Loading core/api/test-current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -683,6 +683,7 @@ package android.content { ctor public AttributionSource(int, @Nullable String, @Nullable String); ctor public AttributionSource(int, @Nullable String, @Nullable String, @NonNull android.os.IBinder); ctor public AttributionSource(int, @Nullable String, @Nullable String, @Nullable java.util.Set<java.lang.String>, @Nullable android.content.AttributionSource); method public void enforceCallingPid(); } public final class AutofillOptions implements android.os.Parcelable { Loading core/java/android/content/AttributionSource.java +42 −4 Original line number Diff line number Diff line Loading @@ -154,8 +154,8 @@ public final class AttributionSource implements Parcelable { this(AttributionSourceState.CREATOR.createFromParcel(in)); // Since we just unpacked this object as part of it transiting a Binder // call, this is the perfect time to enforce that its UID can be trusted enforceCallingUid(); // call, this is the perfect time to enforce that its UID and PID can be trusted enforceCallingUidAndPid(); } /** @hide */ Loading Loading @@ -225,14 +225,25 @@ public final class AttributionSource implements Parcelable { } } /** * If you are handling an IPC and you don't trust the caller you need to validate whether the * attribution source is one for the calling app to prevent the caller to pass you a source from * another app without including themselves in the attribution chain. * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ private void enforceCallingUidAndPid() { enforceCallingUid(); enforceCallingPid(); } /** * If you are handling an IPC and you don't trust the caller you need to validate * whether the attribution source is one for the calling app to prevent the caller * to pass you a source from another app without including themselves in the * attribution chain. * * @throws SecurityException if the attribution source cannot be trusted to be * from the caller. * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ public void enforceCallingUid() { if (!checkCallingUid()) { Loading Loading @@ -261,6 +272,33 @@ public final class AttributionSource implements Parcelable { return true; } /** * Validate that the pid being claimed for the calling app is not spoofed * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. * @hide */ @TestApi public void enforceCallingPid() { if (!checkCallingPid()) { throw new SecurityException("Calling pid: " + Binder.getCallingPid() + " doesn't match source pid: " + mAttributionSourceState.pid); } } /** * Validate that the pid being claimed for the calling app is not spoofed * * @return if the attribution source cannot be trusted to be from the caller. */ private boolean checkCallingPid() { final int callingPid = Binder.getCallingPid(); if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) { return false; } return true; } @Override public String toString() { if (Build.IS_DEBUGGABLE) { Loading Loading
core/api/test-current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -683,6 +683,7 @@ package android.content { ctor public AttributionSource(int, @Nullable String, @Nullable String); ctor public AttributionSource(int, @Nullable String, @Nullable String, @NonNull android.os.IBinder); ctor public AttributionSource(int, @Nullable String, @Nullable String, @Nullable java.util.Set<java.lang.String>, @Nullable android.content.AttributionSource); method public void enforceCallingPid(); } public final class AutofillOptions implements android.os.Parcelable { Loading
core/java/android/content/AttributionSource.java +42 −4 Original line number Diff line number Diff line Loading @@ -154,8 +154,8 @@ public final class AttributionSource implements Parcelable { this(AttributionSourceState.CREATOR.createFromParcel(in)); // Since we just unpacked this object as part of it transiting a Binder // call, this is the perfect time to enforce that its UID can be trusted enforceCallingUid(); // call, this is the perfect time to enforce that its UID and PID can be trusted enforceCallingUidAndPid(); } /** @hide */ Loading Loading @@ -225,14 +225,25 @@ public final class AttributionSource implements Parcelable { } } /** * If you are handling an IPC and you don't trust the caller you need to validate whether the * attribution source is one for the calling app to prevent the caller to pass you a source from * another app without including themselves in the attribution chain. * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ private void enforceCallingUidAndPid() { enforceCallingUid(); enforceCallingPid(); } /** * If you are handling an IPC and you don't trust the caller you need to validate * whether the attribution source is one for the calling app to prevent the caller * to pass you a source from another app without including themselves in the * attribution chain. * * @throws SecurityException if the attribution source cannot be trusted to be * from the caller. * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ public void enforceCallingUid() { if (!checkCallingUid()) { Loading Loading @@ -261,6 +272,33 @@ public final class AttributionSource implements Parcelable { return true; } /** * Validate that the pid being claimed for the calling app is not spoofed * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. * @hide */ @TestApi public void enforceCallingPid() { if (!checkCallingPid()) { throw new SecurityException("Calling pid: " + Binder.getCallingPid() + " doesn't match source pid: " + mAttributionSourceState.pid); } } /** * Validate that the pid being claimed for the calling app is not spoofed * * @return if the attribution source cannot be trusted to be from the caller. */ private boolean checkCallingPid() { final int callingPid = Binder.getCallingPid(); if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) { return false; } return true; } @Override public String toString() { if (Build.IS_DEBUGGABLE) { Loading
