1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.content.pm.verify.domain; 18 19 import android.annotation.IntDef; 20 import android.annotation.NonNull; 21 22 /** 23 * @hide 24 */ 25 public interface DomainVerificationState { 26 27 @IntDef({ 28 STATE_NO_RESPONSE, 29 STATE_SUCCESS, 30 STATE_MIGRATED, 31 STATE_RESTORED, 32 STATE_APPROVED, 33 STATE_DENIED, 34 STATE_LEGACY_FAILURE, 35 STATE_SYS_CONFIG, 36 STATE_FIRST_VERIFIER_DEFINED 37 }) 38 @interface State { 39 } 40 41 // TODO(b/159952358): Document all the places that states need to be updated when one is added 42 /** 43 * @see DomainVerificationInfo#STATE_NO_RESPONSE 44 */ 45 int STATE_NO_RESPONSE = 0; 46 47 /** 48 * @see DomainVerificationInfo#STATE_SUCCESS 49 */ 50 int STATE_SUCCESS = 1; 51 52 /** 53 * The system has chosen to ignore the verification agent's opinion on whether the domain should 54 * be verified. This will treat the domain as verified. 55 */ 56 int STATE_APPROVED = 2; 57 58 /** 59 * The system has chosen to ignore the verification agent's opinion on whether the domain should 60 * be verified. This will treat the domain as unverified. 61 */ 62 int STATE_DENIED = 3; 63 64 /** 65 * The state was migrated from the previous intent filter verification API. This will treat the 66 * domain as verified, but it should be updated by the verification agent. The older API's 67 * collection and handling of verifying domains may lead to improperly migrated state. 68 */ 69 int STATE_MIGRATED = 4; 70 71 /** 72 * The state was restored from a user backup or by the system. This is treated as if the domain 73 * was verified, but the verification agent may choose to re-verify this domain to be certain 74 * nothing has changed since the snapshot. 75 */ 76 int STATE_RESTORED = 5; 77 78 /** 79 * The domain was failed by a legacy intent filter verification agent from v1 of the API. This 80 * is made distinct from {@link #STATE_FIRST_VERIFIER_DEFINED} to prevent any v2 verification 81 * agent from misinterpreting the result, since {@link #STATE_FIRST_VERIFIER_DEFINED} is agent 82 * specific and can be defined as a special error code. 83 */ 84 int STATE_LEGACY_FAILURE = 6; 85 86 /** 87 * The application has been granted auto verification for all domains by configuration on the 88 * system image. 89 * 90 * TODO: Can be stored per-package rather than for all domains for a package to save memory. 91 */ 92 int STATE_SYS_CONFIG = 7; 93 94 /** 95 * @see DomainVerificationInfo#STATE_FIRST_VERIFIER_DEFINED 96 */ 97 int STATE_FIRST_VERIFIER_DEFINED = 0b10000000000; 98 99 @NonNull stateToDebugString(@omainVerificationState.State int state)100 static String stateToDebugString(@DomainVerificationState.State int state) { 101 switch (state) { 102 case DomainVerificationState.STATE_NO_RESPONSE: 103 return "none"; 104 case DomainVerificationState.STATE_SUCCESS: 105 return "verified"; 106 case DomainVerificationState.STATE_APPROVED: 107 return "approved"; 108 case DomainVerificationState.STATE_DENIED: 109 return "denied"; 110 case DomainVerificationState.STATE_MIGRATED: 111 return "migrated"; 112 case DomainVerificationState.STATE_RESTORED: 113 return "restored"; 114 case DomainVerificationState.STATE_LEGACY_FAILURE: 115 return "legacy_failure"; 116 case DomainVerificationState.STATE_SYS_CONFIG: 117 return "system_configured"; 118 default: 119 return String.valueOf(state); 120 } 121 } 122 123 /** 124 * For determining re-verify policy. This is hidden from the domain verification agent so that 125 * no behavior is made based on the result. 