diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-02-05 13:05:19 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-02-05 13:05:19 +0000 |
commit | f8e159f43ea77137dd7bfcaf7e125fe8d530f20c (patch) | |
tree | afac3fcda46832f403107e99c1c4cb2ced2b885e | |
parent | b99e1ddd827ba6498e22d56827a412a8092c0a86 (diff) | |
parent | fd12e311a266c79d43051a417d8a31a6b5f2c387 (diff) | |
download | base-android12-mainline-media-release.tar.gz |
Snap for 8152310 from fd12e311a266c79d43051a417d8a31a6b5f2c387 to mainline-media-releaseandroid-mainline-12.0.0_r89android12-mainline-media-release
Change-Id: Id9ec6ccff91b5bd9a7efbfab0f3be74fa29ae8e9
-rw-r--r-- | core/api/system-current.txt | 1 | ||||
-rw-r--r-- | core/api/test-current.txt | 1 | ||||
-rw-r--r-- | core/java/android/content/AttributionSource.java | 46 | ||||
-rwxr-xr-x | core/java/android/os/Build.java | 13 |
4 files changed, 57 insertions, 4 deletions
diff --git a/core/api/system-current.txt b/core/api/system-current.txt index 2d73aa67ed1a..c148836fd6e1 100644 --- a/core/api/system-current.txt +++ b/core/api/system-current.txt @@ -8126,6 +8126,7 @@ package android.os { } public static class Build.VERSION { + field @NonNull public static final java.util.Set<java.lang.String> KNOWN_CODENAMES; field @NonNull public static final String PREVIEW_SDK_FINGERPRINT; } diff --git a/core/api/test-current.txt b/core/api/test-current.txt index ea6d0cecfd73..3c95afa9acd3 100644 --- a/core/api/test-current.txt +++ b/core/api/test-current.txt @@ -683,6 +683,7 @@ package android.content { ctor public AttributionSource(int, @Nullable String, @Nullable String); ctor public AttributionSource(int, @Nullable String, @Nullable String, @NonNull android.os.IBinder); ctor public AttributionSource(int, @Nullable String, @Nullable String, @Nullable java.util.Set<java.lang.String>, @Nullable android.content.AttributionSource); + method public void enforceCallingPid(); } public final class AutofillOptions implements android.os.Parcelable { diff --git a/core/java/android/content/AttributionSource.java b/core/java/android/content/AttributionSource.java index bdb7900b5bb9..2f61fee88e9f 100644 --- a/core/java/android/content/AttributionSource.java +++ b/core/java/android/content/AttributionSource.java @@ -154,8 +154,8 @@ public final class AttributionSource implements Parcelable { this(AttributionSourceState.CREATOR.createFromParcel(in)); // Since we just unpacked this object as part of it transiting a Binder - // call, this is the perfect time to enforce that its UID can be trusted - enforceCallingUid(); + // call, this is the perfect time to enforce that its UID and PID can be trusted + enforceCallingUidAndPid(); } /** @hide */ @@ -226,13 +226,24 @@ public final class AttributionSource implements Parcelable { } /** + * If you are handling an IPC and you don't trust the caller you need to validate whether the + * attribution source is one for the calling app to prevent the caller to pass you a source from + * another app without including themselves in the attribution chain. + * + * @throws SecurityException if the attribution source cannot be trusted to be from the caller. + */ + private void enforceCallingUidAndPid() { + enforceCallingUid(); + enforceCallingPid(); + } + + /** * If you are handling an IPC and you don't trust the caller you need to validate * whether the attribution source is one for the calling app to prevent the caller * to pass you a source from another app without including themselves in the * attribution chain. * - * @throws SecurityException if the attribution source cannot be trusted to be - * from the caller. + * @throws SecurityException if the attribution source cannot be trusted to be from the caller. */ public void enforceCallingUid() { if (!checkCallingUid()) { @@ -261,6 +272,33 @@ public final class AttributionSource implements Parcelable { return true; } + /** + * Validate that the pid being claimed for the calling app is not spoofed + * + * @throws SecurityException if the attribution source cannot be trusted to be from the caller. + * @hide + */ + @TestApi + public void enforceCallingPid() { + if (!checkCallingPid()) { + throw new SecurityException("Calling pid: " + Binder.getCallingPid() + + " doesn't match source pid: " + mAttributionSourceState.pid); + } + } + + /** + * Validate that the pid being claimed for the calling app is not spoofed + * + * @return if the attribution source cannot be trusted to be from the caller. + */ + private boolean checkCallingPid() { + final int callingPid = Binder.getCallingPid(); + if (mAttributionSourceState.pid != -1 && callingPid != mAttributionSourceState.pid) { + return false; + } + return true; + } + @Override public String toString() { if (Build.IS_DEBUGGABLE) { diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java index 6bf394dc347b..77e7df240b76 100755 --- a/core/java/android/os/Build.java +++ b/core/java/android/os/Build.java @@ -31,6 +31,7 @@ import android.sysprop.DeviceProperties; import android.sysprop.SocProperties; import android.sysprop.TelephonyProperties; import android.text.TextUtils; +import android.util.ArraySet; import android.util.Slog; import android.view.View; @@ -39,6 +40,7 @@ import dalvik.system.VMRuntime; import java.util.ArrayList; import java.util.List; import java.util.Objects; +import java.util.Set; import java.util.stream.Collectors; /** @@ -396,6 +398,17 @@ public class Build { */ public static final String CODENAME = getString("ro.build.version.codename"); + /** + * All known codenames starting from {@link VERSION_CODES.Q}. + * + * <p>This includes in development codenames as well. + * + * @hide + */ + @SystemApi + @NonNull public static final Set<String> KNOWN_CODENAMES = + new ArraySet<>(new String[]{"Q", "R", "S", "Sv2", "Tiramisu"}); + private static final String[] ALL_CODENAMES = getStringList("ro.build.version.all_codenames", ","); |