Loading Android.bp +0 −2 Original line number Diff line number Diff line Loading @@ -326,7 +326,6 @@ java_defaults { "packages/modules/Connectivity/framework/aidl-export", "packages/modules/Media/apex/aidl/stable", "hardware/interfaces/graphics/common/aidl", "frameworks/native/libs/permission/aidl", ], }, dxflags: [ Loading Loading @@ -596,7 +595,6 @@ stubs_defaults { "packages/modules/Connectivity/framework/aidl-export", "packages/modules/Media/apex/aidl/stable", "hardware/interfaces/graphics/common/aidl", "frameworks/native/libs/permission/aidl", ], }, // These are libs from framework-internal-utils that are required (i.e. being referenced) Loading core/api/current.txt +0 −3 Original line number Diff line number Diff line Loading @@ -9126,7 +9126,6 @@ package android.content { method @Nullable public String getAttributionTag(); method @Nullable public android.content.AttributionSource getNext(); method @Nullable public String getPackageName(); method public int getPid(); method public int getUid(); method public boolean isTrusted(@NonNull android.content.Context); method @NonNull public static android.content.AttributionSource myAttributionSource(); Loading @@ -9141,7 +9140,6 @@ package android.content { method @NonNull public android.content.AttributionSource.Builder setAttributionTag(@Nullable String); method @NonNull public android.content.AttributionSource.Builder setNext(@Nullable android.content.AttributionSource); method @NonNull public android.content.AttributionSource.Builder setPackageName(@Nullable String); method @NonNull public android.content.AttributionSource.Builder setPid(int); } public abstract class BroadcastReceiver { Loading Loading @@ -32007,7 +32005,6 @@ package android.os { method @Deprecated public static final boolean supportsProcesses(); field public static final int BLUETOOTH_UID = 1002; // 0x3ea field public static final int FIRST_APPLICATION_UID = 10000; // 0x2710 field public static final int INVALID_PID = -1; // 0xffffffff field public static final int INVALID_UID = -1; // 0xffffffff field public static final int LAST_APPLICATION_UID = 19999; // 0x4e1f field public static final int PHONE_UID = 1001; // 0x3e9 core/java/android/app/AppOpsManager.java +10 −11 Original line number Diff line number Diff line Loading @@ -8578,9 +8578,9 @@ public class AppOpsManager { public int noteProxyOp(int op, @Nullable String proxiedPackageName, int proxiedUid, @Nullable String proxiedAttributionTag, @Nullable String message) { return noteProxyOp(op, new AttributionSource(mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); } /** Loading Loading @@ -8664,7 +8664,7 @@ public class AppOpsManager { public int noteProxyOpNoThrow(@NonNull String op, @Nullable String proxiedPackageName, int proxiedUid, @Nullable String proxiedAttributionTag, @Nullable String message) { return noteProxyOpNoThrow(strOpToOp(op), new AttributionSource( mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, mContext.getAttributionSource(), new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource() .getToken())), message,/*skipProxyOperation*/ false); } Loading Loading @@ -9076,9 +9076,9 @@ public class AppOpsManager { public int startProxyOp(@NonNull String op, int proxiedUid, @NonNull String proxiedPackageName, @Nullable String proxiedAttributionTag, @Nullable String message) { return startProxyOp(op, new AttributionSource(mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); } /** Loading Loading @@ -9124,7 +9124,7 @@ public class AppOpsManager { @Nullable String message) { return startProxyOpNoThrow(AppOpsManager.strOpToOp(op), new AttributionSource( mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); } Loading Loading @@ -9270,9 +9270,8 @@ public class AppOpsManager { public void finishProxyOp(@NonNull String op, int proxiedUid, @NonNull String proxiedPackageName, @Nullable String proxiedAttributionTag) { finishProxyOp(op, new AttributionSource(mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), /*skipProxyOperation*/ false); new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), /*skipProxyOperation*/ false); } /** Loading core/java/android/app/ContextImpl.java +1 −3 Original line number Diff line number Diff line Loading @@ -3227,9 +3227,7 @@ class ContextImpl extends Context { @Nullable AttributionSource nextAttributionSource, @Nullable Set<String> renouncedPermissions) { AttributionSource attributionSource = new AttributionSource(Process.myUid(), Process.myPid(), mOpPackageName, attributionTag, (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null, nextAttributionSource); mOpPackageName, attributionTag, renouncedPermissions, nextAttributionSource); // If we want to access protected data on behalf of another app we need to // tell the OS that we opt in to participate in the attribution chain. if (nextAttributionSource != null) { Loading core/java/android/content/AttributionSource.java +45 −89 Original line number Diff line number Diff line Loading @@ -100,28 +100,22 @@ public final class AttributionSource implements Parcelable { @TestApi public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag) { this(uid, Process.INVALID_PID, packageName, attributionTag, sDefaultToken); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag) { this(uid, pid, packageName, attributionTag, sDefaultToken); this(uid, packageName, attributionTag, sDefaultToken); } /** @hide */ @TestApi public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token) { this(uid, Process.INVALID_PID, packageName, attributionTag, token, /*renouncedPermissions*/ null, /*next*/ null); this(uid, packageName, attributionTag, token, /*renouncedPermissions*/ null, /*next*/ null); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token) { this(uid, pid, packageName, attributionTag, token, /*renouncedPermissions*/ null, /*next*/ null); public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token, @Nullable AttributionSource next) { this(uid, packageName, attributionTag, token, /*renouncedPermissions*/ null, next); } /** @hide */ Loading @@ -129,33 +123,26 @@ public final class AttributionSource implements Parcelable { public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @Nullable Set<String> renouncedPermissions, @Nullable AttributionSource next) { this(uid, Process.INVALID_PID, packageName, attributionTag, sDefaultToken, (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null, /*next*/ next); this(uid, packageName, attributionTag, (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null, next); } /** @hide */ public AttributionSource(@NonNull AttributionSource current, @Nullable AttributionSource next) { this(current.getUid(), current.getPid(), current.getPackageName(), current.getAttributionTag(), current.getToken(), current.mAttributionSourceState.renouncedPermissions, next); this(current.getUid(), current.getPackageName(), current.getAttributionTag(), current.getToken(), current.mAttributionSourceState.renouncedPermissions, next); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag, @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) { this(uid, pid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next); AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) { this(uid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token, @Nullable String[] renouncedPermissions, AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token, @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) { mAttributionSourceState = new AttributionSourceState(); mAttributionSourceState.uid = uid; mAttributionSourceState.pid = pid; mAttributionSourceState.token = token; mAttributionSourceState.packageName = packageName; mAttributionSourceState.attributionTag = attributionTag; Loading @@ -169,17 +156,7 @@ public final class AttributionSource implements Parcelable { // Since we just unpacked this object as part of it transiting a Binder // call, this is the perfect time to enforce that its UID and PID can be trusted enforceCallingUid(); // If this object is being constructed as part of a oneway Binder call, getCallingPid will // return 0 instead of the true PID. In that case, invalidate the PID by setting it to // INVALID_PID (-1). final int callingPid = Binder.getCallingPid(); if (callingPid == 0) { mAttributionSourceState.pid = Process.INVALID_PID; } enforceCallingPid(); enforceCallingUidAndPid(); } /** @hide */ Loading @@ -189,19 +166,19 @@ public final class AttributionSource implements Parcelable { /** @hide */ public AttributionSource withNextAttributionSource(@Nullable AttributionSource next) { return new AttributionSource(getUid(), getPid(), getPackageName(), getAttributionTag(), getToken(), mAttributionSourceState.renouncedPermissions, next); return new AttributionSource(getUid(), getPackageName(), getAttributionTag(), mAttributionSourceState.renouncedPermissions, next); } /** @hide */ public AttributionSource withPackageName(@Nullable String packageName) { return new AttributionSource(getUid(), getPid(), packageName, getAttributionTag(), getToken(), mAttributionSourceState.renouncedPermissions, getNext()); return new AttributionSource(getUid(), packageName, getAttributionTag(), mAttributionSourceState.renouncedPermissions, getNext()); } /** @hide */ public AttributionSource withToken(@NonNull Binder token) { return new AttributionSource(getUid(), getPid(), getPackageName(), getAttributionTag(), return new AttributionSource(getUid(), getPackageName(), getAttributionTag(), token, mAttributionSourceState.renouncedPermissions, getNext()); } Loading Loading @@ -245,7 +222,6 @@ public final class AttributionSource implements Parcelable { } try { return new AttributionSource.Builder(uid) .setPid(Process.myPid()) .setPackageName(AppGlobals.getPackageManager().getPackagesForUid(uid)[0]) .build(); } catch (Exception ignored) { Loading Loading @@ -282,6 +258,18 @@ public final class AttributionSource implements Parcelable { } } /** * If you are handling an IPC and you don't trust the caller you need to validate whether the * attribution source is one for the calling app to prevent the caller to pass you a source from * another app without including themselves in the attribution chain. * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ private void enforceCallingUidAndPid() { enforceCallingUid(); enforceCallingPid(); } /** * If you are handling an IPC and you don't trust the caller you need to validate * whether the attribution source is one for the calling app to prevent the caller Loading Loading @@ -318,10 +306,7 @@ public final class AttributionSource implements Parcelable { } /** * Validate that the pid being claimed for the calling app is not spoofed. * * Note that the PID may be unavailable, for example if we're in a oneway Binder call. In this * case, calling enforceCallingPid is guaranteed to fail. The caller should anticipate this. * Validate that the pid being claimed for the calling app is not spoofed * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. * @hide Loading @@ -329,14 +314,10 @@ public final class AttributionSource implements Parcelable { @TestApi public void enforceCallingPid() { if (!checkCallingPid()) { if (Binder.getCallingPid() == 0) { throw new SecurityException("Calling pid unavailable due to oneway Binder call."); } else { throw new SecurityException("Calling pid: " + Binder.getCallingPid() + " doesn't match source pid: " + mAttributionSourceState.pid); } } } /** * Validate that the pid being claimed for the calling app is not spoofed Loading @@ -345,8 +326,7 @@ public final class AttributionSource implements Parcelable { */ private boolean checkCallingPid() { final int callingPid = Binder.getCallingPid(); if (mAttributionSourceState.pid != Process.INVALID_PID && callingPid != mAttributionSourceState.pid) { if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) { return false; } return true; Loading Loading @@ -462,13 +442,6 @@ public final class AttributionSource implements Parcelable { return mAttributionSourceState.uid; } /** * The PID that is accessing the permission protected data. */ public int getPid() { return mAttributionSourceState.pid; } /** * The package that is accessing the permission protected data. */ Loading Loading @@ -577,7 +550,6 @@ public final class AttributionSource implements Parcelable { throw new IllegalArgumentException("current AttributionSource can not be null"); } mAttributionSourceState.uid = current.getUid(); mAttributionSourceState.pid = current.getPid(); mAttributionSourceState.packageName = current.getPackageName(); mAttributionSourceState.attributionTag = current.getAttributionTag(); mAttributionSourceState.token = current.getToken(); Loading @@ -585,25 +557,12 @@ public final class AttributionSource implements Parcelable { current.mAttributionSourceState.renouncedPermissions; } /** * The PID of the process that is accessing the permission protected data. * * If not called, pid will default to Process.INVALID_PID (-1). This indicates that the PID * data is missing. Supplying a PID is not required, but recommended when accessible. */ public @NonNull Builder setPid(int value) { checkNotUsed(); mBuilderFieldsSet |= 0x2; mAttributionSourceState.pid = value; return this; } /** * The package that