1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.content.integrity;
18 
19 import android.annotation.NonNull;
20 import android.annotation.SystemApi;
21 import android.annotation.SystemService;
22 import android.annotation.TestApi;
23 import android.content.Context;
24 import android.content.IntentSender;
25 import android.content.pm.ParceledListSlice;
26 import android.os.RemoteException;
27 
28 import java.util.List;
29 
30 /**
31  * Class for pushing rules used to check the integrity of app installs.
32  *
33  * <p>Note: applications using methods of this class must be a system app and have their package
34  * name allowlisted as an integrity rule provider. Otherwise a {@link SecurityException} will be
35  * thrown.
36  *
37  * @hide
38  */
39 @SystemApi
40 @SystemService(Context.APP_INTEGRITY_SERVICE)
41 public class AppIntegrityManager {
42 
43     /** The operation succeeded. */
44     public static final int STATUS_SUCCESS = 0;
45 
46     /** The operation failed. */
47     public static final int STATUS_FAILURE = 1;
48 
49     /**
50      * Current status of an operation. Will be one of {@link #STATUS_SUCCESS}, {@link
51      * #STATUS_FAILURE}.
52      *
53      * <p>More information about a status may be available through additional extras; see the
54      * individual status documentation for details.
55      *
56      * @see android.content.Intent#getIntExtra(String, int)
57      */
58     public static final String EXTRA_STATUS = "android.content.integrity.extra.STATUS";
59 
60     IAppIntegrityManager mManager;
61 
62     /** @hide */
AppIntegrityManager(IAppIntegrityManager manager)63     public AppIntegrityManager(IAppIntegrityManager manager) {
64         mManager = manager;
65     }
66 
67     /**
68      * Update the rules to evaluate during install time.
69      *
70      * @param updateRequest request containing the data of the rule set update
71      * @param statusReceiver Called when the state of the session changes. Intents sent to this
72      *     receiver contain {@link #EXTRA_STATUS}. Refer to the individual status codes on how to
73      *     handle them.
74      */
updateRuleSet( @onNull RuleSet updateRequest, @NonNull IntentSender statusReceiver)75     public void updateRuleSet(
76             @NonNull RuleSet updateRequest, @NonNull IntentSender statusReceiver) {
77         try {
78             mManager.updateRuleSet(
79                     updateRequest.getVersion(),
80                     new ParceledListSlice<>(updateRequest.getRules()),
81                     statusReceiver);
82         } catch (RemoteException e) {
83             throw e.rethrowAsRuntimeException();
84         }
85     }
86 
87     /** Get the current version of the rule set. */
88     @NonNull
getCurrentRuleSetVersion()89     public String getCurrentRuleSetVersion() {
90         try {
91             return mManager.getCurrentRuleSetVersion();
92         } catch (RemoteException e) {
93             throw e.rethrowAsRuntimeException();
94         }
95     }
96 
97     /** Get the name of the package that provided the current rule set. */
98     @NonNull
getCurrentRuleSetProvider()99     public String getCurrentRuleSetProvider() {
100         try {
101             return mManager.getCurrentRuleSetProvider();
102         } catch (RemoteException e) {
103             throw e.rethrowAsRuntimeException();
104         }
105     }
106 
107     /**
108      * Get current RuleSet on device.
109      *
110      * <p>Warning: this method is only used for tests.
111      *
112      * @hide
113      */
114     @TestApi
115     @NonNull
getCurrentRuleSet()116     public RuleSet getCurrentRuleSet() {
117         try {
118             ParceledListSlice<Rule> rules = mManager.getCurrentRules();
119             String version = mManager.getCurrentRuleSetVersion();
120             return new RuleSet.Builder().setVersion(version).addRules(rules.getList()).build();
121         } catch (RemoteException e) {
122             throw e.rethrowAsRuntimeException();
123         }
124     }
125 
126     /**
127      * Get the package names of all allowlisted rule providers.
128      *
129      * <p>Warning: this method is only used for tests.
130      *
131      * @hide
132      */
133     @TestApi
134     @NonNull
getWhitelistedRuleProviders()135     public List<String> getWhitelistedRuleProviders() {
136         try {
137             return mManager.getWhitelistedRuleProviders();
138         } catch (RemoteException e) {
139             throw e.rethrowAsRuntimeException();
140         }
141     }
142 }
143