Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 53657da8 authored by Austin Borger's avatar Austin Borger
Browse files

DO NOT MERGE Revert "Revert "Fix vulnerability in AttributionSource due to in..." 

Revert submission 21893028-revert-21778925-tm-dev-2-attribution-source-GNWUUYEQSX

Reason for revert: Re-submitting after test devices have been updated with the new Wifi mainline module.

Reverted changes: /q/submissionid:21893028-revert-21778925-tm-dev-2-attribution-source-GNWUUYEQSX

Change-Id: Ie108fa208af1c2e35d2c0137e45fa146e260c93d
Merged-In: Ic301a8518b8e57e1c9a2c9f2f845e51dca145257
Bug: 267231571
parent a4ce5963

core/java/android/content/AttributionSource.java

+17 −3
Original line number Original line Diff line number Diff line
@@ -31,6 +31,7 @@ import android.os.Parcelable; 
import android.os.Process;

import android.os.Process;

import android.permission.PermissionManager;

import android.permission.PermissionManager;

import android.util.ArraySet;

import android.util.ArraySet;

import android.util.Log;





import com.android.internal.annotations.Immutable;

import com.android.internal.annotations.Immutable;
@@ -87,6 +88,8 @@ import java.util.Set; 
 */

 */

@Immutable

@Immutable

public final class AttributionSource implements Parcelable {

public final class AttributionSource implements Parcelable {

    private static final String TAG = "AttributionSource";



    private static final String DESCRIPTOR = "android.content.AttributionSource";

    private static final String DESCRIPTOR = "android.content.AttributionSource";





    private static final Binder sDefaultToken = new Binder(DESCRIPTOR);

    private static final Binder sDefaultToken = new Binder(DESCRIPTOR);
@@ -154,10 +157,21 @@ public final class AttributionSource implements Parcelable { 
    AttributionSource(@NonNull Parcel in) {

    AttributionSource(@NonNull Parcel in) {

        this(AttributionSourceState.CREATOR.createFromParcel(in));

        this(AttributionSourceState.CREATOR.createFromParcel(in));





        if (!Binder.isDirectlyHandlingTransaction()) {

            Log.e(TAG, "Unable to verify calling UID #" + mAttributionSourceState.uid + " PID #"

                    + mAttributionSourceState.pid + " when not handling Binder transaction; "

                    + "clearing.");

            mAttributionSourceState.pid = -1;

            mAttributionSourceState.uid = -1;

            mAttributionSourceState.packageName = null;

            mAttributionSourceState.attributionTag = null;

            mAttributionSourceState.next = null;

        } else {

            // Since we just unpacked this object as part of it transiting a Binder

            // Since we just unpacked this object as part of it transiting a Binder

            // call, this is the perfect time to enforce that its UID and PID can be trusted

            // call, this is the perfect time to enforce that its UID and PID can be trusted

            enforceCallingUidAndPid();

            enforceCallingUidAndPid();

        }

        }

    }





    /** @hide */

    /** @hide */

    public AttributionSource(@NonNull AttributionSourceState attributionSourceState) {

    public AttributionSource(@NonNull AttributionSourceState attributionSourceState) {