUpdateTime,
|
ArrayList<byte[]> sigHashes, boolean isShadow) {
|
mVersionCode = versionCode;
|
mLastUpdateTime = lastUpdateTime;
|
mIsShadow = isShadow;
|
mSigHashes = sigHashes;
|
mBackupAllowed = false; // By default, we assume false.
|
mBackupSourceBackupAllowed = false;
|
}
|
|
public static ShortcutPackageInfo newEmpty() {
|
return new ShortcutPackageInfo(ShortcutInfo.VERSION_CODE_UNKNOWN, /* last update time =*/ 0,
|
new ArrayList<>(0), /* isShadow */ false);
|
}
|
|
public boolean isShadow() {
|
return mIsShadow;
|
}
|
|
public void setShadow(boolean shadow) {
|
mIsShadow = shadow;
|
}
|
|
public long getVersionCode() {
|
return mVersionCode;
|
}
|
|
public long getBackupSourceVersionCode() {
|
return mBackupSourceVersionCode;
|
}
|
|
@VisibleForTesting
|
public boolean isBackupSourceBackupAllowed() {
|
return mBackupSourceBackupAllowed;
|
}
|
|
public long getLastUpdateTime() {
|
return mLastUpdateTime;
|
}
|
|
public boolean isBackupAllowed() {
|
return mBackupAllowed;
|
}
|
|
/**
|
* Set {@link #mVersionCode}, {@link #mLastUpdateTime} and {@link #mBackupAllowed}
|
* from a {@link PackageInfo}.
|
*/
|
public void updateFromPackageInfo(@NonNull PackageInfo pi) {
|
if (pi != null) {
|
mVersionCode = pi.getLongVersionCode();
|
mLastUpdateTime = pi.lastUpdateTime;
|
mBackupAllowed = ShortcutService.shouldBackupApp(pi);
|
mBackupAllowedInitialized = true;
|
}
|
}
|
|
public boolean hasSignatures() {
|
return mSigHashes.size() > 0;
|
}
|
|
//@DisabledReason
|
public int canRestoreTo(ShortcutService s, PackageInfo currentPackage, boolean anyVersionOkay) {
|
PackageManagerInternal pmi = LocalServices.getService(PackageManagerInternal.class);
|
if (!BackupUtils.signaturesMatch(mSigHashes, currentPackage, pmi)) {
|
Slog.w(TAG, "Can't restore: Package signature mismatch");
|
return ShortcutInfo.DISABLED_REASON_SIGNATURE_MISMATCH;
|
}
|
if (!ShortcutService.shouldBackupApp(currentPackage) || !mBackupSourceBackupAllowed) {
|
// "allowBackup" was true when backed up, but now false.
|
Slog.w(TAG, "Can't restore: package didn't or doesn't allow backup");
|
return ShortcutInfo.DISABLED_REASON_BACKUP_NOT_SUPPORTED;
|
}
|
if (!anyVersionOkay && (currentPackage.getLongVersionCode() < mBackupSourceVersionCode)) {
|
Slog.w(TAG, String.format(
|
"Can't restore: package current version %d < backed up version %d",
|
currentPackage.getLongVersionCode(), mBackupSourceVersionCode));
|
return ShortcutInfo.DISABLED_REASON_VERSION_LOWER;
|
}
|
return ShortcutInfo.DISABLED_REASON_NOT_DISABLED;
|
}
|
|
@VisibleForTesting
|
public static ShortcutPackageInfo generateForInstalledPackageForTest(
|
ShortcutService s, String packageName, @UserIdInt int packageUserId) {
|
final PackageInfo pi = s.getPackageInfoWithSignatures(packageName, packageUserId);
|
// retrieve the newest sigs
|
SigningInfo signingInfo = pi.signingInfo;
|
if (signingInfo == null) {
|
Slog.e(TAG, "Can't get signatures: package=" + packageName);
|
return null;
|
}
|
// TODO (b/73988180) use entire signing history in case of rollbacks
|
Signature[] signatures = signingInfo.getApkContentsSigners();
|
final ShortcutPackageInfo ret = new ShortcutPackageInfo(pi.getLongVersionCode(),
|
pi.lastUpdateTime, BackupUtils.hashSignatureArray(signatures), /* shadow=*/ false);
|
|
ret.mBackupSourceBackupAllowed = s.shouldBackupApp(pi);
|
ret.mBackupSourceVersionCode = pi.getLongVersionCode();
|
return ret;
|
}
|
|
public void refreshSignature(ShortcutService s, ShortcutPackageItem pkg) {
|
if (mIsShadow) {
|
s.wtf("Attempted to refresh package info for shadow package " + pkg.getPackageName()
|
+ ", user=" + pkg.getOwnerUserId());
|
return;
|
}
|
// Note use mUserId here, rather than userId.
