Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8d4680ec authored by Karishma Vakil's avatar Karishma Vakil Committed by Android (Google) Code Review
Browse files

Merge "[Permissions] Add temporary logging to debug Bluetooth security exception" into main

parents b55243ae c39b0d2c

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+56 −1
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ import static android.app.AppOpsManager.ATTRIBUTION_FLAGS_NONE; 
import static android.app.AppOpsManager.MODE_ALLOWED;

import static android.app.AppOpsManager.MODE_ERRORED;

import static android.app.AppOpsManager.MODE_IGNORED;

import static android.app.AppOpsManager.OP_BLUETOOTH_CONNECT;

import static android.content.pm.ApplicationInfo.AUTO_REVOKE_DISALLOWED;

import static android.content.pm.ApplicationInfo.AUTO_REVOKE_DISCOURAGED;
@@ -1228,6 +1229,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                        sPlatformPermissions.put(permission, permissionInfo);

                    }

                } catch (PackageManager.NameNotFoundException ignored) {

                    // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                    if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as package"

                                + " not found when retrieving permission info");

                    }

                    return PermissionChecker.PERMISSION_HARD_DENIED;

                }

            }
@@ -1347,17 +1353,34 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                // way we can avoid the datasource creating an attribution context for every call.

                if (!(fromDatasource && current.equals(attributionSource))

                        && next != null && !current.isTrusted(context)) {

                    // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                    if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as "

                                + current + " attribution source isn't a data source and "

                                + current + " isn't trusted");

                    }

                    return PermissionChecker.PERMISSION_HARD_DENIED;

                }



                // If we already checked the permission for this one, skip the work

                if (!skipCurrentChecks && !checkPermission(context, permissionManagerServiceInt,

                        permission, current)) {

                    // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                    if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as we"

                                + " aren't skipping permission checks and permission check returns"

                                + " false for " + current);

                    }

                    return PermissionChecker.PERMISSION_HARD_DENIED;

                }



                if (next != null && !checkPermission(context, permissionManagerServiceInt,

                        permission, next)) {

                    // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                    if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as"

                                + " permission check returns false for next source " + next);

                    }

                    return PermissionChecker.PERMISSION_HARD_DENIED;

                }
@@ -1402,6 +1425,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { 


                switch (opMode) {

                    case AppOpsManager.MODE_ERRORED: {

                        if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) {

                            Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as op"

                                    + " mode is MODE_ERRORED for " + attributionSource);

                        }

                        return PermissionChecker.PERMISSION_HARD_DENIED;

                    }

                    case AppOpsManager.MODE_IGNORED: {
@@ -1670,6 +1697,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                final AttributionSource resolvedAttributionSource = resolveAttributionSource(

                        context, accessorSource);

                if (resolvedAttributionSource.getPackageName() == null) {

                    // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                    if (op == OP_BLUETOOTH_CONNECT) {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as resolved"

                                + "package name for " + resolvedAttributionSource + " returned"

                                + " null");

                    }

                    return AppOpsManager.MODE_ERRORED;

                }

                int notedOp = op;
@@ -1683,6 +1716,13 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                if (attributedOp != AppOpsManager.OP_NONE && attributedOp != op) {

                    checkedOpResult = appOpsManager.checkOpNoThrow(op, resolvedAttributionSource);

                    if (checkedOpResult == MODE_ERRORED) {

                        // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                        if (op == OP_BLUETOOTH_CONNECT) {

                            Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as"

                                    + " checkOp for resolvedAttributionSource "

                                    + resolvedAttributionSource + " and op " + op

                                    + " returned MODE_ERRORED");

                        }

                        return checkedOpResult;

                    }

                    notedOp = attributedOp;
@@ -1722,7 +1762,22 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                        throw new SecurityException(msg + ":" + e.getMessage());

                    }

                }

                return Math.max(checkedOpResult, notedOpResult);

                int result = Math.max(checkedOpResult, notedOpResult);

                // TODO(b/302609140): Remove extra logging after this issue is diagnosed.

                if (op == OP_BLUETOOTH_CONNECT && result == MODE_ERRORED) {

                    if (result == checkedOpResult) {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as"

                                + " checkOp for resolvedAttributionSource "

                                + resolvedAttributionSource + " and op " + op

                                + " returned MODE_ERRORED");

                    } else {

                        Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as"

                                + " noteOp for resolvedAttributionSource "

                                + resolvedAttributionSource + " and op " + notedOp

                                + " returned MODE_ERRORED");

                    }

                }

                return result;

            }

        }