Loading core/java/android/app/admin/BundlePolicyValue.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -32,7 +32,7 @@ public final class BundlePolicyValue extends PolicyValue<Bundle> { public BundlePolicyValue(Bundle value) { public BundlePolicyValue(Bundle value) { super(value); super(value); if (Flags.devicePolicySizeTrackingInternalEnabled()) { if (Flags.devicePolicySizeTrackingInternalEnabled()) { PolicySizeVerifier.enforceMaxParcelableFieldsLength(value); PolicySizeVerifier.enforceMaxBundleFieldsLength(value); } } } } Loading core/java/android/app/admin/IntentFilterPolicyKey.java +0 −4 Original line number Original line Diff line number Diff line Loading @@ -24,7 +24,6 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.annotation.SystemApi; import android.annotation.SystemApi; import android.annotation.TestApi; import android.annotation.TestApi; import android.app.admin.flags.Flags; import android.content.IntentFilter; import android.content.IntentFilter; import android.os.Bundle; import android.os.Bundle; import android.os.Parcel; import android.os.Parcel; Loading Loading @@ -60,9 +59,6 @@ public final class IntentFilterPolicyKey extends PolicyKey { @TestApi @TestApi public IntentFilterPolicyKey(@NonNull String identifier, @NonNull IntentFilter filter) { public IntentFilterPolicyKey(@NonNull String identifier, @NonNull IntentFilter filter) { super(identifier); super(identifier); if (Flags.devicePolicySizeTrackingInternalEnabled()) { PolicySizeVerifier.enforceMaxParcelableFieldsLength(filter); } mFilter = Objects.requireNonNull(filter); mFilter = Objects.requireNonNull(filter); } } Loading core/java/android/app/admin/PolicySizeVerifier.java +35 −28 Original line number Original line Diff line number Diff line Loading @@ -17,12 +17,12 @@ package android.app.admin; package android.app.admin; import android.content.ComponentName; import android.content.ComponentName; import android.os.Bundle; import android.os.Parcelable; import android.os.Parcelable; import android.os.PersistableBundle; import android.os.PersistableBundle; import com.android.internal.util.Preconditions; import com.android.internal.util.Preconditions; import java.lang.reflect.Field; import java.util.ArrayDeque; import java.util.ArrayDeque; import java.util.Queue; import java.util.Queue; Loading Loading @@ -71,44 +71,51 @@ public class PolicySizeVerifier { for (String key : current.keySet()) { for (String key : current.keySet()) { enforceMaxStringLength(key, "key in " + argName); enforceMaxStringLength(key, "key in " + argName); Object value = current.get(key); Object value = current.get(key); if (value instanceof String) { if (value instanceof String str) { enforceMaxStringLength((String) value, "string value in " + argName); enforceMaxStringLength(str, "string value in " + argName); } else if (value instanceof String[]) { } else if (value instanceof String[] strArray) { for (String str : (String[]) value) { for (String str : strArray) { enforceMaxStringLength(str, "string value in " + argName); enforceMaxStringLength(str, "string value in " + argName); } } } else if (value instanceof PersistableBundle) { } else if (value instanceof PersistableBundle persistableBundle) { queue.add((PersistableBundle) value); queue.add(persistableBundle); } } } } } } } } /** /** * Throw if Parcelable contains any string that's too long to be serialized. * Throw if bundle contains any string that's too long to be serialized. This follows the * serialization logic in BundlePolicySerializer#writeBundle. */ */ public static void enforceMaxParcelableFieldsLength(Parcelable parcelable) { public static void enforceMaxBundleFieldsLength(Bundle bundle) { // TODO(b/326662716) rework to protect against infinite recursion. Queue<Bundle> queue = new ArrayDeque<>(); if (true) { queue.add(bundle); return; while (!queue.isEmpty()) { Bundle current = queue.remove(); for (String key : current.keySet()) { enforceMaxStringLength(key, "key in Bundle"); Object value = current.get(key); if (value instanceof String str) { enforceMaxStringLength(str, "string value in Bundle with " + "key" + key); } else if (value instanceof String[] strArray) { for (String str : strArray) { enforceMaxStringLength(str, "string value in Bundle with" + " key" + key); } } Class<?> clazz = parcelable.getClass(); } else if (value instanceof Bundle b) { queue.add(b); Field[] fields = clazz.getDeclaredFields(); } for (Field field : fields) { else if (value instanceof Parcelable[] parcelableArray) { field.setAccessible(true); for (Parcelable parcelable : parcelableArray) { try { if (!