|
final PackageInfo pi = s.getPackageInfoWithSignatures(
|
pkg.getPackageName(), pkg.getPackageUserId());
|
if (pi == null) {
|
Slog.w(TAG, "Package not found: " + pkg.getPackageName());
|
return;
|
}
|
// retrieve the newest sigs
|
SigningInfo signingInfo = pi.signingInfo;
|
if (signingInfo == null) {
|
Slog.w(TAG, "Not refreshing signature for " + pkg.getPackageName()
|
+ " since it appears to have no signing info.");
|
return;
|
}
|
// TODO (b/73988180) use entire signing history in case of rollbacks
|
Signature[] signatures = signingInfo.getApkContentsSigners();
|
mSigHashes = BackupUtils.hashSignatureArray(signatures);
|
}
|
|
public void saveToXml(ShortcutService s, XmlSerializer out, boolean forBackup)
|
throws IOException {
|
if (forBackup && !mBackupAllowedInitialized) {
|
s.wtf("Backup happened before mBackupAllowed is initialized.");
|
}
|
|
out.startTag(null, TAG_ROOT);
|
|
ShortcutService.writeAttr(out, ATTR_VERSION, mVersionCode);
|
ShortcutService.writeAttr(out, ATTR_LAST_UPDATE_TIME, mLastUpdateTime);
|
ShortcutService.writeAttr(out, ATTR_SHADOW, mIsShadow);
|
ShortcutService.writeAttr(out, ATTR_BACKUP_ALLOWED, mBackupAllowed);
|
|
// We don't need to save this field (we don't even read it back), but it'll show up
|
// in the dumpsys in the backup / restore payload.
|
ShortcutService.writeAttr(out, ATTR_BACKUP_ALLOWED_INITIALIZED, mBackupAllowedInitialized);
|
|
ShortcutService.writeAttr(out, ATTR_BACKUP_SOURCE_VERSION, mBackupSourceVersionCode);
|
ShortcutService.writeAttr(out,
|
ATTR_BACKUP_SOURCE_BACKUP_ALLOWED, mBackupSourceBackupAllowed);
|
|
|
for (int i = 0; i < mSigHashes.size(); i++) {
|
out.startTag(null, TAG_SIGNATURE);
|
final String encoded = Base64.getEncoder().encodeToString(mSigHashes.get(i));
|
ShortcutService.writeAttr(out, ATTR_SIGNATURE_HASH, encoded);
|
out.endTag(null, TAG_SIGNATURE);
|
}
|
out.endTag(null, TAG_ROOT);
|
}
|
|
public void loadFromXml(XmlPullParser parser, boolean fromBackup)
|
throws IOException, XmlPullParserException {
|
// Don't use the version code from the backup file.
|
final long versionCode = ShortcutService.parseLongAttribute(parser, ATTR_VERSION,
|
ShortcutInfo.VERSION_CODE_UNKNOWN);
|
|
final long lastUpdateTime = ShortcutService.parseLongAttribute(
|
parser, ATTR_LAST_UPDATE_TIME);
|
|
// When restoring from backup, it's always shadow.
|
final boolean shadow =
|
fromBackup || ShortcutService.parseBooleanAttribute(parser, ATTR_SHADOW);
|
|
// We didn't used to save these attributes, and all backed up shortcuts were from
|
// apps that support backups, so the default values take this fact into consideration.
