1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.webkit;
18
19import android.content.BroadcastReceiver;
20import android.content.Context;
21import android.content.Intent;
22import android.content.IntentFilter;
23import android.content.pm.PackageManager;
24import android.os.Binder;
25import android.os.PatternMatcher;
26import android.os.Process;
27import android.os.ResultReceiver;
28import android.os.UserHandle;
29import android.util.Slog;
30import android.webkit.IWebViewUpdateService;
31import android.webkit.WebViewFactory;
32import android.webkit.WebViewProviderInfo;
33import android.webkit.WebViewProviderResponse;
34
35import com.android.server.SystemService;
36
37import java.io.FileDescriptor;
38import java.util.Arrays;
39
40/**
41 * Private service to wait for the updatable WebView to be ready for use.
42 * @hide
43 */
44public class WebViewUpdateService extends SystemService {
45
46    private static final String TAG = "WebViewUpdateService";
47
48    private BroadcastReceiver mWebViewUpdatedReceiver;
49    private WebViewUpdateServiceImpl mImpl;
50
51    static final int PACKAGE_CHANGED = 0;
52    static final int PACKAGE_ADDED = 1;
53    static final int PACKAGE_ADDED_REPLACED = 2;
54    static final int PACKAGE_REMOVED = 3;
55
56    public WebViewUpdateService(Context context) {
57        super(context);
58        mImpl = new WebViewUpdateServiceImpl(context, SystemImpl.getInstance());
59    }
60
61    @Override
62    public void onStart() {
63        mWebViewUpdatedReceiver = new BroadcastReceiver() {
64                @Override
65                public void onReceive(Context context, Intent intent) {
66                    int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);
67                    switch (intent.getAction()) {
68                        case Intent.ACTION_PACKAGE_REMOVED:
69                            // When a package is replaced we will receive two intents, one
70                            // representing the removal of the old package and one representing the
71                            // addition of the new package.
72                            // In the case where we receive an intent to remove the old version of
73                            // the package that is being replaced we early-out here so that we don't
74                            // run the update-logic twice.
75                            if (intent.getExtras().getBoolean(Intent.EXTRA_REPLACING)) return;
76                            mImpl.packageStateChanged(packageNameFromIntent(intent),
77                                    PACKAGE_REMOVED, userId);
78                            break;
79                        case Intent.ACTION_PACKAGE_CHANGED:
80                            // Ensure that we only heed PACKAGE_CHANGED intents if they change an
81                            // entire package, not just a component
82                            if (entirePackageChanged(intent)) {
83                                mImpl.packageStateChanged(packageNameFromIntent(intent),
84                                        PACKAGE_CHANGED, userId);
85                            }
86                            break;
87                        case Intent.ACTION_PACKAGE_ADDED:
88                            mImpl.packageStateChanged(packageNameFromIntent(intent),
89                                    (intent.getExtras().getBoolean(Intent.EXTRA_REPLACING)
90                                     ? PACKAGE_ADDED_REPLACED : PACKAGE_ADDED), userId);
91                            break;
92                        case Intent.ACTION_USER_ADDED:
93                            mImpl.handleNewUser(userId);
94                            break;
95                    }
96                }
97        };
98        IntentFilter filter = new IntentFilter();
99        filter.addAction(Intent.ACTION_PACKAGE_ADDED);
100        filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
101        filter.addAction(Intent.ACTION_PACKAGE_CHANGED);
102        filter.addDataScheme("package");
103        // Make sure we only receive intents for WebView packages from our config file.
104        for (WebViewProviderInfo provider : mImpl.getWebViewPackages()) {
105            filter.addDataSchemeSpecificPart(provider.packageName, PatternMatcher.PATTERN_LITERAL);
106        }
107
108        getContext().registerReceiverAsUser(mWebViewUpdatedReceiver, UserHandle.ALL, filter,
109                null /* broadcast permission */, null /* handler */);
110
111        IntentFilter userAddedFilter = new IntentFilter();
112        userAddedFilter.addAction(Intent.ACTION_USER_ADDED);
113        getContext().registerReceiverAsUser(mWebViewUpdatedReceiver, UserHandle.ALL,
114                userAddedFilter, null /* broadcast permission */, null /* handler */);
115
116        publishBinderService("webviewupdate", new BinderService(), true /*allowIsolated*/);
117    }
118
119    public void prepareWebViewInSystemServer() {
120        mImpl.prepareWebViewInSystemServer();
121    }
122
123    private static String packageNameFromIntent(Intent intent) {
124        return intent.getDataString().substring("package:".length());
125    }
126
127    /**
128     * Returns whether the entire package from an ACTION_PACKAGE_CHANGED intent was changed (rather
129     * than just one of its components).
