Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ef7bb786 authored by Anthony Stange's avatar Anthony Stange
Browse files

Modify logic handling denied auth state 

To mesh with how other parts of the framework handle apps using APIs
when they are denied, ContextHubClientBroker should throw a security
exception when clients are in the denied authorization state rather than
returning a new error code. This is only enabled for clients targeting
S+. All other clients will receive an error code present before S
denoting an unknown error occurs so that they don't have to handle a new
exception.

Fixes: 181350407
Test: Run PTS
Change-Id: Icf828bb1c34797cf2c65a8adeb92eb83db3aaea6
parent 1f78c988

core/api/system-current.txt

+0 −1
Original line number Diff line number Diff line
@@ -3647,7 +3647,6 @@ package android.hardware.location { 
    field public static final int RESULT_FAILED_BAD_PARAMS = 2; // 0x2

    field public static final int RESULT_FAILED_BUSY = 4; // 0x4

    field public static final int RESULT_FAILED_HAL_UNAVAILABLE = 8; // 0x8

    field public static final int RESULT_FAILED_PERMISSION_DENIED = 9; // 0x9

    field public static final int RESULT_FAILED_SERVICE_INTERNAL_FAILURE = 7; // 0x7

    field public static final int RESULT_FAILED_TIMEOUT = 6; // 0x6

    field public static final int RESULT_FAILED_UNINITIALIZED = 3; // 0x3

core/java/android/hardware/location/ContextHubClient.java

+2 −0
Original line number Diff line number Diff line
@@ -146,6 +146,8 @@ public class ContextHubClient implements Closeable { 
     * @return the result of sending the message defined as in ContextHubTransaction.Result

     *

     * @throws NullPointerException if NanoAppMessage is null

     * @throws SecurityException if this client doesn't have permissions to send a message to the

     * nanoapp.

     *

     * @see NanoAppMessage

     * @see ContextHubTransaction.Result

core/java/android/hardware/location/ContextHubClientCallback.java

+4 −5
Original line number Diff line number Diff line
@@ -117,11 +117,10 @@ public class ContextHubClientCallback { 
     * 4) {@link ContextHubClient} performs any cleanup required with the nanoapp

     * 5) Callback invoked with the nanoapp ID and {@link ContextHubManager#AUTHORIZATION_DENIED}.

     *    At this point, any further attempts of communication between the nanoapp and the

     *    {@link ContextHubClient} will be dropped by the contexthub and a return value of

     *    {@link ContextHubTransaction#RESULT_FAILED_PERMISSION_DENIED} will be used when calling

     *    {@link ContextHubClient#sendMessageToNanoApp}. The {@link ContextHubClient} should assume

     *    no communciation can happen again until {@link ContextHubManager#AUTHORIZATION_GRANTED} is

     *    received.

     *    {@link ContextHubClient} will be dropped by the contexthub and a security exception will

     *    be thrown when calling {@link ContextHubClient#sendMessageToNanoApp}. The

     *    {@link ContextHubClient} should assume no communciation can happen again until

     *    {@link ContextHubManager#AUTHORIZATION_GRANTED} is received.

     *

     * @param client the client that is associated with this callback

     * @param nanoAppId the ID of the nanoapp associated with the new

core/java/android/hardware/location/ContextHubTransaction.java

+1 −7
Original line number Diff line number Diff line
@@ -81,8 +81,7 @@ public class ContextHubTransaction<T> { 
            RESULT_FAILED_AT_HUB,

            RESULT_FAILED_TIMEOUT,

            RESULT_FAILED_SERVICE_INTERNAL_FAILURE,

            RESULT_FAILED_HAL_UNAVAILABLE,

            RESULT_FAILED_PERMISSION_DENIED

            RESULT_FAILED_HAL_UNAVAILABLE

    })

    public @interface Result {}

    public static final int RESULT_SUCCESS = 0;
@@ -118,11 +117,6 @@ public class ContextHubTransaction<T> { 
     * Failure mode when the Context Hub HAL was not available.

     */

    public static final int RESULT_FAILED_HAL_UNAVAILABLE = 8;

    /**

     * Failure mode when the user of the API doesn't have the required permissions to perform the

     * operation.

     */

    public static final int RESULT_FAILED_PERMISSION_DENIED = 9;



    /**

     * A class describing the response for a ContextHubTransaction.

services/core/java/com/android/server/location/contexthub/ContextHubClientBroker.java

+21 −1
Original line number Diff line number Diff line
@@ -25,6 +25,9 @@ import android.Manifest; 
import android.annotation.Nullable;

import android.app.AppOpsManager;

import android.app.PendingIntent;

import android.compat.Compatibility;

import android.compat.annotation.ChangeId;

import android.compat.annotation.EnabledAfter;

import android.content.Context;

import android.content.Intent;

import android.hardware.contexthub.V1_0.ContextHubMsg;
@@ -38,6 +41,7 @@ import android.hardware.location.IContextHubTransactionCallback; 
import android.hardware.location.NanoAppMessage;

import android.hardware.location.NanoAppState;

import android.os.Binder;

import android.os.Build;

import android.os.IBinder;

import android.os.Looper;

import android.os.RemoteException;
@@ -113,6 +117,14 @@ public class ContextHubClientBroker extends IContextHubClient.Stub 
     */

    private static final String RECEIVE_MSG_NOTE = "NanoappMessageDelivery ";



    /**

     * For clients targeting S and above, a SecurityException is thrown when they are in the denied

     * authorization state and attempt to send a message to a nanoapp.

     */

    @ChangeId

    @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.R)

    private static final long CHANGE_ID_AUTH_STATE_DENIED = 181350407L;



    /*

     * The context of the service.

     */
@@ -351,6 +363,8 @@ public class ContextHubClientBroker extends IContextHubClient.Stub 
     *

     * @param message the message to send

     * @return the error code of sending the message

     * @throws SecurityException if this client doesn't have permissions to send a message to the

     * nanoapp

     */

    @ContextHubTransaction.Result

    @Override
@@ -362,7 +376,13 @@ public class ContextHubClientBroker extends IContextHubClient.Stub 
            int authState = mMessageChannelNanoappIdMap.getOrDefault(

                    message.getNanoAppId(), AUTHORIZATION_UNKNOWN);

            if (authState == AUTHORIZATION_DENIED) {

                return ContextHubTransaction.RESULT_FAILED_PERMISSION_DENIED;

                if (Compatibility.isChangeEnabled(CHANGE_ID_AUTH_STATE_DENIED)) {

                    throw new SecurityException("Client doesn't have valid permissions to send"

                            + " message to " + message.getNanoAppId());

                }

                // Return a bland error code for apps targeting old SDKs since they wouldn't be able

                // to use an error code added in S.

                return ContextHubTransaction.RESULT_FAILED_UNKNOWN;

            } else if (authState == AUTHORIZATION_UNKNOWN) {

                // Only check permissions the first time a nanoapp is queried since nanoapp

                // permissions don't currently change at runtime. If the host permission changes