Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 03d6450b authored by Roshan Pius's avatar Roshan Pius
Browse files

UwbService: Enforce UWB_PRIVILEGED permission 

This API surface is directly accessible only to a select set of system
apps which hold the UWB_PRIVILEGED permission.

Bug: 183904955
Test: atest android.uwb.cts.UwbManagerTest
Change-Id: I27e752c37b75e3dd8bf7990b71333b97197f478f
parent 9bed14ec

services/tests/servicestests/src/com/android/server/uwb/UwbServiceImplTest.java

+15 −0
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package com.android.server.uwb;



import static android.Manifest.permission.UWB_PRIVILEGED;



import static com.google.common.truth.Truth.assertThat;



import static org.junit.Assert.fail;
@@ -24,6 +26,7 @@ import static org.mockito.ArgumentMatchers.anyInt; 
import static org.mockito.ArgumentMatchers.argThat;

import static org.mockito.ArgumentMatchers.eq;

import static org.mockito.Mockito.clearInvocations;

import static org.mockito.Mockito.doThrow;

import static org.mockito.Mockito.mock;

import static org.mockito.Mockito.never;

import static org.mockito.Mockito.verify;
@@ -296,4 +299,16 @@ public class UwbServiceImplTest { 
                eq(sessionHandle), eq(RangingSession.Callback.REASON_UNKNOWN),

                argThat((p) -> p.isEmpty()));

    }



    @Test

    public void testThrowSecurityExceptionWhenCalledWithoutUwbPrivilegedPermission()

            throws Exception {

        doThrow(new SecurityException()).when(mContext).enforceCallingOrSelfPermission(

                eq(UWB_PRIVILEGED), any());

        final IUwbAdapterStateCallbacks cb = mock(IUwbAdapterStateCallbacks.class);

        try {

            mUwbServiceImpl.registerAdapterStateCallbacks(cb);

            fail();

        } catch (SecurityException e) { /* pass */ }

    }

}

services/uwb/java/com/android/server/uwb/UwbServiceImpl.java

+16 −3
Original line number Diff line number Diff line
@@ -167,7 +167,7 @@ public class UwbServiceImpl extends IUwbAdapter.Stub implements IBinder.DeathRec 
                RangingReport rangingReport)

                throws RemoteException {

            if (!mIsValid) return;

            // TODO: Perform permission checks and noteOp.

            // TODO: Perform runtime permission checks and noteOp.

            mExternalCb.onRangingResult(sessionHandle, rangingReport);

        }
@@ -229,31 +229,41 @@ public class UwbServiceImpl extends IUwbAdapter.Stub implements IBinder.DeathRec 
        mUwbInjector = uwbInjector;

    }



    private void enforceUwbPrivilegedPermission() {

        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.UWB_PRIVILEGED,

                "UwbService");

    }



    @Override

    public void registerAdapterStateCallbacks(IUwbAdapterStateCallbacks adapterStateCallbacks)

            throws RemoteException {

        enforceUwbPrivilegedPermission();

        getVendorUwbAdapter().registerAdapterStateCallbacks(adapterStateCallbacks);

    }



    @Override

    public void unregisterAdapterStateCallbacks(IUwbAdapterStateCallbacks adapterStateCallbacks)

            throws RemoteException {

        enforceUwbPrivilegedPermission();

        getVendorUwbAdapter().unregisterAdapterStateCallbacks(adapterStateCallbacks);

    }



    @Override

    public long getTimestampResolutionNanos() throws RemoteException {

        enforceUwbPrivilegedPermission();

        return getVendorUwbAdapter().getTimestampResolutionNanos();

    }



    @Override

    public PersistableBundle getSpecificationInfo() throws RemoteException {

        enforceUwbPrivilegedPermission();

        return getVendorUwbAdapter().getSpecificationInfo();

    }



    @Override

    public void openRanging(SessionHandle sessionHandle, IUwbRangingCallbacks rangingCallbacks,

            PersistableBundle parameters) throws RemoteException {

        enforceUwbPrivilegedPermission();

        UwbRangingCallbacksWrapper wrapperCb =

                new UwbRangingCallbacksWrapper(sessionHandle, rangingCallbacks);

        synchronized (mCallbacksMap) {
@@ -265,24 +275,27 @@ public class UwbServiceImpl extends IUwbAdapter.Stub implements IBinder.DeathRec 
    @Override

    public void startRanging(SessionHandle sessionHandle, PersistableBundle parameters)

            throws RemoteException {

        // TODO: Perform permission checks.

        enforceUwbPrivilegedPermission();

        // TODO: Perform runtime apermission checks.

        getVendorUwbAdapter().startRanging(sessionHandle, parameters);

    }



    @Override

    public void reconfigureRanging(SessionHandle sessionHandle, PersistableBundle parameters)

            throws RemoteException {

        enforceUwbPrivilegedPermission();

        getVendorUwbAdapter().reconfigureRanging(sessionHandle, parameters);

    }



    @Override

    public void stopRanging(SessionHandle sessionHandle) throws RemoteException {

        enforceUwbPrivilegedPermission();

        getVendorUwbAdapter().stopRanging(sessionHandle);

    }



    @Override

    public void closeRanging(SessionHandle sessionHandle) throws RemoteException {

        enforceUwbPrivilegedPermission();

        getVendorUwbAdapter().closeRanging(sessionHandle);

    }



}