(parcelable instanceof Bundle)) { Object value = field.get(parcelable); throw new IllegalArgumentException("bundle-array can only hold " if (value instanceof String) { + "Bundles"); String stringValue = (String) value; } enforceMaxStringLength(stringValue, field.getName()); queue.add((Bundle) parcelable); } } if (value instanceof Parcelable) { enforceMaxParcelableFieldsLength((Parcelable) value); } } } catch (IllegalAccessException e) { e.printStackTrace(); } } } } } } Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -23389,7 +23389,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG); DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG); } } private boolean isUnicornFlagEnabled() { static boolean isUnicornFlagEnabled() { return false; return false; } } services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java +8 −0 Original line number Original line Diff line number Diff line Loading @@ -66,6 +66,10 @@ final class PolicyEnforcerCallbacks { private static final String LOG_TAG = "PolicyEnforcerCallbacks"; private static final String LOG_TAG = "PolicyEnforcerCallbacks"; static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) { static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { Slogf.w(LOG_TAG, "Trying to enforce setAutoTimezoneEnabled while flag is off."); return true; } return Binder.withCleanCallingIdentity(() -> { return Binder.withCleanCallingIdentity(() -> { Objects.requireNonNull(context); Objects.requireNonNull(context); Loading @@ -79,6 +83,10 @@ final class PolicyEnforcerCallbacks { static boolean setPermissionGrantState( static boolean setPermissionGrantState( @Nullable Integer grantState, @NonNull Context context, int userId, @Nullable Integer grantState, @NonNull Context context, int userId, @NonNull PolicyKey policyKey) { @NonNull PolicyKey policyKey) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { Slogf.w(LOG_TAG, "Trying to enforce setPermissionGrantState while flag is off."); return true; } return Boolean.TRUE.equals(Binder.withCleanCallingIdentity(() -> { return Boolean.TRUE.equals(Binder.withCleanCallingIdentity(() -> { if (!(policyKey instanceof PackagePermissionPolicyKey)) { if (!(policyKey instanceof PackagePermissionPolicyKey)) { throw new IllegalArgumentException("policyKey is not of type " throw new IllegalArgumentException("policyKey is not of type " Loading Loading
core/java/android/app/admin/BundlePolicyValue.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -32,7 +32,7 @@ public final class BundlePolicyValue extends PolicyValue<Bundle> { public BundlePolicyValue(Bundle value) { public BundlePolicyValue(Bundle value) { super(value); super(value); if (Flags.devicePolicySizeTrackingInternalEnabled()) { if (Flags.devicePolicySizeTrackingInternalEnabled()) { PolicySizeVerifier.enforceMaxParcelableFieldsLength(value); PolicySizeVerifier.enforceMaxBundleFieldsLength(value); } } } } Loading
core/java/android/app/admin/IntentFilterPolicyKey.java +0 −4 Original line number Original line Diff line number Diff line Loading @@ -24,7 +24,6 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.annotation.SystemApi; import android.annotation.SystemApi; import android.annotation.TestApi; import android.annotation.TestApi; import android.app.admin.flags.Flags; import android.content.IntentFilter; import android.content.IntentFilter; import android.os.Bundle; import android.os.Bundle; import android.os.Parcel; import android.os.Parcel; Loading Loading @@ -60,9 +59,6 @@ public final class IntentFilterPolicyKey extends PolicyKey { @TestApi @TestApi public IntentFilterPolicyKey(@NonNull String identifier, @NonNull IntentFilter filter) { public IntentFilterPolicyKey(@NonNull String identifier, @NonNull IntentFilter filter) { super(identifier); super(identifier); if (Flags.devicePolicySizeTrackingInternalEnabled()) { PolicySizeVerifier.enforceMaxParcelableFieldsLength(filter); } mFilter = Objects.requireNonNull(filter); mFilter = Objects.requireNonNull(filter); } } Loading
