Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6a03e1b authored by Atneya Nair's avatar Atneya Nair Committed by mse1969
Browse files

[RESTRICT AUTOMERGE] appop: Finish all when last in chain fail 

When starting an op for an attribution chain, if a later attr in the
chain fails to start, we should finish the already started ops to avoid
a split in the op state in the chain.

Test: Manual with mic indicator and recording
Test: CtsMediaAudioRecordPermissionTests
Test: CtsSensorPrivacyTestCases
Bug: 325912429
Bug: 293603271
Flag: EXEMPT security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6a31645ba39503e689802cea014f0d8beea234be)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0a24c920ce0f3fe9b184d2f625133e90b57ea719)
Merged-In: I16f82c9438083f8f64f84ba710f97539960009f1
Change-Id: I16f82c9438083f8f64f84ba710f97539960009f1
parent 26d5991a

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+19 −0
Original line number Diff line number Diff line
@@ -1269,6 +1269,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
            final boolean hasChain = attributionChainId != ATTRIBUTION_CHAIN_ID_NONE;

            AttributionSource current = attributionSource;

            AttributionSource next = null;

            AttributionSource prev = null;

            // We consider the chain trusted if the start node has UPDATE_APP_OPS_STATS, and

            // every attributionSource in the chain is registered with the system.

            final boolean isChainStartTrusted = !hasChain || checkPermission(context,
@@ -1336,6 +1337,22 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                        selfAccess, singleReceiverFromDatasource, attributedOp,

                        proxyAttributionFlags, proxiedAttributionFlags, attributionChainId);



                if (startDataDelivery && opMode != AppOpsManager.MODE_ALLOWED) {

                    // Current failed the perm check, so if we are part-way through an attr chain,

                    // we need to clean up the already started proxy op higher up the chain.  Note,

                    // proxy ops are verified two by two, which means we have to clear the 2nd next

                    // from the previous iteration (since it is actually curr.next which failed

                    // to pass the perm check).

                    if (prev != null) {

                        final var cutAttrSourceState = prev.asState();

                        if (cutAttrSourceState.next.length > 0) {

                            cutAttrSourceState.next[0].next = new AttributionSourceState[0];

                        }

                        finishDataDelivery(context, attributedOp,

                                cutAttrSourceState, fromDatasource);

                    }

                }



                switch (opMode) {

                    case AppOpsManager.MODE_ERRORED: {

                        return PermissionChecker.PERMISSION_HARD_DENIED;
@@ -1355,6 +1372,8 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
                    return PermissionChecker.PERMISSION_GRANTED;

                }



                // an attribution we have already possibly started an op for

                prev = current;

                current = next;

            }

        }