/
Android Studio Sign in

SecurityPatchState

public class SecurityPatchState

Provides methods to access and manage security state information for various components within a system. This class handles operations related to security patch levels, vulnerability reports, and update management.

Usage examples include:

  • Fetching the current security patch level for specific system components.

  • Retrieving published security patch levels to compare against current levels.

  • Listing and applying security updates from designated update providers.

The class uses a combination of local data storage and external data fetching to maintain and update security states.

Recommended pattern of usage:

Summary

Nested types

Implementation of SecurityPatchLevel for a date-based patch level.

Implementation of SecurityPatchLevel for a simple string patch level.
public abstract class SecurityPatchState.SecurityPatchLevel implements Comparable

Abstract base class representing a security patch level.
public enum SecurityPatchState.Severity extends Enum

Severity of reported security issues.

Implementation of SecurityPatchLevel for a versioned patch level.

Constants
static final @NonNull String

Kernel component providing kernel version as VersionedSpl.
static final @NonNull String

System component providing ro.build.version.security_patch property value as DateBasedSpl.
static final @NonNull String

System modules component providing DateBasedSpl of system modules patch level.
static final @NonNull String

URL for the Google-provided data of vulnerabilities from Android Security Bulletin.

Public fields
static final @NonNull List<@NonNull String>

Default list of Android Mainline system modules.

Public constructors
SecurityPatchState(
    @NonNull Context context,
    @NonNull List<@NonNull String> systemModulePackageNames,
    SecurityStateManagerCompat customSecurityStateManagerCompat,
    String vulnerabilityReportJsonString
)

Creates an instance of SecurityPatchState.

Public methods
final boolean

Verifies if all specified CVEs have been patched in the system.
static final @NonNull SecurityPatchState.SecurityPatchLevel
getComponentSecurityPatchLevel(
    @NonNull String component,
    @NonNull String securityPatchLevel
)

Retrieves the specific security patch level for a given component based on a security patch level string.
@NonNull SecurityPatchState.SecurityPatchLevel

Retrieves the current security patch level for a specified component.
@NonNull Map<@NonNull SecurityPatchState.Severity, @NonNull Set<@NonNull String>>

Lists all security fixes applied on the current device since the baseline Android release of the current system image, filtered for a specified component and patch level, categorized by severity.
@NonNull List<@NonNull SecurityPatchState.SecurityPatchLevel>

Retrieves the published security patch level for a specified component.
static final @NonNull Uri

Constructs a URL for fetching vulnerability reports based on the device's Android version.
final boolean

Checks if all components of the device have their security patch levels up to date with the published security patch levels.
final void

Parses a JSON string to extract vulnerability report data.

Constants

COMPONENT_KERNEL

public static final @NonNull String COMPONENT_KERNEL

Kernel component providing kernel version as VersionedSpl.

COMPONENT_SYSTEM

public static final @NonNull String COMPONENT_SYSTEM

System component providing ro.build.version.security_patch property value as DateBasedSpl.

COMPONENT_SYSTEM_MODULES

public static final @NonNull String COMPONENT_SYSTEM_MODULES

System modules component providing DateBasedSpl of system modules patch level.

DEFAULT_VULNERABILITY_REPORTS_URL

public static final @NonNull String DEFAULT_VULNERABILITY_REPORTS_URL

URL for the Google-provided data of vulnerabilities from Android Security Bulletin.

Public fields

DEFAULT_SYSTEM_MODULES

public static final @NonNull List<@NonNull StringDEFAULT_SYSTEM_MODULES

Default list of Android Mainline system modules.

Public constructors

SecurityPatchState

Added in 1.0.0-beta01
public SecurityPatchState(
    @NonNull Context context,
    @NonNull List<@NonNull String> systemModulePackageNames,
    SecurityStateManagerCompat customSecurityStateManagerCompat,
    String vulnerabilityReportJsonString
)

Creates an instance of SecurityPatchState.

Parameters
@NonNull Context context

Application context used for accessing shared preferences, resources, and other context-dependent features.
@NonNull List<@NonNull String> systemModulePackageNames

A list of system module package names, defaults to Google provided system modules if none are provided. The first module on the list must be the system modules metadata provider package.
SecurityStateManagerCompat customSecurityStateManagerCompat

An optional custom manager for obtaining security state information. If null, a default manager is instantiated.
String vulnerabilityReportJsonString

A JSON string containing vulnerability data to initialize a VulnerabilityReport object.

If you only care about the Device SPL, this parameter is optional. If you need access to Published SPL and Available SPL, you must provide this JSON string, either here in the constructor, or later using loadVulnerabilityReport.

Public methods

areCvesPatched

Added in 1.0.0-beta01
public final boolean areCvesPatched(@NonNull List<@NonNull String> cveList)

Verifies if all specified CVEs have been patched in the system. This method aggregates the CVEs patched across specified system components and checks if the list includes all CVEs provided.