core/java/android/app/admin/PolicySizeVerifier.java +35 −28 Original line number Original line Diff line number Diff line Loading @@ -17,12 +17,12 @@ package android.app.admin; package android.app.admin; import android.content.ComponentName; import android.content.ComponentName; import android.os.Bundle; import android.os.Parcelable; import android.os.Parcelable; import android.os.PersistableBundle; import android.os.PersistableBundle; import com.android.internal.util.Preconditions; import com.android.internal.util.Preconditions; import java.lang.reflect.Field; import java.util.ArrayDeque; import java.util.ArrayDeque; import java.util.Queue; import java.util.Queue; Loading Loading @@ -71,44 +71,51 @@ public class PolicySizeVerifier { for (String key : current.keySet()) { for (String key : current.keySet()) { enforceMaxStringLength(key, "key in " + argName); enforceMaxStringLength(key, "key in " + argName); Object value = current.get(key); Object value = current.get(key); if (value instanceof String) { if (value instanceof String str) { enforceMaxStringLength((String) value, "string value in " + argName); enforceMaxStringLength(str, "string value in " + argName); } else if (value instanceof String[]) { } else if (value instanceof String[] strArray) { for (String str : (String[]) value) { for (String str : strArray) { enforceMaxStringLength(str, "string value in " + argName); enforceMaxStringLength(str, "string value in " + argName); } } } else if (value instanceof PersistableBundle) { } else if (value instanceof PersistableBundle persistableBundle) { queue.add((PersistableBundle) value); queue.add(persistableBundle); } } } } } } } } /** /** * Throw if Parcelable contains any string that's too long to be serialized. * Throw if bundle contains any string that's too long to be serialized. This follows the * serialization logic in BundlePolicySerializer#writeBundle. */ */ public static void enforceMaxParcelableFieldsLength(Parcelable parcelable) { public static void enforceMaxBundleFieldsLength(Bundle bundle) { // TODO(b/326662716) rework to protect against infinite recursion. Queue<Bundle> queue = new ArrayDeque<>(); if (true) { queue.add(bundle); return; while (!queue.isEmpty()) { Bundle current = queue.remove(); for (String key : current.keySet()) { enforceMaxStringLength(key, "key in Bundle"); Object value = current.get(key); if (value instanceof String str) { enforceMaxStringLength(str, "string value in Bundle with " + "key" + key); } else if (value instanceof String[] strArray) { for (String str : strArray) { enforceMaxStringLength(str, "string value in Bundle with" + " key" + key); } } Class<?> clazz = parcelable.getClass(); } else if (value instanceof Bundle b) { queue.add(b); Field[] fields = clazz.getDeclaredFields(); } for (Field field : fields) { else if (value instanceof Parcelable[] parcelableArray) { field.setAccessible(true); for (Parcelable parcelable : parcelableArray) { try { if (!(parcelable instanceof Bundle)) { Object value = field.get(parcelable); throw new IllegalArgumentException("bundle-array can only hold " if (value instanceof String) { + "Bundles"); String stringValue = (String) value; } enforceMaxStringLength(stringValue, field.getName()); queue.add((Bundle) parcelable); } } if (value instanceof Parcelable) { enforceMaxParcelableFieldsLength((Parcelable) value); } } } catch (IllegalAccessException e) { e.printStackTrace(); } } } } } } Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -23389,7 +23389,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG); DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG); } } private boolean isUnicornFlagEnabled() { static boolean isUnicornFlagEnabled() { return false; return false; } }
services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java +8 −0 Original line number Original line Diff line number Diff line Loading @@ -66,6 +66,10 @@ final class PolicyEnforcerCallbacks { private static final String LOG_TAG = "PolicyEnforcerCallbacks"; private static final String LOG_TAG = "PolicyEnforcerCallbacks"; static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) { static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { Slogf.w(LOG_TAG, "Trying to enforce setAutoTimezoneEnabled while flag is off."); return true; } return Binder.withCleanCallingIdentity(() -> { return Binder.withCleanCallingIdentity(() -> { Objects.requireNonNull(context); Objects.requireNonNull(context); Loading @@ -79,6 +83,10 @@ final class PolicyEnforcerCallbacks { static boolean setPermissionGrantState( static boolean setPermissionGrantState( @Nullable Integer grantState, @NonNull Context context, int userId, @Nullable Integer grantState, @NonNull Context context, int userId, @NonNull PolicyKey policyKey) { @NonNull PolicyKey policyKey) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { Slogf.w(LOG_TAG, "Trying to enforce setPermissionGrantState while flag is off."); return true; } return Boolean.TRUE.equals(Binder.withCleanCallingIdentity(() -> { return Boolean.TRUE.equals(Binder.withCleanCallingIdentity(() -> { if (!(policyKey instanceof PackagePermissionPolicyKey)) { if (!(policyKey instanceof PackagePermissionPolicyKey)) { throw new IllegalArgumentException("policyKey is not of type " throw new IllegalArgumentException("policyKey is not of type " Loading
