Pass metadata as AttributionSourceSource.

These two PermissionManager methods are using AttributionSource as metadata only, and aren't interested in the remote caller enforcing that the claimed UID matches the caller, since they're not actually being used for permission enforcement. Thus we pass the metadata using the AttributionSourceState holder object and reconstruct on the remote side, entirely avoiding the enforceCallingUid() check. Bug: 193842956 Test: atest CtsPermission5TestCases Change-Id: I576b6feb8cc2b0586b4341268866d8027689293f
2021-07-26 15:41:01 -06:00 · 2021-07-26 15:41:01 -06:00 · 75d4f93a4e
commit 75d4f93a4e
parent 7db2ece5c7
5 changed files with 21 additions and 11 deletions
--- a/Android.bp
+++ b/Android.bp
@ -296,6 +296,7 @@ java_defaults {
        ],
        include_dirs: [
            "frameworks/av/aidl",
+            "frameworks/native/libs/permission/aidl",
            "packages/modules/Connectivity/framework/aidl-export",
        ],
    },
@ -537,6 +538,7 @@ stubs_defaults {
        ],
        include_dirs: [
            "frameworks/av/aidl",
+            "frameworks/native/libs/permission/aidl",
            "packages/modules/Connectivity/framework/aidl-export",
        ],
    },
--- a/ApiDocs.bp
+++ b/ApiDocs.bp
@ -113,7 +113,10 @@ stubs_defaults {
    // TODO(b/169090544): remove below aidl includes.
    aidl: {
        local_include_dirs: ["media/aidl"],
-        include_dirs: ["frameworks/av/aidl"],
+        include_dirs: [
+            "frameworks/av/aidl",
+            "frameworks/native/libs/permission/aidl",
+        ],
    },
 }

@ -199,7 +202,10 @@ doc_defaults {
    // TODO(b/169090544): remove below aidl includes.
    aidl: {
        local_include_dirs: ["media/aidl"],
-        include_dirs: ["frameworks/av/aidl"],
+        include_dirs: [
+            "frameworks/av/aidl",
+            "frameworks/native/libs/permission/aidl",
+        ],
    },
 }

--- a/core/java/android/permission/IPermissionManager.aidl
+++ b/core/java/android/permission/IPermissionManager.aidl
@ -16,7 +16,7 @@

 package android.permission;

-import android.content.AttributionSource;
+import android.content.AttributionSourceState;
 import android.content.pm.ParceledListSlice;
 import android.content.pm.PermissionGroupInfo;
 import android.content.pm.PermissionInfo;
@ -87,7 +87,7 @@ interface IPermissionManager {

    boolean isAutoRevokeExempted(String packageName, int userId);

-    void registerAttributionSource(in AttributionSource source);
+    void registerAttributionSource(in AttributionSourceState source);

-    boolean isRegisteredAttributionSource(in AttributionSource source);
+    boolean isRegisteredAttributionSource(in AttributionSourceState source);
 }
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@ -1177,7 +1177,7 @@ public final class PermissionManager {
        // enforcement we need to replace the binder with a unique one.
        final AttributionSource registeredSource = source.withToken(new Binder());
        try {
-            mPermissionManager.registerAttributionSource(registeredSource);
+            mPermissionManager.registerAttributionSource(registeredSource.asState());
        } catch (RemoteException e) {
            e.rethrowFromSystemServer();
        }
@ -1196,7 +1196,7 @@ public final class PermissionManager {
     */
    public boolean isRegisteredAttributionSource(@NonNull AttributionSource source) {
        try {
-            return mPermissionManager.isRegisteredAttributionSource(source);
+            return mPermissionManager.isRegisteredAttributionSource(source.asState());
        } catch (RemoteException e) {
            e.rethrowFromSystemServer();
        }
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@ -3347,13 +3347,15 @@ public class PermissionManagerService extends IPermissionManager.Stub {
    }

    @Override
-    public void registerAttributionSource(@NonNull AttributionSource source) {
-        mAttributionSourceRegistry.registerAttributionSource(source);
+    public void registerAttributionSource(@NonNull AttributionSourceState source) {
+        mAttributionSourceRegistry
+                .registerAttributionSource(new AttributionSource(source));
    }

    @Override
-    public boolean isRegisteredAttributionSource(@NonNull AttributionSource source) {
-        return mAttributionSourceRegistry.isRegisteredAttributionSource(source);
+    public boolean isRegisteredAttributionSource(@NonNull AttributionSourceState source) {
+        return mAttributionSourceRegistry
+                .isRegisteredAttributionSource(new AttributionSource(source));
    }

    @Override