is accessing the permission protected data. */ public @NonNull Builder setPackageName(@Nullable String value) { checkNotUsed(); mBuilderFieldsSet |= 0x4; mBuilderFieldsSet |= 0x2; mAttributionSourceState.packageName = value; return this; } Loading @@ -613,7 +572,7 @@ public final class AttributionSource implements Parcelable { */ public @NonNull Builder setAttributionTag(@Nullable String value) { checkNotUsed(); mBuilderFieldsSet |= 0x8; mBuilderFieldsSet |= 0x4; mAttributionSourceState.attributionTag = value; return this; } Loading Loading @@ -646,7 +605,7 @@ public final class AttributionSource implements Parcelable { @RequiresPermission(android.Manifest.permission.RENOUNCE_PERMISSIONS) public @NonNull Builder setRenouncedPermissions(@Nullable Set<String> value) { checkNotUsed(); mBuilderFieldsSet |= 0x10; mBuilderFieldsSet |= 0x8; mAttributionSourceState.renouncedPermissions = (value != null) ? value.toArray(new String[0]) : null; return this; Loading @@ -657,7 +616,7 @@ public final class AttributionSource implements Parcelable { */ public @NonNull Builder setNext(@Nullable AttributionSource value) { checkNotUsed(); mBuilderFieldsSet |= 0x20; mBuilderFieldsSet |= 0x10; mAttributionSourceState.next = (value != null) ? new AttributionSourceState[] {value.mAttributionSourceState} : mAttributionSourceState.next; return this; Loading @@ -669,18 +628,15 @@ public final class AttributionSource implements Parcelable { mBuilderFieldsSet |= 0x40; // Mark builder used if ((mBuilderFieldsSet & 0x2) == 0) { mAttributionSourceState.pid = Process.INVALID_PID; } if ((mBuilderFieldsSet & 0x4) == 0) { mAttributionSourceState.packageName = null; } if ((mBuilderFieldsSet & 0x8) == 0) { if ((mBuilderFieldsSet & 0x4) == 0) { mAttributionSourceState.attributionTag = null; } if ((mBuilderFieldsSet & 0x10) == 0) { if ((mBuilderFieldsSet & 0x8) == 0) { mAttributionSourceState.renouncedPermissions = null; } if ((mBuilderFieldsSet & 0x20) == 0) { if ((mBuilderFieldsSet & 0x10) == 0) { mAttributionSourceState.next = null; } Loading Loading
Android.bp +0 −2 Original line number Diff line number Diff line Loading @@ -326,7 +326,6 @@ java_defaults { "packages/modules/Connectivity/framework/aidl-export", "packages/modules/Media/apex/aidl/stable", "hardware/interfaces/graphics/common/aidl", "frameworks/native/libs/permission/aidl", ], }, dxflags: [ Loading Loading @@ -596,7 +595,6 @@ stubs_defaults { "packages/modules/Connectivity/framework/aidl-export", "packages/modules/Media/apex/aidl/stable", "hardware/interfaces/graphics/common/aidl", "frameworks/native/libs/permission/aidl", ], }, // These are libs from framework-internal-utils that are required (i.e. being referenced) Loading
core/api/current.txt +0 −3 Original line number Diff line number Diff line Loading @@ -9126,7 +9126,6 @@ package android.content { method @Nullable public String getAttributionTag(); method @Nullable public android.content.AttributionSource getNext(); method @Nullable public String getPackageName(); method public int getPid(); method public int getUid(); method public boolean isTrusted(@NonNull android.content.Context); method @NonNull public static android.content.AttributionSource myAttributionSource(); Loading @@ -9141,7 +9140,6 @@ package android.content { method @NonNull public android.content.AttributionSource.Builder setAttributionTag(@Nullable String); method @NonNull public android.content.AttributionSource.Builder setNext(@Nullable android.content.AttributionSource); method @NonNull public android.content.AttributionSource.Builder setPackageName(@Nullable String); method @NonNull public android.content.AttributionSource.Builder setPid(int); } public abstract class BroadcastReceiver { Loading Loading @@ -32007,7 +32005,6 @@ package android.os { method @Deprecated public static final boolean supportsProcesses(); field public static final int BLUETOOTH_UID = 1002; // 0x3ea field public static final int FIRST_APPLICATION_UID = 10000; // 0x2710 field public static final int INVALID_PID = -1; // 0xffffffff field public static final int INVALID_UID = -1; // 0xffffffff field public static final int LAST_APPLICATION_UID = 19999; // 0x4e1f field public static final int PHONE_UID = 1001; // 0x3e9
