Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9203ec00 authored by Austin Borger's avatar Austin Borger Committed by Automerger Merge Worker
Browse files

Merge "Add pids to AttributionSource." into udc-dev am: 6601aa80

parents 1874d37f 6601aa80
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -9678,6 +9678,7 @@ package android.content {
    method @Nullable public String getAttributionTag();
    method @Nullable public android.content.AttributionSource getNext();
    method @Nullable public String getPackageName();
    method public int getPid();
    method public int getUid();
    method public boolean isTrusted(@NonNull android.content.Context);
    method @NonNull public static android.content.AttributionSource myAttributionSource();
@@ -9692,6 +9693,7 @@ package android.content {
    method @NonNull public android.content.AttributionSource.Builder setAttributionTag(@Nullable String);
    method @NonNull public android.content.AttributionSource.Builder setNext(@Nullable android.content.AttributionSource);
    method @NonNull public android.content.AttributionSource.Builder setPackageName(@Nullable String);
    method @NonNull public android.content.AttributionSource.Builder setPid(int);
  }
  public abstract class BroadcastReceiver {
@@ -33610,6 +33612,7 @@ package android.os {
    method @Deprecated public static final boolean supportsProcesses();
    field public static final int BLUETOOTH_UID = 1002; // 0x3ea
    field public static final int FIRST_APPLICATION_UID = 10000; // 0x2710
    field public static final int INVALID_PID = -1; // 0xffffffff
    field public static final int INVALID_UID = -1; // 0xffffffff
    field public static final int LAST_APPLICATION_UID = 19999; // 0x4e1f
    field public static final int PHONE_UID = 1001; // 0x3e9
+12 −11
Original line number Diff line number Diff line
@@ -8408,9 +8408,9 @@ public class AppOpsManager {
    public int noteProxyOp(int op, @Nullable String proxiedPackageName, int proxiedUid,
            @Nullable String proxiedAttributionTag, @Nullable String message) {
        return noteProxyOp(op, new AttributionSource(mContext.getAttributionSource(),
                new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag,
                        mContext.getAttributionSource().getToken())), message,
                        /*skipProxyOperation*/ false);
                new AttributionSource(proxiedUid, Process.INVALID_PID, proxiedPackageName,
                        proxiedAttributionTag, mContext.getAttributionSource().getToken())),
                        message, /*skipProxyOperation*/ false);
    }

    /**
@@ -8495,8 +8495,9 @@ public class AppOpsManager {
            int proxiedUid, @Nullable String proxiedAttributionTag, @Nullable String message) {
        return noteProxyOpNoThrow(strOpToOp(op), new AttributionSource(
                mContext.getAttributionSource(), new AttributionSource(proxiedUid,
                        proxiedPackageName, proxiedAttributionTag, mContext.getAttributionSource()
                        .getToken())), message,/*skipProxyOperation*/ false);
                        Process.INVALID_PID, proxiedPackageName, proxiedAttributionTag,
                        mContext.getAttributionSource().getToken())), message,
                        /*skipProxyOperation*/ false);
    }

    /**
@@ -8906,9 +8907,9 @@ public class AppOpsManager {
    public int startProxyOp(@NonNull String op, int proxiedUid, @NonNull String proxiedPackageName,
            @Nullable String proxiedAttributionTag, @Nullable String message) {
        return startProxyOp(op, new AttributionSource(mContext.getAttributionSource(),
                new AttributionSource(proxiedUid, proxiedPackageName, proxiedAttributionTag,
                        mContext.getAttributionSource().getToken())), message,
                        /*skipProxyOperation*/ false);
                new AttributionSource(proxiedUid, Process.INVALID_PID, proxiedPackageName,
                        proxiedAttributionTag, mContext.getAttributionSource().getToken())),
                        message, /*skipProxyOperation*/ false);
    }

    /**
@@ -8954,7 +8955,7 @@ public class AppOpsManager {
            @Nullable String message) {
        return startProxyOpNoThrow(AppOpsManager.strOpToOp(op), new AttributionSource(
                mContext.getAttributionSource(), new AttributionSource(proxiedUid,
                        proxiedPackageName, proxiedAttributionTag,
                        Process.INVALID_PID, proxiedPackageName, proxiedAttributionTag,
                        mContext.getAttributionSource().getToken())), message,
                        /*skipProxyOperation*/ false);
    }
@@ -9103,8 +9104,8 @@ public class AppOpsManager {
            @NonNull String proxiedPackageName, @Nullable String proxiedAttributionTag) {
        IBinder token = mContext.getAttributionSource().getToken();
        finishProxyOp(token, op, new AttributionSource(mContext.getAttributionSource(),
                new AttributionSource(proxiedUid, proxiedPackageName,  proxiedAttributionTag,
                        token)), /*skipProxyOperation*/ false);
                new AttributionSource(proxiedUid, Process.INVALID_PID, proxiedPackageName,
                        proxiedAttributionTag, token)), /*skipProxyOperation*/ false);
    }

