• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.server.integrity.engine;
18 
19 import android.content.integrity.AppInstallMetadata;
20 import android.content.integrity.Rule;
21 import android.util.Slog;
22 
23 import com.android.internal.annotations.VisibleForTesting;
24 import com.android.server.integrity.IntegrityFileManager;
25 import com.android.server.integrity.model.IntegrityCheckResult;
26 
27 import java.util.ArrayList;
28 import java.util.Collections;
29 import java.util.List;
30 
31 /**
32  * The engine used to evaluate rules against app installs.
33  *
34  * <p>Every app install is evaluated against rules (pushed by the verifier) by the evaluation engine
35  * to allow/block that install.
36  */
37 public class RuleEvaluationEngine {
38     private static final String TAG = "RuleEvaluation";
39 
40     // The engine for loading rules, retrieving metadata for app installs, and evaluating app
41     // installs against rules.
42     private static RuleEvaluationEngine sRuleEvaluationEngine;
43 
44     private final IntegrityFileManager mIntegrityFileManager;
45 
46     @VisibleForTesting
RuleEvaluationEngine(IntegrityFileManager integrityFileManager)47     RuleEvaluationEngine(IntegrityFileManager integrityFileManager) {
48         mIntegrityFileManager = integrityFileManager;
49     }
50 
51     /** Provide a singleton instance of the rule evaluation engine. */
getRuleEvaluationEngine()52     public static synchronized RuleEvaluationEngine getRuleEvaluationEngine() {
53         if (sRuleEvaluationEngine == null) {
54             return new RuleEvaluationEngine(IntegrityFileManager.getInstance());
55         }
56         return sRuleEvaluationEngine;
57     }
58 
59     /**
60      * Load, and match the list of rules against an app install metadata.
61      *
62      * @param appInstallMetadata Metadata of the app to be installed, and to evaluate the rules
63      *                           against.
64      * @return result of the integrity check
65      */
evaluate( AppInstallMetadata appInstallMetadata)66     public IntegrityCheckResult evaluate(
67             AppInstallMetadata appInstallMetadata) {
68         List<Rule> rules = loadRules(appInstallMetadata);
69         return RuleEvaluator.evaluateRules(rules, appInstallMetadata);
70     }
71 
loadRules(AppInstallMetadata appInstallMetadata)72     private List<Rule> loadRules(AppInstallMetadata appInstallMetadata) {
73         if (!mIntegrityFileManager.initialized()) {
74             Slog.w(TAG, "Integrity rule files are not available.");
75             return Collections.emptyList();
76         }
77 
78         try {
79             return mIntegrityFileManager.readRules(appInstallMetadata);
80         } catch (Exception e) {
81             Slog.e(TAG, "Error loading rules.", e);
82             return new ArrayList<>();
83         }
84     }
85 }
86