130     * @hide
131     */
132    public static boolean entirePackageChanged(Intent intent) {
133        String[] componentList =
134            intent.getStringArrayExtra(Intent.EXTRA_CHANGED_COMPONENT_NAME_LIST);
135        return Arrays.asList(componentList).contains(
136                intent.getDataString().substring("package:".length()));
137    }
138
139    private class BinderService extends IWebViewUpdateService.Stub {
140
141        @Override
142        public void onShellCommand(FileDescriptor in, FileDescriptor out,
143                FileDescriptor err, String[] args, ResultReceiver resultReceiver) {
144            (new WebViewUpdateServiceShellCommand(this)).exec(
145                    this, in, out, err, args, resultReceiver);
146        }
147
148
149        /**
150         * The shared relro process calls this to notify us that it's done trying to create a relro
151         * file. This method gets called even if the relro creation has failed or the process
152         * crashed.
153         */
154        @Override // Binder call
155        public void notifyRelroCreationCompleted() {
156            // Verify that the caller is either the shared relro process (nominal case) or the
157            // system server (only in the case the relro process crashes and we get here via the
158            // crashHandler).
159            if (Binder.getCallingUid() != Process.SHARED_RELRO_UID &&
160                    Binder.getCallingUid() != Process.SYSTEM_UID) {
161                return;
162            }
163
164            long callingId = Binder.clearCallingIdentity();
165            try {
166                WebViewUpdateService.this.mImpl.notifyRelroCreationCompleted();
167            } finally {
168                Binder.restoreCallingIdentity(callingId);
169            }
170        }
171
172        /**
173         * WebViewFactory calls this to block WebView loading until the relro file is created.
174         * Returns the WebView provider for which we create relro files.
175         */
176        @Override // Binder call
177        public WebViewProviderResponse waitForAndGetProvider() {
178            // The WebViewUpdateService depends on the prepareWebViewInSystemServer call, which
179            // happens later (during the PHASE_ACTIVITY_MANAGER_READY) in SystemServer.java. If
180            // another service there tries to bring up a WebView in the between, the wait below
181            // would deadlock without the check below.
182            if (Binder.getCallingPid() == Process.myPid()) {
183                throw new IllegalStateException("Cannot create a WebView from the SystemServer");
184            }
185
186            return WebViewUpdateService.this.mImpl.waitForAndGetProvider();
187        }
188
189        /**
190         * This is called from DeveloperSettings when the user changes WebView provider.
191         */
192        @Override // Binder call
193        public String changeProviderAndSetting(String newProvider) {
194            if (getContext().checkCallingPermission(
195                        android.Manifest.permission.WRITE_SECURE_SETTINGS)
196                    != PackageManager.PERMISSION_GRANTED) {
197                String msg = "Permission Denial: changeProviderAndSetting() from pid="
198                        + Binder.getCallingPid()
199                        + ", uid=" + Binder.getCallingUid()
200                        + " requires " + android.Manifest.permission.WRITE_SECURE_SETTINGS;
201                Slog.w(TAG, msg);
202                throw new SecurityException(msg);
203            }
204
205            long callingId = Binder.clearCallingIdentity();
206            try {
207                return WebViewUpdateService.this.mImpl.changeProviderAndSetting(
208                        newProvider);
209            } finally {
210                Binder.restoreCallingIdentity(callingId);
211            }
212        }
213
214        @Override // Binder call
215        public WebViewProviderInfo[] getValidWebViewPackages() {
216            return WebViewUpdateService.this.mImpl.getValidWebViewPackages();
217        }
218
219        @Override // Binder call
220        public WebViewProviderInfo[] getAllWebViewPackages() {
221            return WebViewUpdateService.this.mImpl.getWebViewPackages();
222        }
223
224        @Override // Binder call
225        public String getCurrentWebViewPackageName() {
226            return WebViewUpdateService.this.mImpl.getCurrentWebViewPackageName();
227        }
228
229        @Override // Binder call
230        public boolean isFallbackPackage(String packageName) {
231            return WebViewUpdateService.this.mImpl.isFallbackPackage(packageName);
232        }
233
234        @Override // Binder call
235        public void enableFallbackLogic(boolean enable) {
236            if (getContext().checkCallingPermission(
237                        android.Manifest.permission.WRITE_SECURE_SETTINGS)
238                    != PackageManager.PERMISSION_GRANTED) {
239                String msg = "Permission Denial: enableFallbackLogic() from pid="
240                        + Binder.getCallingPid()
241                        + ", uid=" + Binder.getCallingUid()
242                        + " requires " + android.Manifest.permission.WRITE_SECURE_SETTINGS;
243                Slog.w(TAG, msg);
244                throw new SecurityException(msg);
245            }
246
247            long callingId = Binder.clearCallingIdentity();
248            try {
249                WebViewUpdateService.this.mImpl.enableFallbackLogic(enable);
250            } finally {
251                Binder.restoreCallingIdentity(callingId);
252            }
253        }
254    }
255}
256