frameworks_base

Android/frameworks_base

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jeff Sharkey	f459828358	Annotations for Bluetooth broadcast intents. Recent work has been using Error Prone rules and annotations to reflect the current state of permission enforcement across the Bluetooth stack, and we're now in a position were we can add new permission enforcement that had been missing. We've currently standardized on saying that APIs that return device or Bluetooth state information (without sharing details about any particular remote Bluetooth device) do not need to be permission protected. Bug: 183626724 Test: ./build/soong/soong_ui.bash --make-mode Bluetooth RUN_ERROR_PRONE=true Change-Id: I53ac7a4fe1dea57316048c3cac4fa237b6ba3d38	2021-04-21 12:59:38 -06:00
Jeff Sharkey	6eed56ddd3	More Bluetooth API annotation updates. This change adds a "BluetoothPermissionChecker" that ensures that all Bluetooth permission annotations are consistent. In addition, it verifies that all Bluetooth public APIs have been audited to be permission protected where relevant. We've currently standardized on saying that APIs that return device or Bluetooth state information (without sharing details about any particular remote Bluetooth device) do not need to be permission protected. This change is only annotations and has no behavior changes. Bug: 183626724 Test: ./build/soong/soong_ui.bash --make-mode Bluetooth RUN_ERROR_PRONE=true Change-Id: Ie80b15b058359bf1e9a6ee881b89cb3e5b584ca1	2021-04-16 13:31:22 -06:00
Jeff Sharkey	71463a4cb1	Error Prone for RequiresPermission across AIDL. We've had @RequiresPermission annotations across public APIs for many years, but we've never built out the tooling to validate that the service implementations actually enforced those permissions. This change adds an Error Prone checker that does bi-directional validation of these annotations, confirming that AIDL implementations enforce the permissions, and that AIDL callers carry those annotations through any indirect call-paths. Currently, enforcement validation is best-effort, since it assumes that any enforcement referencing the annotated permissions is enough to pass; it doesn't attempt any code flow analysis. It also doesn't understand concepts like Binder.clearCallingIdentity(). To begin using this checker, simply begin annotating your AIDL files using a strategy like this: @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.BLUETOOTH_PRIVILEGED)") void aidlMethod(); Bug: 183626724 Test: atest error_prone_android_framework_test:RequiresPermissionCheckerTest Change-Id: I26a872f07ab13931c241cbb02ff7228edf7dc3b9	2021-04-14 17:23:01 -06:00

Author

SHA1

Message

Date

Jeff Sharkey

f459828358

Annotations for Bluetooth broadcast intents.

Recent work has been using Error Prone rules and annotations to
reflect the current state of permission enforcement across the
Bluetooth stack, and we're now in a position were we can add new
permission enforcement that had been missing.

We've currently standardized on saying that APIs that return device
or Bluetooth state information (without sharing details about any
particular remote Bluetooth device) do not need to be permission
protected.

Bug: 183626724
Test: ./build/soong/soong_ui.bash --make-mode Bluetooth RUN_ERROR_PRONE=true
Change-Id: I53ac7a4fe1dea57316048c3cac4fa237b6ba3d38

2021-04-21 12:59:38 -06:00

Jeff Sharkey

6eed56ddd3

More Bluetooth API annotation updates.

This change adds a "BluetoothPermissionChecker" that ensures that
all Bluetooth permission annotations are consistent.  In addition, it
verifies that all Bluetooth public APIs have been audited to be
permission protected where relevant.

We've currently standardized on saying that APIs that return device
or Bluetooth state information (without sharing details about any
particular remote Bluetooth device) do not need to be permission
protected.

This change is only annotations and has no behavior changes.

Bug: 183626724
Test: ./build/soong/soong_ui.bash --make-mode Bluetooth RUN_ERROR_PRONE=true
Change-Id: Ie80b15b058359bf1e9a6ee881b89cb3e5b584ca1

2021-04-16 13:31:22 -06:00

Jeff Sharkey

71463a4cb1

Error Prone for RequiresPermission across AIDL.

We've had @RequiresPermission annotations across public APIs for many
years, but we've never built out the tooling to validate that the
service implementations actually enforced those permissions.

This change adds an Error Prone checker that does bi-directional
validation of these annotations, confirming that AIDL implementations
enforce the permissions, and that AIDL callers carry those
annotations through any indirect call-paths.

Currently, enforcement validation is best-effort, since it assumes
that any enforcement referencing the annotated permissions is enough
to pass; it doesn't attempt any code flow analysis.  It also doesn't
understand concepts like Binder.clearCallingIdentity().

To begin using this checker, simply begin annotating your AIDL files
using a strategy like this:

    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.BLUETOOTH_PRIVILEGED)")
    void aidlMethod();

Bug: 183626724
Test: atest error_prone_android_framework_test:RequiresPermissionCheckerTest
Change-Id: I26a872f07ab13931c241cbb02ff7228edf7dc3b9

2021-04-14 17:23:01 -06:00

3 Commits