diff options
author | Kiran Ramachandra <kiranmr@google.com> | 2023-12-19 20:05:04 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-02-21 19:12:58 +0000 |
commit | dbe51ed9c785cbd0d66aa3d65a917413079d97c0 (patch) | |
tree | b32cc3b51323f61bfa55a8917c66115bd8944ec0 | |
parent | 3862cb2c63ab6af563db38017202a7a2577b769f (diff) | |
download | base-dbe51ed9c785cbd0d66aa3d65a917413079d97c0.tar.gz |
Added limitations for attributions to handle invalid cases
Bug: 304983146
Test: Modified and introduced new tests to verify change -> atest CtsAppOpsTestCases:AttributionTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ed1b87a33bcf66976b05b81090734da8dff9db3f)
Merged-In: Iaaee30990bf3b4feaa734eff10409cc9501265e7
Change-Id: Iaaee30990bf3b4feaa734eff10409cc9501265e7
-rw-r--r-- | core/java/com/android/internal/pm/pkg/component/ParsedAttributionImpl.java | 2 | ||||
-rw-r--r-- | services/core/java/com/android/server/appop/AppOpsService.java | 38 |
2 files changed, 39 insertions, 1 deletions
diff --git a/core/java/com/android/internal/pm/pkg/component/ParsedAttributionImpl.java b/core/java/com/android/internal/pm/pkg/component/ParsedAttributionImpl.java index e3bfb38802db..e419d13730c2 100644 --- a/core/java/com/android/internal/pm/pkg/component/ParsedAttributionImpl.java +++ b/core/java/com/android/internal/pm/pkg/component/ParsedAttributionImpl.java @@ -38,7 +38,7 @@ import java.util.List; public class ParsedAttributionImpl implements ParsedAttribution, Parcelable { /** Maximum amount of attributions per package */ - static final int MAX_NUM_ATTRIBUTIONS = 10000; + static final int MAX_NUM_ATTRIBUTIONS = 400; /** Tag of the attribution */ private @NonNull String tag; diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java index d80638af697e..8e8b9956f3cc 100644 --- a/services/core/java/com/android/server/appop/AppOpsService.java +++ b/services/core/java/com/android/server/appop/AppOpsService.java @@ -2880,6 +2880,10 @@ public class AppOpsService extends IAppOpsService.Stub { return new SyncNotedAppOp(AppOpsManager.MODE_ERRORED, code, attributionTag, packageName); } + if (proxyAttributionTag != null + && !isAttributionTagDefined(packageName, proxyPackageName, proxyAttributionTag)) { + proxyAttributionTag = null; + } synchronized (this) { final Ops ops = getOpsLocked(uid, packageName, attributionTag, @@ -3453,6 +3457,10 @@ public class AppOpsService extends IAppOpsService.Stub { return new SyncNotedAppOp(AppOpsManager.MODE_ERRORED, code, attributionTag, packageName); } + if (proxyAttributionTag != null + && !isAttributionTagDefined(packageName, proxyPackageName, proxyAttributionTag)) { + proxyAttributionTag = null; + } boolean isRestricted = false; int startType = START_TYPE_FAILED; @@ -4306,6 +4314,36 @@ public class AppOpsService extends IAppOpsService.Stub { return false; } + /** + * Checks to see if the attribution tag is defined in either package or proxyPackage. + * This method is intended for ProxyAttributionTag validation and returns false + * if it does not exist in either one of them. + * + * @param packageName Name of the package + * @param proxyPackageName Name of the proxy package + * @param attributionTag attribution tag to be checked + * + * @return boolean specifying if attribution tag is valid or not + */ + private boolean isAttributionTagDefined(@Nullable String packageName, + @Nullable String proxyPackageName, + @Nullable String attributionTag) { + if (packageName == null) { + return false; + } else if (attributionTag == null) { + return true; + } + PackageManagerInternal pmInt = LocalServices.getService(PackageManagerInternal.class); + if (proxyPackageName != null) { + AndroidPackage proxyPkg = pmInt.getPackage(proxyPackageName); + if (proxyPkg != null && isAttributionInPackage(proxyPkg, attributionTag)) { + return true; + } + } + AndroidPackage pkg = pmInt.getPackage(packageName); + return isAttributionInPackage(pkg, attributionTag); + } + private void logVerifyAndGetBypassFailure(int uid, @NonNull SecurityException e, @NonNull String methodName) { if (Process.isIsolated(uid)) { |