Parameters
@NonNull List<@NonNull String> cveList

A list of CVE identifiers as strings in the form "CVE-YYYY-NNNNN", where YYYY denotes year, and NNNNN is a number with 3 to 5 digits.
Returns
boolean

true if all provided CVEs are patched, false otherwise.

getComponentSecurityPatchLevel

Added in 1.0.0-beta01
public static final @NonNull SecurityPatchState.SecurityPatchLevel getComponentSecurityPatchLevel(
    @NonNull String component,
    @NonNull String securityPatchLevel
)

Retrieves the specific security patch level for a given component based on a security patch level string. This method determines the type of SecurityPatchLevel to construct based on the component type, interpreting the string as a date for date-based components or as a version number for versioned components.

Parameters
@NonNull String component

The component indicating which type of component's patch level is being requested.
@NonNull String securityPatchLevel

The string representation of the security patch level, which could be a date or a version number.
Returns
@NonNull SecurityPatchState.SecurityPatchLevel

A SecurityPatchLevel instance corresponding to the specified component and patch level string.
Throws
kotlin.IllegalArgumentException

If the input string is not in a valid format for the specified component type, or if the component requires a specific format that the string does not meet.

getDeviceSecurityPatchLevel

Added in 1.0.0-beta01
public @NonNull SecurityPatchState.SecurityPatchLevel getDeviceSecurityPatchLevel(@NonNull String component)

Retrieves the current security patch level for a specified component.

Parameters
@NonNull String component

The component for which the security patch level is requested.
Returns
@NonNull SecurityPatchState.SecurityPatchLevel

A SecurityPatchLevel representing the current patch level of the component.
Throws
kotlin.IllegalStateException

if the patch level data is not available.
kotlin.IllegalArgumentException

if the component name is unrecognized.

getPatchedCves

Added in 1.0.0-beta01
public @NonNull Map<@NonNull SecurityPatchState.Severity, @NonNull Set<@NonNull String>> getPatchedCves(
    @NonNull String component,
    @NonNull SecurityPatchState.SecurityPatchLevel spl
)

Lists all security fixes applied on the current device since the baseline Android release of the current system image, filtered for a specified component and patch level, categorized by severity.

Parameters
@NonNull String component

The component for which security fixes are listed.
@NonNull SecurityPatchState.SecurityPatchLevel spl

The security patch level for which fixes are retrieved.
Returns
@NonNull Map<@NonNull SecurityPatchState.Severity, @NonNull Set<@NonNull String>>

A map categorizing CVE identifiers by their severity for the specified patch level. For example: `` { Severity.CRITICAL: ["CVE-2023-1234", "CVE-2023-5678"], Severity.HIGH: ["CVE-2023-9012"], Severity.MODERATE: ["CVE-2023-3456"] } `` @throws IllegalArgumentException if the specified component is not valid for fetching security fixes. @throws IllegalStateException if the vulnerability report is not loaded.

getPublishedSecurityPatchLevel

Added in 1.0.0-beta01
public @NonNull List<@NonNull SecurityPatchState.SecurityPatchLevelgetPublishedSecurityPatchLevel(@NonNull String component)

Retrieves the published security patch level for a specified component. This patch level is based on the most recent vulnerability reports, which is a machine-readable data from Android and other security bulletins.

The published security patch level is the most recent value published in a bulletin.

Parameters
@NonNull String component

The component for which the published patch level is requested.
Returns
@NonNull List<@NonNull SecurityPatchState.SecurityPatchLevel>

A list of SecurityPatchLevel representing the published patch levels. The list contains single element for all components, except for KERNEL, where it lists kernel LTS version numbers for all supported major kernel versions. For example: `` [ "4.19.314", "5.15.159", "6.1.91" ] `` @throws IllegalStateException if the vulnerability report is not loaded or if patch level data is unavailable. @throws IllegalArgumentException if the component name is unrecognized.

getVulnerabilityReportUrl

Added in 1.0.0-beta01
@RequiresApi(value = 26)
public static final @NonNull Uri getVulnerabilityReportUrl(@NonNull Uri serverUrl)

Constructs a URL for fetching vulnerability reports based on the device's Android version.

Parameters
@NonNull Uri serverUrl

The base URL of the server where vulnerability reports are stored.
Returns
@NonNull Uri

A fully constructed URL pointing to the specific vulnerability report for this device.

isDeviceFullyUpdated

Added in 1.0.0-beta01
public final boolean isDeviceFullyUpdated()

Checks if all components of the device have their security patch levels up to date with the published security patch levels. This method compares the device's current security patch level against the latest published levels for each component.

Returns
boolean

true if all components are fully updated, false otherwise.
Throws
kotlin.IllegalArgumentException

if device or published security patch level for a component cannot be accessed.

loadVulnerabilityReport

Added in 1.0.0-beta01
@WorkerThread
public final void loadVulnerabilityReport(@NonNull String jsonString)

Parses a JSON string to extract vulnerability report data. This method validates the format of the input JSON and constructs a VulnerabilityReport object, preparing the class to provide published and available security state information.

Parameters
@NonNull String jsonString

The JSON string containing the vulnerability data.
Throws
kotlin.IllegalArgumentException

if the JSON input is malformed or contains invalid data.
Morty Proxy This is a proxified and sanitized view of the page, visit original site.