Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 264143e8 authored by Oli Lan's avatar Oli Lan
Browse files

Enforce calling uid when using attribution source. 

This adds calls to AttributionSource.enforceCallingUid, to check
that the attrbution source matches the caller, before
using the attribution source in permission checks in BT code.

Bug: 188391719
Test: atest CtsPermissionTestCases:android.permission.cts.NearbyDevicesPermissionTest
Test: build & flash, check bluetooth works
Change-Id: I06a9d21da485531a01a96b0359cc8ad84d78956f
parent be6696ef

android/app/src/com/android/bluetooth/Utils.java

+4 −0
Original line number Diff line number Diff line
@@ -436,6 +436,7 @@ public final class Utils { 
    @SuppressLint("AndroidFrameworkRequiresPermission")

    private static boolean checkPermissionForDataDelivery(Context context, String permission,

            AttributionSource attributionSource, String message) {

        attributionSource.enforceCallingUid();

        final int result = PermissionChecker.checkPermissionForDataDeliveryFromDataSource(

                context, permission, PID_UNKNOWN,

                new AttributionSource(context.getAttributionSource(), attributionSource), message);
@@ -665,6 +666,7 @@ public final class Utils { 
            return false;

        }



        attributionSource.enforceCallingUid();

        if (PermissionChecker.checkPermissionForDataDeliveryFromDataSource(

                context, ACCESS_COARSE_LOCATION, PID_UNKNOWN,

                new AttributionSource(context.getAttributionSource(), attributionSource),
@@ -691,6 +693,7 @@ public final class Utils { 
            return false;

        }



        attributionSource.enforceCallingUid();

        if (PermissionChecker.checkPermissionForDataDeliveryFromDataSource(

                context, ACCESS_FINE_LOCATION, PID_UNKNOWN,

                new AttributionSource(context.getAttributionSource(), attributionSource),
@@ -723,6 +726,7 @@ public final class Utils { 
            return false;

        }



        attributionSource.enforceCallingUid();

        if (PermissionChecker.checkPermissionForDataDeliveryFromDataSource(

                context, ACCESS_FINE_LOCATION, PID_UNKNOWN,

                new AttributionSource(context.getAttributionSource(), attributionSource),