126 */ isDefault(@tate int state)127 static boolean isDefault(@State int state) { 128 switch (state) { 129 case STATE_NO_RESPONSE: 130 case STATE_MIGRATED: 131 case STATE_RESTORED: 132 return true; 133 case STATE_SUCCESS: 134 case STATE_APPROVED: 135 case STATE_DENIED: 136 case STATE_LEGACY_FAILURE: 137 case STATE_SYS_CONFIG: 138 default: 139 return false; 140 } 141 } 142 143 /** 144 * Checks if a state considers the corresponding domain to be successfully verified. The domain 145 * verification agent may use this to determine whether or not to re-verify a domain. 146 */ isVerified(@omainVerificationState.State int state)147 static boolean isVerified(@DomainVerificationState.State int state) { 148 switch (state) { 149 case DomainVerificationState.STATE_SUCCESS: 150 case DomainVerificationState.STATE_APPROVED: 151 case DomainVerificationState.STATE_MIGRATED: 152 case DomainVerificationState.STATE_RESTORED: 153 case DomainVerificationState.STATE_SYS_CONFIG: 154 return true; 155 case DomainVerificationState.STATE_NO_RESPONSE: 156 case DomainVerificationState.STATE_DENIED: 157 case DomainVerificationState.STATE_LEGACY_FAILURE: 158 default: 159 return false; 160 } 161 } 162 163 /** 164 * Checks if a state is modifiable by the domain verification agent. This is useful as the 165 * platform may add new state codes in newer versions, and older verification agents can use 166 * this method to determine if a state can be changed without having to be aware of what the new 167 * state means. 168 */ isModifiable(@omainVerificationState.State int state)169 static boolean isModifiable(@DomainVerificationState.State int state) { 170 switch (state) { 171 case DomainVerificationState.STATE_NO_RESPONSE: 172 case DomainVerificationState.STATE_SUCCESS: 173 case DomainVerificationState.STATE_MIGRATED: 174 case DomainVerificationState.STATE_RESTORED: 175 case DomainVerificationState.STATE_LEGACY_FAILURE: 176 return true; 177 case DomainVerificationState.STATE_APPROVED: 178 case DomainVerificationState.STATE_DENIED: 179 case DomainVerificationState.STATE_SYS_CONFIG: 180 return false; 181 default: 182 return state >= DomainVerificationState.STATE_FIRST_VERIFIER_DEFINED; 183 } 184 } 185 186 /** 187 * Whether the state is migrated when updating a package. Generally this is only for states 188 * that maintain verification state or were set by an explicit user or developer action. 189 */ shouldMigrate(@tate int state)190 static boolean shouldMigrate(@State int state) { 191 switch (state) { 192 case STATE_SUCCESS: 193 case STATE_MIGRATED: 194 case STATE_RESTORED: 195 case STATE_APPROVED: 196 case STATE_DENIED: 197 return true; 198 case STATE_NO_RESPONSE: 199 case STATE_LEGACY_FAILURE: 200 case STATE_SYS_CONFIG: 201 case STATE_FIRST_VERIFIER_DEFINED: 202 default: 203 return false; 204 } 205 } 206 207 @DomainVerificationInfo.State convertToInfoState(@tate int internalState)208 static int convertToInfoState(@State int internalState) { 209 if (internalState >= STATE_FIRST_VERIFIER_DEFINED) { 210 return internalState; 211 } else if (internalState == STATE_NO_RESPONSE) { 212 return DomainVerificationInfo.STATE_NO_RESPONSE; 213 } else if (internalState == STATE_SUCCESS) { 214 return DomainVerificationInfo.STATE_SUCCESS; 215 } else if (!isModifiable(internalState)) { 216 return DomainVerificationInfo.STATE_UNMODIFIABLE; 217 } else if (isVerified(internalState)) { 218 return DomainVerificationInfo.STATE_MODIFIABLE_VERIFIED; 219 } else { 220 return DomainVerificationInfo.STATE_MODIFIABLE_UNVERIFIED; 221 } 222 } 223 } 224