|
final long backupSourceVersion = ShortcutService.parseLongAttribute(parser,
|
ATTR_BACKUP_SOURCE_VERSION, ShortcutInfo.VERSION_CODE_UNKNOWN);
|
|
// Note the only time these "true" default value is used is when restoring from an old
|
// build that didn't save ATTR_BACKUP_ALLOWED, and that means all the data included in
|
// a backup file were from apps that support backup, so we can just use "true" as the
|
// default.
|
final boolean backupAllowed = ShortcutService.parseBooleanAttribute(
|
parser, ATTR_BACKUP_ALLOWED, true);
|
final boolean backupSourceBackupAllowed = ShortcutService.parseBooleanAttribute(
|
parser, ATTR_BACKUP_SOURCE_BACKUP_ALLOWED, true);
|
|
final ArrayList<byte[]> hashes = new ArrayList<>();
|
|
final int outerDepth = parser.getDepth();
|
int type;
|
while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
|
&& (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
|
if (type != XmlPullParser.START_TAG) {
|
continue;
|
}
|
final int depth = parser.getDepth();
|
final String tag = parser.getName();
|
|
if (depth == outerDepth + 1) {
|
switch (tag) {
|
case TAG_SIGNATURE: {
|
final String hash = ShortcutService.parseStringAttribute(
|
parser, ATTR_SIGNATURE_HASH);
|
// Throws IllegalArgumentException if hash is invalid base64 data
|
final byte[] decoded = Base64.getDecoder().decode(hash);
|
hashes.add(decoded);
|
continue;
|
}
|
}
|
}
|
ShortcutService.warnForInvalidTag(depth, tag);
|
}
|
|
// Successfully loaded; replace the fields.
|
if (fromBackup) {
|
mVersionCode = ShortcutInfo.VERSION_CODE_UNKNOWN;
|
mBackupSourceVersionCode = versionCode;
|
mBackupSourceBackupAllowed = backupAllowed;
|
} else {
|
mVersionCode = versionCode;
|
mBackupSourceVersionCode = backupSourceVersion;
|
mBackupSourceBackupAllowed = backupSourceBackupAllowed;
|
}
|
mLastUpdateTime = lastUpdateTime;
|
mIsShadow = shadow;
|
mSigHashes = hashes;
|
|
// Note we don't restore it from the file because it didn't used to be saved.
|
// We always start by assuming backup is disabled for the current package,
|
// and this field will have been updated before we actually create a backup, at the same
|
// time when we update the version code.
|
// Until then, the value of mBackupAllowed shouldn't matter, but we don't want to print
|
// a false flag on dumpsys, so set mBackupAllowedInitialized to false.
|
mBackupAllowed = false;
|
mBackupAllowedInitialized = false;
|
}
|
|
public void dump(PrintWriter pw, String prefix) {
|
pw.println();
|
|
pw.print(prefix);
|
pw.println("PackageInfo:");
|
|
pw.print(prefix);
|
pw.print(" IsShadow: ");
|
pw.print(mIsShadow);
|
pw.print(mIsShadow ? " (not installed)" : " (installed)");
|
pw.println();
|
|
pw.print(prefix);
|
pw.print(" Version: ");
|
pw.print(mVersionCode);
|
pw.println();
|
|
if (mBackupAllowedInitialized) {
|
pw.print(prefix);
|
pw.print(" Backup Allowed: ");
|
pw.print(mBackupAllowed);
|
pw.println();
|
}
|
|
if (mBackupSourceVersionCode != ShortcutInfo.VERSION_CODE_UNKNOWN) {
|
pw.print(prefix);
|
pw.print(" Backup source version: ");
|
pw.print(mBackupSourceVersionCode);
|
pw.println();
|
|
pw.print(prefix);
|
pw.print(" Backup source backup allowed: ");
|
pw.print(mBackupSourceBackupAllowed);
|
pw.println();
|
}
|
|
pw.print(prefix);
|
pw.print(" Last package update time: ");
|
pw.print(mLastUpdateTime);
|
pw.println();
|
|
for (int i = 0; i < mSigHashes.size(); i++) {
|
pw.print(prefix);
|
pw.print(" ");
|
pw.print("SigHash: ");
|
pw.println(HexEncoding.encode(mSigHashes.get(i)));
|
}
|
}
|
}
|
