Snap for 8152310 from fd12e311a266c79d43051a417d8a31a6b5f2c387 to mainline-media-releaseandroid-mainline-12.0.0_r89android12-mainline-media-release

Change-Id: Id9ec6ccff91b5bd9a7efbfab0f3be74fa29ae8e9

4 files changed, 57 insertions, 4 deletions

diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 2d73aa67ed1a..c148836fd6e1 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -8126,6 +8126,7 @@ package android.os {
   }
 
   public static class Build.VERSION {
+    field @NonNull public static final java.util.Set<java.lang.String> KNOWN_CODENAMES;
     field @NonNull public static final String PREVIEW_SDK_FINGERPRINT;
   }
 
diff --git a/core/api/test-current.txt b/core/api/test-current.txt
index ea6d0cecfd73..3c95afa9acd3 100644
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt
@@ -683,6 +683,7 @@ package android.content {
     ctor public AttributionSource(int, @Nullable String, @Nullable String);
     ctor public AttributionSource(int, @Nullable String, @Nullable String, @NonNull android.os.IBinder);
     ctor public AttributionSource(int, @Nullable String, @Nullable String, @Nullable java.util.Set<java.lang.String>, @Nullable android.content.AttributionSource);
+    method public void enforceCallingPid();
   }
 
   public final class AutofillOptions implements android.os.Parcelable {
diff --git a/core/java/android/content/AttributionSource.java b/core/java/android/content/AttributionSource.java
index bdb7900b5bb9..2f61fee88e9f 100644
--- a/core/java/android/content/AttributionSource.java
+++ b/core/java/android/content/AttributionSource.java
@@ -154,8 +154,8 @@ public final class AttributionSource implements Parcelable {
         this(AttributionSourceState.CREATOR.createFromParcel(in));
 
         // Since we just unpacked this object as part of it transiting a Binder
-        // call, this is the perfect time to enforce that its UID can be trusted
-        enforceCallingUid();
+        // call, this is the perfect time to enforce that its UID and PID can be trusted
+        enforceCallingUidAndPid();
     }
 
     /** @hide */
@@ -226,13 +226,24 @@ public final class AttributionSource implements Parcelable {
     }
 
     /**
+     * If you are handling an IPC and you don't trust the caller you need to validate whether the
+     * attribution source is one for the calling app to prevent the caller to pass you a source from
+     * another app without including themselves in the attribution chain.
+     *
+     * @throws SecurityException if the attribution source cannot be trusted to be from the caller.
+     */
+    private void enforceCallingUidAndPid() {
+        enforceCallingUid();
+        enforceCallingPid();
+    }
+
+    /**
      * If you are handling an IPC and you don't trust the caller you need to validate
      * whether the attribution source is one for the calling app to prevent the caller
      * to pass you a source from another app without including themselves in the
      * attribution chain.
      *
-     * @throws SecurityException if the attribution source cannot be trusted to be
-     * from the caller.
+     * @throws SecurityException if the attribution source cannot be trusted to be from the caller.
      */
     public void enforceCallingUid() {
         if (!checkCallingUid()) {
@@ -261,6 +272,33 @@ public final class AttributionSource implements Parcelable {
         return true;
     }
 
+    /**
+     * Validate that the pid being claimed for the calling app is not spoofed
+     *
+     * @throws SecurityException if the attribution source cannot be trusted to be from the caller.
+     * @hide
+     */
+    @TestApi
+    public void enforceCallingPid() {
+        if (!checkCallingPid()) {
+            throw new SecurityException("Calling pid: " + Binder.getCallingPid()
+                    + " doesn't match source pid: " + mAttributionSourceState.pid);
+        }
+    }
+
+    /**
+     * Validate that the pid being claimed for the calling app is not spoofed
+     *
+     * @return if the attribution source cannot be trusted to be from the caller.
+     */
+    private boolean checkCallingPid() {
+        final int callingPid = Binder.getCallingPid();
+        if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) {
+            return false;
+        }
+        return true;
+    }
+
     @Override
     public String toString() {
         if (Build.IS_DEBUGGABLE) {
diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index 6bf394dc347b..77e7df240b76 100755
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java
@@ -31,6 +31,7 @@ import android.sysprop.DeviceProperties;
 import android.sysprop.SocProperties;
 import android.sysprop.TelephonyProperties;
 import android.text.TextUtils;
+import android.util.ArraySet;
 import android.util.Slog;
 import android.view.View;
 
@@ -39,6 +40,7 @@ import dalvik.system.VMRuntime;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 /**
@@ -396,6 +398,17 @@ public class Build {
          */
         public static final String CODENAME = getString("ro.build.version.codename");
 
+        /**
+         * All known codenames starting from {@link VERSION_CODES.Q}.
+         *
+         * <p>This includes in development codenames as well.
+         *
+         * @hide
+         */
+        @SystemApi
+        @NonNull public static final Set<String> KNOWN_CODENAMES =
+                new ArraySet<>(new String[]{"Q", "R", "S", "Sv2", "Tiramisu"});
+
         private static final String[] ALL_CODENAMES
                 = getStringList("ro.build.version.all_codenames", ",");