    /**
+3 −1
Original line number Diff line number Diff line
@@ -3461,7 +3461,9 @@ class ContextImpl extends Context {
            @Nullable AttributionSource nextAttributionSource,
            @Nullable Set<String> renouncedPermissions) {
        AttributionSource attributionSource = new AttributionSource(Process.myUid(),
                mOpPackageName, attributionTag, renouncedPermissions, nextAttributionSource);
                Process.myPid(), mOpPackageName, attributionTag,
                (renouncedPermissions != null) ? renouncedPermissions.toArray(new String[0]) : null,
                nextAttributionSource);
        // If we want to access protected data on behalf of another app we need to
        // tell the OS that we opt in to participate in the attribution chain.
        if (nextAttributionSource != null) {
+96 −45
Original line number Diff line number Diff line
@@ -101,22 +101,28 @@ public final class AttributionSource implements Parcelable {
    @TestApi
    public AttributionSource(int uid, @Nullable String packageName,
            @Nullable String attributionTag) {
        this(uid, packageName, attributionTag, sDefaultToken);
        this(uid, Process.INVALID_PID, packageName, attributionTag, sDefaultToken);
    }

    /** @hide */
    public AttributionSource(int uid, int pid, @Nullable String packageName,
            @Nullable String attributionTag) {
        this(uid, pid, packageName, attributionTag, sDefaultToken);
    }

    /** @hide */
    @TestApi
    public AttributionSource(int uid, @Nullable String packageName,
            @Nullable String attributionTag, @NonNull IBinder token) {
        this(uid, packageName, attributionTag, token, /*renouncedPermissions*/ null,
                /*next*/ null);
        this(uid, Process.INVALID_PID, packageName, attributionTag, token,
                /*renouncedPermissions*/ null, /*next*/ null);
    }

    /** @hide */
    public AttributionSource(int uid, @Nullable String packageName,
            @Nullable String attributionTag, @NonNull IBinder token,
            @Nullable AttributionSource next) {
        this(uid, packageName, attributionTag, token, /*renouncedPermissions*/ null, next);
    public AttributionSource(int uid, int pid, @Nullable String packageName,
            @Nullable String attributionTag, @NonNull IBinder token) {
        this(uid, pid, packageName, attributionTag, token, /*renouncedPermissions*/ null,
                /*next*/ null);
    }

    /** @hide */
@@ -124,26 +130,33 @@ public final class AttributionSource implements Parcelable {
    public AttributionSource(int uid, @Nullable String packageName,
            @Nullable String attributionTag, @Nullable Set<String> renouncedPermissions,
            @Nullable AttributionSource next) {
        this(uid, packageName, attributionTag, (renouncedPermissions != null)
                ? renouncedPermissions.toArray(new String[0]) : null, next);
        this(uid, Process.INVALID_PID, packageName, attributionTag, sDefaultToken,
                (renouncedPermissions != null)
                ? renouncedPermissions.toArray(new String[0]) : null, /*next*/ next);
    }

    /** @hide */
    public AttributionSource(@NonNull AttributionSource current, @Nullable AttributionSource next) {
        this(current.getUid(), current.getPackageName(), current.getAttributionTag(),
                current.getToken(), current.mAttributionSourceState.renouncedPermissions, next);
        this(current.getUid(), current.getPid(), current.getPackageName(),
                current.getAttributionTag(), current.getToken(),
                current.mAttributionSourceState.renouncedPermissions, next);
    }

    AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag,
            @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) {
        this(uid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next);
    /** @hide */
    public AttributionSource(int uid, int pid, @Nullable String packageName,
            @Nullable String attributionTag, @Nullable String[] renouncedPermissions,
            @Nullable AttributionSource next) {
        this(uid, pid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next);
    }

    AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag,
            @NonNull IBinder token, @Nullable String[] renouncedPermissions,
    /** @hide */
    public AttributionSource(int uid, int pid, @Nullable String packageName,
            @Nullable String attributionTag, @NonNull IBinder token,
            @Nullable String[] renouncedPermissions,
            @Nullable AttributionSource next) {
        mAttributionSourceState = new AttributionSourceState();
        mAttributionSourceState.uid = uid;
        mAttributionSourceState.pid = pid;
        mAttributionSourceState.token = token;
        mAttributionSourceState.packageName = packageName;
        mAttributionSourceState.attributionTag = attributionTag;
@@ -162,7 +175,17 @@ public final class AttributionSource implements Parcelable {