core/java/android/app/AppOpsManager.java +10 −11 Original line number Diff line number Diff line Loading @@ -8578,9 +8578,9 @@ public class AppOpsManager { public int noteProxyOp(int op, @Nullable String proxiedPackageName, int proxiedUid, @Nullable String proxiedAttributionTag, @Nullable String message) { return noteProxyOp(op, new AttributionSource(mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); } /** Loading Loading @@ -8664,7 +8664,7 @@ public class AppOpsManager { public int noteProxyOpNoThrow(@NonNull String op, @Nullable String proxiedPackageName, int proxiedUid, @Nullable String proxiedAttributionTag, @Nullable String message) { return noteProxyOpNoThrow(strOpToOp(op), new AttributionSource( mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, mContext.getAttributionSource(), new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource() .getToken())), message,/*skipProxyOperation*/ false); } Loading Loading @@ -9076,9 +9076,9 @@ public class AppOpsManager { public int startProxyOp(@NonNull String op, int proxiedUid, @NonNull String proxiedPackageName, @Nullable String proxiedAttributionTag, @Nullable String message) { return startProxyOp(op, new AttributionSource(mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); } /** Loading Loading @@ -9124,7 +9124,7 @@ public class AppOpsManager { @Nullable String message) { return startProxyOpNoThrow(AppOpsManager.strOpToOp(op), new AttributionSource( mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), message, /*skipProxyOperation*/ false); } Loading Loading @@ -9270,9 +9270,8 @@ public class AppOpsManager { public void finishProxyOp(@NonNull String op, int proxiedUid, @NonNull String proxiedPackageName, @Nullable String proxiedAttributionTag) { finishProxyOp(op, new AttributionSource(mContext.getAttributionSource(), new AttributionSource(proxiedUid, /*pid*/ -1, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), /*skipProxyOperation*/ false); new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource().getToken())), /*skipProxyOperation*/ false); } /** Loading
core/java/android/app/ContextImpl.java +1 −3 Original line number Diff line number Diff line Loading @@ -3227,9 +3227,7 @@ class ContextImpl extends Context { @Nullable AttributionSource nextAttributionSource, @Nullable Set<String> renouncedPermissions) { AttributionSource attributionSource = new AttributionSource(Process.myUid(), Process.myPid(), mOpPackageName, attributionTag, (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null, nextAttributionSource); mOpPackageName, attributionTag, renouncedPermissions, nextAttributionSource); // If we want to access protected data on behalf of another app we need to // tell the OS that we opt in to participate in the attribution chain. if (nextAttributionSource != null) { Loading
core/java/android/content/AttributionSource.java +45 −89 Original line number Diff line number Diff line Loading @@ -100,28 +100,22 @@ public final class AttributionSource implements Parcelable { @TestApi public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag) { this(uid, Process.INVALID_PID, packageName, attributionTag, sDefaultToken); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag) { this(uid, pid, packageName, attributionTag, sDefaultToken); this(uid, packageName, attributionTag, sDefaultToken); } /** @hide */ @TestApi public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token) { this(uid, Process.INVALID_PID, packageName, attributionTag, token, /*renouncedPermissions*/ null, /*next*/ null); this(uid, packageName, attributionTag, token, /*renouncedPermissions*/ null, /*next*/ null); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token) { this(uid, pid, packageName, attributionTag, token, /*renouncedPermissions*/ null, /*next*/ null); public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token, @Nullable AttributionSource next) { this(uid, packageName, attributionTag, token, /*renouncedPermissions*/ null, next); } /** @hide */ Loading @@ -129,33 +123,26 @@ public final class AttributionSource implements Parcelable { public AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @Nullable Set<String> renouncedPermissions, @Nullable AttributionSource next) { this(uid, Process.INVALID_PID, packageName, attributionTag, sDefaultToken, (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null, /*next*/ next); this(uid, packageName, attributionTag, (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null, next); } /** @hide */ public AttributionSource(@NonNull AttributionSource current, @Nullable AttributionSource