Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit afbba346 authored by William Escande's avatar William Escande
Browse files

MAPClient: enforce PRIVILEGED 

Properly enforce permission that are docummented as systemApi with
BLUETOOTH_PRIVILEGED

Bug: 349682934
Test: m com.android.btservices
Flag: Exempt refactor to address errorprone error
Change-Id: I9fb5ad081aed25c9de4b305fda3ae9ff43b9a950
parent 3f7cbce0

android/app/aidl/android/bluetooth/IBluetoothMapClient.aidl

+4 −3
Original line number Diff line number Diff line
@@ -31,16 +31,17 @@ interface IBluetoothMapClient { 
    boolean connect(in BluetoothDevice device, in AttributionSource attributionSource);

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.BLUETOOTH_PRIVILEGED })")

    boolean disconnect(in BluetoothDevice device, in AttributionSource attributionSource);

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.BLUETOOTH_CONNECT)")

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.BLUETOOTH_PRIVILEGED })")

    List<BluetoothDevice> getConnectedDevices(in AttributionSource attributionSource);

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.BLUETOOTH_CONNECT)")

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.BLUETOOTH_PRIVILEGED })")

    List<BluetoothDevice> getDevicesMatchingConnectionStates(in int[] states, in AttributionSource attributionSource);

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.BLUETOOTH_CONNECT)")

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.BLUETOOTH_PRIVILEGED })")

    int getConnectionState(in BluetoothDevice device, in AttributionSource attributionSource);

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.BLUETOOTH_PRIVILEGED })")

    boolean setConnectionPolicy(in BluetoothDevice device,in int connectionPolicy, in AttributionSource attributionSource);

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.BLUETOOTH_PRIVILEGED })")

    int getConnectionPolicy(in BluetoothDevice device, in AttributionSource attributionSource);



    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(allOf = { android.Manifest.permission.BLUETOOTH_CONNECT, android.Manifest.permission.SEND_SMS })")

    boolean sendMessage(in BluetoothDevice device, in Uri[] contacts, in  String message, in PendingIntent sentIntent, in PendingIntent deliveryIntent, in AttributionSource attributionSource);

}

android/app/src/com/android/bluetooth/mapclient/MapClientService.java

+28 −15
Original line number Diff line number Diff line
@@ -452,17 +452,36 @@ public class MapClientService extends ProfileService { 
            return service;

        }



        @RequiresPermission(allOf = {BLUETOOTH_CONNECT, BLUETOOTH_PRIVILEGED})

        private MapClientService getServiceAndEnforcePrivileged(AttributionSource source) {

            // Cache mService because it can change while getService is called

            MapClientService service = mService;



            if (Utils.isInstrumentationTestMode()) {

                return service;

            }



            if (!Utils.checkServiceAvailable(service, TAG)

                    || !(getCallingUserHandle().isSystem()

                            || Utils.checkCallerIsSystemOrActiveOrManagedUser(service, TAG))

                    || !Utils.checkConnectPermissionForDataDelivery(service, source, TAG)) {

                return null;

            }



            service.enforceCallingOrSelfPermission(BLUETOOTH_PRIVILEGED, null);



            return service;

        }



        @Override

        public boolean connect(BluetoothDevice device, AttributionSource source) {

            Log.v(TAG, "connect()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return false;

            }



            service.enforceCallingOrSelfPermission(BLUETOOTH_PRIVILEGED, null);



            return service.connect(device);

        }
@@ -470,13 +489,11 @@ public class MapClientService extends ProfileService { 
        public boolean disconnect(BluetoothDevice device, AttributionSource source) {

            Log.v(TAG, "disconnect()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return false;

            }



            service.enforceCallingOrSelfPermission(BLUETOOTH_PRIVILEGED, null);



            return service.disconnect(device);

        }
@@ -484,7 +501,7 @@ public class MapClientService extends ProfileService { 
        public List<BluetoothDevice> getConnectedDevices(AttributionSource source) {

            Log.v(TAG, "getConnectedDevices()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return Collections.emptyList();

            }
@@ -497,7 +514,7 @@ public class MapClientService extends ProfileService { 
                int[] states, AttributionSource source) {

            Log.v(TAG, "getDevicesMatchingConnectionStates()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return Collections.emptyList();

            }
@@ -508,7 +525,7 @@ public class MapClientService extends ProfileService { 
        public int getConnectionState(BluetoothDevice device, AttributionSource source) {

            Log.v(TAG, "getConnectionState()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return BluetoothProfile.STATE_DISCONNECTED;

            }
@@ -521,13 +538,11 @@ public class MapClientService extends ProfileService { 
                BluetoothDevice device, int connectionPolicy, AttributionSource source) {

            Log.v(TAG, "setConnectionPolicy()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return false;

            }



            service.enforceCallingOrSelfPermission(BLUETOOTH_PRIVILEGED, null);



            return service.setConnectionPolicy(device, connectionPolicy);

        }
@@ -535,13 +550,11 @@ public class MapClientService extends ProfileService { 
        public int getConnectionPolicy(BluetoothDevice device, AttributionSource source) {

            Log.v(TAG, "getConnectionPolicy()");



            MapClientService service = getService(source);

            MapClientService service = getServiceAndEnforcePrivileged(source);

            if (service == null) {

                return BluetoothProfile.CONNECTION_POLICY_UNKNOWN;

            }



            service.enforceCallingOrSelfPermission(BLUETOOTH_PRIVILEGED, null);



            return service.getConnectionPolicy(device);

        }