        // Since we just unpacked this object as part of it transiting a Binder
        // call, this is the perfect time to enforce that its UID and PID can be trusted
        enforceCallingUidAndPid();
        enforceCallingUid();

        // If this object is being constructed as part of a oneway Binder call, getCallingPid will
        // return 0 instead of the true PID. In that case, invalidate the PID by setting it to
        // INVALID_PID (-1).
        final int callingPid = Binder.getCallingPid();
        if (callingPid == 0) {
            mAttributionSourceState.pid = Process.INVALID_PID;
        }

        enforceCallingPid();
    }

    /** @hide */
@@ -172,22 +195,28 @@ public final class AttributionSource implements Parcelable {

    /** @hide */
    public AttributionSource withNextAttributionSource(@Nullable AttributionSource next) {
        return new AttributionSource(getUid(), getPackageName(), getAttributionTag(),
                mAttributionSourceState.renouncedPermissions, next);
        return new AttributionSource(getUid(), getPid(), getPackageName(), getAttributionTag(),
                getToken(), mAttributionSourceState.renouncedPermissions, next);
    }

    /** @hide */
    public AttributionSource withPackageName(@Nullable String packageName) {
        return new AttributionSource(getUid(), packageName, getAttributionTag(),
                mAttributionSourceState.renouncedPermissions, getNext());
        return new AttributionSource(getUid(), getPid(), packageName, getAttributionTag(),
               getToken(), mAttributionSourceState.renouncedPermissions, getNext());
    }

    /** @hide */
    public AttributionSource withToken(@NonNull Binder token) {
        return new AttributionSource(getUid(), getPackageName(), getAttributionTag(),
        return new AttributionSource(getUid(), getPid(), getPackageName(), getAttributionTag(),
                token, mAttributionSourceState.renouncedPermissions, getNext());
    }

    /** @hide */
    public AttributionSource withPid(int pid) {
        return new AttributionSource(getUid(), pid, getPackageName(), getAttributionTag(),
                getToken(), mAttributionSourceState.renouncedPermissions, getNext());
    }

    /** @hide */
    public @NonNull AttributionSourceState asState() {
        return mAttributionSourceState;
@@ -228,6 +257,7 @@ public final class AttributionSource implements Parcelable {
        }
        try {
            return new AttributionSource.Builder(uid)
                .setPid(Process.myPid())
                .setPackageName(AppGlobals.getPackageManager().getPackagesForUid(uid)[0])
                .build();
        } catch (Exception ignored) {
@@ -264,18 +294,6 @@ public final class AttributionSource implements Parcelable {
        }
    }

    /**
     * If you are handling an IPC and you don't trust the caller you need to validate whether the
     * attribution source is one for the calling app to prevent the caller to pass you a source from
     * another app without including themselves in the attribution chain.
     *
     * @throws SecurityException if the attribution source cannot be trusted to be from the caller.
     */
    private void enforceCallingUidAndPid() {
        enforceCallingUid();
        enforceCallingPid();
    }

    /**
     * If you are handling an IPC and you don't trust the caller you need to validate
     * whether the attribution source is one for the calling app to prevent the caller
@@ -312,7 +330,10 @@ public final class AttributionSource implements Parcelable {
    }

    /**
     * Validate that the pid being claimed for the calling app is not spoofed
     * Validate that the pid being claimed for the calling app is not spoofed.
     *
     * Note that the PID may be unavailable, for example if we're in a oneway Binder call. In this
     * case, calling enforceCallingPid is guaranteed to fail. The caller should anticipate this.
     *
     * @throws SecurityException if the attribution source cannot be trusted to be from the caller.
     * @hide
@@ -320,10 +341,14 @@ public final class AttributionSource implements Parcelable {
    @TestApi
    public void enforceCallingPid() {
        if (!checkCallingPid()) {
            if (Binder.getCallingPid() == 0) {
                throw new SecurityException("Calling pid unavailable due to oneway Binder call.");
            } else {
                throw new SecurityException("Calling pid: " + Binder.getCallingPid()
                        + " doesn't match source pid: " + mAttributionSourceState.pid);
            }
        }
    }

    /**
     * Validate that the pid being claimed for the calling app is not spoofed
@@ -332,7 +357,8 @@ public final class AttributionSource implements Parcelable {
     */
    private boolean checkCallingPid() {
        final int callingPid = Binder.getCallingPid();
        if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) {
        if (mAttributionSourceState.pid != Process.INVALID_PID
                && callingPid != mAttributionSourceState.pid) {
            return false;
        }
        return true;
@@ -448,6 +474,13 @@ public final class AttributionSource implements Parcelable {
        return mAttributionSourceState.uid;
    }