next) { this(current.getUid(), current.getPid(), current.getPackageName(), current.getAttributionTag(), current.getToken(), current.mAttributionSourceState.renouncedPermissions, next); this(current.getUid(), current.getPackageName(), current.getAttributionTag(), current.getToken(), current.mAttributionSourceState.renouncedPermissions, next); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag, @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) { this(uid, pid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next); AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) { this(uid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next); } /** @hide */ public AttributionSource(int uid, int pid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token, @Nullable String[] renouncedPermissions, AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag, @NonNull IBinder token, @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) { mAttributionSourceState = new AttributionSourceState(); mAttributionSourceState.uid = uid; mAttributionSourceState.pid = pid; mAttributionSourceState.token = token; mAttributionSourceState.packageName = packageName; mAttributionSourceState.attributionTag = attributionTag; Loading @@ -169,17 +156,7 @@ public final class AttributionSource implements Parcelable { // Since we just unpacked this object as part of it transiting a Binder // call, this is the perfect time to enforce that its UID and PID can be trusted enforceCallingUid(); // If this object is being constructed as part of a oneway Binder call, getCallingPid will // return 0 instead of the true PID. In that case, invalidate the PID by setting it to // INVALID_PID (-1). final int callingPid = Binder.getCallingPid(); if (callingPid == 0) { mAttributionSourceState.pid = Process.INVALID_PID; } enforceCallingPid(); enforceCallingUidAndPid(); } /** @hide */ Loading @@ -189,19 +166,19 @@ public final class AttributionSource implements Parcelable { /** @hide */ public AttributionSource withNextAttributionSource(@Nullable AttributionSource next) { return new AttributionSource(getUid(), getPid(), getPackageName(), getAttributionTag(), getToken(), mAttributionSourceState.renouncedPermissions, next); return new AttributionSource(getUid(), getPackageName(), getAttributionTag(), mAttributionSourceState.renouncedPermissions, next); } /** @hide */ public AttributionSource withPackageName(@Nullable String packageName) { return new AttributionSource(getUid(), getPid(), packageName, getAttributionTag(), getToken(), mAttributionSourceState.renouncedPermissions, getNext()); return new AttributionSource(getUid(), packageName, getAttributionTag(), mAttributionSourceState.renouncedPermissions, getNext()); } /** @hide */ public AttributionSource withToken(@NonNull Binder token) { return new AttributionSource(getUid(), getPid(), getPackageName(), getAttributionTag(), return new AttributionSource(getUid(), getPackageName(), getAttributionTag(), token, mAttributionSourceState.renouncedPermissions, getNext()); } Loading Loading @@ -245,7 +222,6 @@ public final class AttributionSource implements Parcelable { } try { return new AttributionSource.Builder(uid) .setPid(Process.myPid()) .setPackageName(AppGlobals.getPackageManager().getPackagesForUid(uid)[0]) .build(); } catch (Exception ignored) { Loading Loading @@ -282,6 +258,18 @@ public final class AttributionSource implements Parcelable { } } /** * If you are handling an IPC and you don't trust the caller you need to validate whether the * attribution source is one for the calling app to prevent the caller to pass you a source from * another app without including themselves in the attribution chain. * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ private void enforceCallingUidAndPid() { enforceCallingUid(); enforceCallingPid(); } /** * If you are handling an IPC and you don't trust the caller you need to validate * whether the attribution source is one for the calling app to prevent the caller Loading Loading @@ -318,10 +306,7 @@ public final class AttributionSource implements Parcelable { } /** * Validate that the pid being claimed for the calling app is not spoofed. * * Note that the PID may be unavailable, for example if we're in a oneway Binder call. In this * case, calling enforceCallingPid is guaranteed to fail. The caller should anticipate this. * Validate that the pid being claimed for the