Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a51c2ef3 authored by Philip P. Moltmann's avatar Philip P. Moltmann
Browse files

Do not allow invalid attribution tags 

Fixes: 151105954
Test: atest CtsAppOpsTestCases
Change-Id: I2b210172bd042300cc8aa54edf3f68b6aa3420fe
parent 3a696609

api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -269,6 +269,7 @@ package android.app { 
    field public static final int OP_RECORD_AUDIO = 27; // 0x1b

    field public static final int OP_START_FOREGROUND = 76; // 0x4c

    field public static final int OP_SYSTEM_ALERT_WINDOW = 24; // 0x18

    field public static final long SECURITY_EXCEPTION_ON_INVALID_ATTRIBUTION_TAG_CHANGE = 151105954L; // 0x901b1a2L

    field public static final int UID_STATE_BACKGROUND = 600; // 0x258

    field public static final int UID_STATE_CACHED = 700; // 0x2bc

    field public static final int UID_STATE_FOREGROUND = 500; // 0x1f4

core/java/android/app/AppOpsManager.java

+16 −0
Original line number Diff line number Diff line
@@ -182,6 +182,22 @@ public class AppOpsManager { 
    @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.Q)

    public static final long CALL_BACK_ON_CHANGED_LISTENER_WITH_SWITCHED_OP_CHANGE = 148180766L;



    /**

     * Enforce that all attributionTags send to {@link #noteOp}, {@link #noteProxyOp},

     * and {@link #startOp} are defined in the manifest of the package that is specified as

     * parameter to the methods.

     *

     * <p>To enable this change both the package calling {@link #noteOp} as well as the package

     * specified as parameter to the method need to have this change enable.

     *

     * @hide

     */

    @TestApi

    @ChangeId

    @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.R)

    public static final long SECURITY_EXCEPTION_ON_INVALID_ATTRIBUTION_TAG_CHANGE = 151105954L;





    private static final int MAX_UNFORWARDED_OPS = 10;



    final Context mContext;

services/core/java/com/android/server/appop/AppOpsService.java

+22 −5
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ import static android.app.AppOpsManager.RestrictionBypass; 
import static android.app.AppOpsManager.SAMPLING_STRATEGY_BOOT_TIME_SAMPLING;

import static android.app.AppOpsManager.SAMPLING_STRATEGY_RARELY_USED;

import static android.app.AppOpsManager.SAMPLING_STRATEGY_UNIFORM;

import static android.app.AppOpsManager.SECURITY_EXCEPTION_ON_INVALID_ATTRIBUTION_TAG_CHANGE;

import static android.app.AppOpsManager.UID_STATE_BACKGROUND;

import static android.app.AppOpsManager.UID_STATE_CACHED;

import static android.app.AppOpsManager.UID_STATE_FOREGROUND;
@@ -146,6 +147,7 @@ import com.android.internal.app.IAppOpsNotedCallback; 
import com.android.internal.app.IAppOpsService;

import com.android.internal.app.IAppOpsStartedCallback;

import com.android.internal.app.MessageSamplingConfig;

import com.android.internal.compat.IPlatformCompat;

import com.android.internal.os.Zygote;

import com.android.internal.util.ArrayUtils;

import com.android.internal.util.DumpUtils;
@@ -270,6 +272,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
    private final AppOpsManagerInternalImpl mAppOpsManagerInternal

            = new AppOpsManagerInternalImpl();



    private final IPlatformCompat mPlatformCompat = IPlatformCompat.Stub.asInterface(

            ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE));



    /**

     * Registered callbacks, called from {@link #collectAsyncNotedOp}.

     *
@@ -3826,6 +3831,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
            }

        }



        int callingUid = Binder.getCallingUid();

        int userId = UserHandle.getUserId(uid);



        RestrictionBypass bypass = null;

        final long ident = Binder.clearCallingIdentity();

        try {
@@ -3848,8 +3856,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
                    }

                }



                pkgUid = UserHandle.getUid(

                        UserHandle.getUserId(uid), UserHandle.getAppId(pkg.getUid()));

                pkgUid = UserHandle.getUid(userId, UserHandle.getAppId(pkg.getUid()));

                bypass = getBypassforPackage(pkg);

            } else {

                // Allow any attribution tag for resolvable uids
@@ -3866,9 +3873,19 @@ public class AppOpsService extends IAppOpsService.Stub { 
            }



            if (!isAttributionTagValid) {

                // TODO moltmann: Switch from logging to enforcement

                Slog.e(TAG, "attributionTag " + attributionTag + " not declared in manifest of "

                        + packageName);

                String msg = "attributionTag " + attributionTag + " not declared in"

                        + "manifest of " + packageName;

                try {

                    if (mPlatformCompat.isChangeEnabledByPackageName(

                            SECURITY_EXCEPTION_ON_INVALID_ATTRIBUTION_TAG_CHANGE, packageName,

                            userId) && mPlatformCompat.isChangeEnabledByUid(

                            SECURITY_EXCEPTION_ON_INVALID_ATTRIBUTION_TAG_CHANGE, callingUid)) {

                        throw new SecurityException(msg);

                    } else {

                        Slog.e(TAG, msg);

                    }

                } catch (RemoteException neverHappens) {

                }

            }

        } finally {

            Binder.restoreCallingIdentity(ident);