    /**
     * The PID that is accessing the permission protected data.
     */
    public int getPid() {
        return mAttributionSourceState.pid;
    }

    /**
     * The package that is accessing the permission protected data.
     */
@@ -551,6 +584,7 @@ public final class AttributionSource implements Parcelable {
                throw new IllegalArgumentException("current AttributionSource can not be null");
            }
            mAttributionSourceState.uid = current.getUid();
            mAttributionSourceState.pid = current.getPid();
            mAttributionSourceState.packageName = current.getPackageName();
            mAttributionSourceState.attributionTag = current.getAttributionTag();
            mAttributionSourceState.token = current.getToken();
@@ -558,12 +592,26 @@ public final class AttributionSource implements Parcelable {
                current.mAttributionSourceState.renouncedPermissions;
        }

        /**
         * The PID of the process that is accessing the permission protected data.
         *
         * If not called, pid will default to {@link Process@INVALID_PID} (-1). This indicates that
         * the PID data is missing. Supplying a PID is not required, but recommended when
         * accessible.
         */
        public @NonNull Builder setPid(int value) {
            checkNotUsed();
            mBuilderFieldsSet |= 0x2;
            mAttributionSourceState.pid = value;
            return this;
        }

        /**
         * The package that is accessing the permission protected data.
         */
        public @NonNull Builder setPackageName(@Nullable String value) {
            checkNotUsed();
            mBuilderFieldsSet |= 0x2;
            mBuilderFieldsSet |= 0x4;
            mAttributionSourceState.packageName = value;
            return this;
        }
@@ -573,7 +621,7 @@ public final class AttributionSource implements Parcelable {
         */
        public @NonNull Builder setAttributionTag(@Nullable String value) {
            checkNotUsed();
            mBuilderFieldsSet |= 0x4;
            mBuilderFieldsSet |= 0x8;
            mAttributionSourceState.attributionTag = value;
            return this;
        }
@@ -606,7 +654,7 @@ public final class AttributionSource implements Parcelable {
        @RequiresPermission(android.Manifest.permission.RENOUNCE_PERMISSIONS)
        public @NonNull Builder setRenouncedPermissions(@Nullable Set<String> value) {
            checkNotUsed();
            mBuilderFieldsSet |= 0x8;
            mBuilderFieldsSet |= 0x10;
            mAttributionSourceState.renouncedPermissions = (value != null)
                    ? value.toArray(new String[0]) : null;
            return this;
@@ -617,7 +665,7 @@ public final class AttributionSource implements Parcelable {
         */
        public @NonNull Builder setNext(@Nullable AttributionSource value) {
            checkNotUsed();
            mBuilderFieldsSet |= 0x10;
            mBuilderFieldsSet |= 0x20;
            mAttributionSourceState.next = (value != null) ? new AttributionSourceState[]
                    {value.mAttributionSourceState} : mAttributionSourceState.next;
            return this;
@@ -629,15 +677,18 @@ public final class AttributionSource implements Parcelable {
            mBuilderFieldsSet |= 0x40; // Mark builder used

            if ((mBuilderFieldsSet & 0x2) == 0) {
                mAttributionSourceState.packageName = null;
                mAttributionSourceState.pid = Process.INVALID_PID;
            }
            if ((mBuilderFieldsSet & 0x4) == 0) {
                mAttributionSourceState.attributionTag = null;
                mAttributionSourceState.packageName = null;
            }
            if ((mBuilderFieldsSet & 0x8) == 0) {
                mAttributionSourceState.renouncedPermissions = null;
                mAttributionSourceState.attributionTag = null;
            }
            if ((mBuilderFieldsSet & 0x10) == 0) {
                mAttributionSourceState.renouncedPermissions = null;
            }
            if ((mBuilderFieldsSet & 0x20) == 0) {
                mAttributionSourceState.next = null;
            }

+1 −1
Original line number Diff line number Diff line
@@ -152,7 +152,7 @@ public final class PermissionChecker {
            @NonNull String permission, int pid, int uid, @Nullable String packageName,
            @Nullable String attributionTag, @Nullable String message, boolean startDataDelivery) {
        return checkPermissionForDataDelivery(context, permission, pid, new AttributionSource(uid,
                packageName, attributionTag), message, startDataDelivery);
                pid, packageName, attributionTag), message, startDataDelivery);
    }

    /**
Loading