calling app is not spoofed * * @throws SecurityException if the attribution source cannot be trusted to be from the caller. * @hide Loading @@ -329,14 +314,10 @@ public final class AttributionSource implements Parcelable { @TestApi public void enforceCallingPid() { if (!checkCallingPid()) { if (Binder.getCallingPid() == 0) { throw new SecurityException("Calling pid unavailable due to oneway Binder call."); } else { throw new SecurityException("Calling pid: " + Binder.getCallingPid() + " doesn't match source pid: " + mAttributionSourceState.pid); } } } /** * Validate that the pid being claimed for the calling app is not spoofed Loading @@ -345,8 +326,7 @@ public final class AttributionSource implements Parcelable { */ private boolean checkCallingPid() { final int callingPid = Binder.getCallingPid(); if (mAttributionSourceState.pid != Process.INVALID_PID && callingPid != mAttributionSourceState.pid) { if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) { return false; } return true; Loading Loading @@ -462,13 +442,6 @@ public final class AttributionSource implements Parcelable { return mAttributionSourceState.uid; } /** * The PID that is accessing the permission protected data. */ public int getPid() { return mAttributionSourceState.pid; } /** * The package that is accessing the permission protected data. */ Loading Loading @@ -577,7 +550,6 @@ public final class AttributionSource implements Parcelable { throw new IllegalArgumentException("current AttributionSource can not be null"); } mAttributionSourceState.uid = current.getUid(); mAttributionSourceState.pid = current.getPid(); mAttributionSourceState.packageName = current.getPackageName(); mAttributionSourceState.attributionTag = current.getAttributionTag(); mAttributionSourceState.token = current.getToken(); Loading @@ -585,25 +557,12 @@ public final class AttributionSource implements Parcelable { current.mAttributionSourceState.renouncedPermissions; } /** * The PID of the process that is accessing the permission protected data. * * If not called, pid will default to Process.INVALID_PID (-1). This indicates that the PID * data is missing. Supplying a PID is not required, but recommended when accessible. */ public @NonNull Builder setPid(int value) { checkNotUsed(); mBuilderFieldsSet |= 0x2; mAttributionSourceState.pid = value; return this; } /** * The package that is accessing the permission protected data. */ public @NonNull Builder setPackageName(@Nullable String value) { checkNotUsed(); mBuilderFieldsSet |= 0x4; mBuilderFieldsSet |= 0x2; mAttributionSourceState.packageName = value; return this; } Loading @@ -613,7 +572,7 @@ public final class AttributionSource implements Parcelable { */ public @NonNull Builder setAttributionTag(@Nullable String value) { checkNotUsed(); mBuilderFieldsSet |= 0x8; mBuilderFieldsSet |= 0x4; mAttributionSourceState.attributionTag = value; return this; } Loading Loading @@ -646,7 +605,7 @@ public final class AttributionSource implements Parcelable { @RequiresPermission(android.Manifest.permission.RENOUNCE_PERMISSIONS) public @NonNull Builder setRenouncedPermissions(@Nullable Set<String> value) { checkNotUsed(); mBuilderFieldsSet |= 0x10; mBuilderFieldsSet |= 0x8; mAttributionSourceState.renouncedPermissions = (value != null) ? value.toArray(new String[0]) : null; return this; Loading @@ -657,7 +616,7 @@ public final class AttributionSource implements Parcelable { */ public @NonNull Builder setNext(@Nullable AttributionSource value) { checkNotUsed(); mBuilderFieldsSet |= 0x20; mBuilderFieldsSet |= 0x10; mAttributionSourceState.next = (value != null) ? new AttributionSourceState[] {value.mAttributionSourceState} : mAttributionSourceState.next; return this; Loading @@ -669,18 +628,15 @@ public final class AttributionSource implements Parcelable { mBuilderFieldsSet |= 0x40; // Mark builder used if ((mBuilderFieldsSet & 0x2) == 0) { mAttributionSourceState.pid = Process.INVALID_PID; } if ((mBuilderFieldsSet & 0x4) == 0) { mAttributionSourceState.packageName = null; } if ((mBuilderFieldsSet & 0x8) == 0) { if ((mBuilderFieldsSet & 0x4) == 0) { mAttributionSourceState.attributionTag = null; } if ((mBuilderFieldsSet & 0x10) == 0) { if ((mBuilderFieldsSet & 0x8) == 0) { mAttributionSourceState.renouncedPermissions = null; } if ((mBuilderFieldsSet & 0x20) == 0) { if ((mBuilderFieldsSet & 0x10) == 0) { mAttributionSourceState.next = null; } Loading
