Optimize AttributionSource tokens - base

For cases where the attribution soruce doesn't need to be registered as trusted we are now using a shares static token since the only purpose of the token in these cases is for watching the source process dying as opposed to that and security for registered cases. bug: 192415943 Test: CtsPermissionTestCases CtsPermission2TestCases CtsPermission3TestCases CtsPermission4TestCases CtsPermission5TestCases Change-Id: I93fde9ca1cacada7929761533dcae11b2736ce1e
2021-07-09 22:07:12 +00:00
parent dc7452c45f
commit 1babd5bf51
4 changed files with 25 additions and 7 deletions
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt
@@ -2068,7 +2068,7 @@ package android.permission {
  public final class PermissionManager {
    method @NonNull @RequiresPermission(android.Manifest.permission.GET_APP_OPS_STATS) public java.util.List<android.permission.PermGroupUsage> getIndicatorAppOpUsageData();
    method @NonNull @RequiresPermission(android.Manifest.permission.GET_APP_OPS_STATS) public java.util.List<android.permission.PermGroupUsage> getIndicatorAppOpUsageData(boolean);
-    method public void registerAttributionSource(@NonNull android.content.AttributionSource);
+    method @NonNull public android.content.AttributionSource registerAttributionSource(@NonNull android.content.AttributionSource);
  }

 }
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -3149,7 +3149,8 @@ class ContextImpl extends Context {
        // If we want to access protected data on behalf of another app we need to
        // tell the OS that we opt in to participate in the attribution chain.
        if (nextAttributionSource != null) {
-            getSystemService(PermissionManager.class).registerAttributionSource(attributionSource);
+            attributionSource = getSystemService(PermissionManager.class)
+                    .registerAttributionSource(attributionSource);
        }
        return attributionSource;
    }
--- a/core/java/android/content/AttributionSource.java
+++ b/core/java/android/content/AttributionSource.java
@@ -88,6 +88,8 @@ import java.util.Set;
 public final class AttributionSource implements Parcelable {
    private static final String DESCRIPTOR = "android.content.AttributionSource";

+    private static final Binder sDefaultToken = new Binder(DESCRIPTOR);
+
    private final @NonNull AttributionSourceState mAttributionSourceState;

    private @Nullable AttributionSource mNextCached;
@@ -97,7 +99,7 @@ public final class AttributionSource implements Parcelable {
    @TestApi
    public AttributionSource(int uid, @Nullable String packageName,
            @Nullable String attributionTag) {
-        this(uid, packageName, attributionTag, new Binder(DESCRIPTOR));
+        this(uid, packageName, attributionTag, sDefaultToken);
    }

    /** @hide */
@@ -132,7 +134,7 @@ public final class AttributionSource implements Parcelable {

    AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag,
            @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) {
-        this(uid, packageName, attributionTag, new Binder(DESCRIPTOR), renouncedPermissions, next);
+        this(uid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next);
    }

    AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag,
@@ -169,6 +171,12 @@ public final class AttributionSource implements Parcelable {
                mAttributionSourceState.renouncedPermissions, getNext());
    }

+    /** @hide */
+    public AttributionSource withToken(@NonNull Binder token) {
+        return new AttributionSource(getUid(), getPackageName(), getAttributionTag(),
+                token, mAttributionSourceState.renouncedPermissions, getNext());
+    }
+
    /** @hide */
    public @NonNull AttributionSourceState asState() {
        return mAttributionSourceState;
@@ -543,7 +551,9 @@ public final class AttributionSource implements Parcelable {
            if ((mBuilderFieldsSet & 0x10) == 0) {
                mAttributionSourceState.next = null;
            }
-            mAttributionSourceState.token = new Binder(DESCRIPTOR);
+
+            mAttributionSourceState.token = sDefaultToken;
+
            if (mAttributionSourceState.next == null) {
                // The NDK aidl backend doesn't support null parcelable arrays.
                mAttributionSourceState.next = new AttributionSourceState[0];
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@@ -44,6 +44,7 @@ import android.content.pm.PermissionGroupInfo;
 import android.content.pm.PermissionInfo;
 import android.content.pm.permission.SplitPermissionInfoParcelable;
 import android.media.AudioManager;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Handler;
 import android.os.Looper;
@@ -1163,18 +1164,24 @@ public final class PermissionManager {
     * that doesn't participate in an attribution chain.
     *
     * @param source The attribution source to register.
+     * @return The registered new attribution source.
     *
     * @see #isRegisteredAttributionSource(AttributionSource)
     *
     * @hide
     */
    @TestApi
-    public void registerAttributionSource(@NonNull AttributionSource source) {
+    public @NonNull AttributionSource registerAttributionSource(@NonNull AttributionSource source) {
+        // We use a shared static token for sources that are not registered since the token's
+        // only used for process death detection. If we are about to use the source for security
+        // enforcement we need to replace the binder with a unique one.
+        final AttributionSource registeredSource = source.withToken(new Binder());
        try {
-            mPermissionManager.registerAttributionSource(source);
+            mPermissionManager.registerAttributionSource(registeredSource);
        } catch (RemoteException e) {
            e.rethrowFromSystemServer();
        }
+        return registeredSource;
    }

    /**