Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4b3f3311 authored by William Escande's avatar William Escande
Browse files

Enforce connect only on U+ 

Ignore-AOSP-First: security fix only on U
Bug: 211757425
Bug: 266885516
Test: manual test repro with a App that target < U
Change-Id: Ic1914f5e2a74ece89bda0bd31c1ce11f5c3b94d0
parent df6e0a98

android/app/Android.bp

+23 −0
Original line number Diff line number Diff line
@@ -142,6 +142,7 @@ android_app { 


    jni_uses_platform_apis: true,

    libs: [

        "app-compat-annotations",

        "framework-bluetooth-pre-jarjar",

        "framework-statsd.stubs.module_lib",

        "framework-tethering.stubs.module_lib",
@@ -160,6 +161,7 @@ android_app { 
        "androidx.lifecycle_lifecycle-livedata",

        "androidx.room_room-runtime",

        "androidx.annotation_annotation",

        "bluetooth.change-ids",

        "bluetooth.mapsapi",

        "bluetooth-protos-lite",

        "com.android.vcard",
@@ -197,6 +199,7 @@ android_app { 
        "android.hardware.bluetooth.audio@2.0",

        "android.hardware.bluetooth.audio@2.1",

        "android.hardware.bluetooth.audio-V2-ndk",

        "bluetoothapk-platform-compat-config",

    ],

    apex_available: [

        "com.android.btservices",
@@ -211,6 +214,26 @@ android_app { 
    sdk_version: "module_current",

}



java_library {

    name: "bluetooth.change-ids",

    srcs: [

        "src/com/android/bluetooth/ChangeIds.java"

    ],

    libs: [

        "app-compat-annotations",

    ],

    apex_available: [

        "com.android.btservices",

    ],

    min_sdk_version: "Tiramisu",

    sdk_version: "module_current",

}



platform_compat_config {

    name: "bluetoothapk-platform-compat-config",

    src: ":bluetooth.change-ids",

}



java_library {

    name: "bluetooth-proto-enums-java-gen",

    installable: false,

android/app/AndroidManifest.xml

+2 −0
Original line number Diff line number Diff line
@@ -38,6 +38,7 @@ 
    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS"/>

    <uses-permission android:name="android.permission.INTERNET"/>

    <uses-permission android:name="android.permission.LISTEN_ALWAYS_REPORTED_SIGNAL_STRENGTH"/>

    <uses-permission android:name="android.permission.LOG_COMPAT_CHANGE" />

    <uses-permission android:name="android.permission.MANAGE_APP_OPS_MODES"/>

    <uses-permission android:name="android.permission.MANAGE_COMPANION_DEVICES"/>

    <uses-permission android:name="android.permission.MANAGE_USERS"/>
@@ -51,6 +52,7 @@ 
    <uses-permission android:name="android.permission.NFC_HANDOVER_STATUS"/>

    <uses-permission android:name="android.permission.PACKAGE_USAGE_STATS"/>

    <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>

    <uses-permission android:name="android.permission.READ_COMPAT_CHANGE_CONFIG" />

    <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>

    <uses-permission android:name="android.permission.QUERY_AUDIO_STATE"/>

    <uses-permission android:name="android.permission.READ_CALL_LOG"/>

android/app/src/com/android/bluetooth/ChangeIds.java

0 → 100644
+33 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package com.android.bluetooth;



import android.compat.annotation.ChangeId;

import android.compat.annotation.EnabledSince;



/**

 * All the {@link ChangeId} used for Bluetooth App.

 */

public class ChangeIds {

    /**

     * Starting with {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, BLUETOOTH_CONNECT

     * permission is enforced in getProfileConnectionState

     */

    @ChangeId

    @EnabledSince(targetSdkVersion = android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE)

    public static final long ENFORCE_CONNECT = 211757425L;

}

android/app/src/com/android/bluetooth/btservice/AdapterService.java

+13 −2
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import static android.bluetooth.BluetoothDevice.TRANSPORT_AUTO; 
import static android.text.format.DateUtils.MINUTE_IN_MILLIS;

import static android.text.format.DateUtils.SECOND_IN_MILLIS;



import static com.android.bluetooth.ChangeIds.ENFORCE_CONNECT;

import static com.android.bluetooth.Utils.callerIsSystem;

import static com.android.bluetooth.Utils.callerIsSystemOrActiveOrManagedUser;

import static com.android.bluetooth.Utils.enforceBluetoothPrivilegedPermission;
@@ -39,6 +40,7 @@ import android.app.AppOpsManager; 
import android.app.PendingIntent;

import android.app.Service;

import android.app.admin.DevicePolicyManager;

import android.app.compat.CompatChanges;

import android.bluetooth.BluetoothA2dp;

import android.bluetooth.BluetoothActivityEnergyInfo;

import android.bluetooth.BluetoothAdapter;
@@ -2320,11 +2322,20 @@ public class AdapterService extends Service { 
        @RequiresPermission(android.Manifest.permission.BLUETOOTH_CONNECT)

        private int getProfileConnectionState(int profile, AttributionSource source) {

            AdapterService service = getService();

            boolean checkConnect = false;

            final int callingUid = Binder.getCallingUid();

            final long token = Binder.clearCallingIdentity();

            try {

                checkConnect =

                        CompatChanges.isChangeEnabled(ENFORCE_CONNECT, callingUid);

            } finally {

                Binder.restoreCallingIdentity(token);

            }

            if (service == null

                    || !callerIsSystemOrActiveOrManagedUser(

                            service, TAG, "getProfileConnectionState")

                    || !Utils.checkConnectPermissionForDataDelivery(

                            service, source, "AdapterService getProfileConnectionState")) {

                    || (checkConnect && !Utils.checkConnectPermissionForDataDelivery(

                            service, source, "AdapterService getProfileConnectionState"))) {

                return BluetoothProfile.STATE_DISCONNECTED;

            }

apex/permissions/com.android.bluetooth.xml

+2 −0
Original line number Diff line number Diff line
@@ -23,12 +23,14 @@ 
        <permission name="android.permission.CONTROL_INCALL_EXPERIENCE" />

        <permission name="android.permission.INTERACT_ACROSS_USERS" />

        <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" />

        <permission name="android.permission.LOG_COMPAT_CHANGE" />

        <permission name="android.permission.MANAGE_USERS" />

        <permission name="android.permission.MEDIA_CONTENT_CONTROL" />

        <permission name="android.permission.MODIFY_AUDIO_ROUTING" />

        <permission name="android.permission.MODIFY_PHONE_STATE" />

        <permission name="android.permission.NFC_HANDOVER_STATUS" />

        <permission name="android.permission.PACKAGE_USAGE_STATS" />

        <permission name="android.permission.READ_COMPAT_CHANGE_CONFIG" />

        <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" />

        <permission name="android.permission.REAL_GET_TASKS" />

        <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" />