Merge tag 'android-14.0.0_r61' into leaf-3.2

Android 14.0.0 Release 61 (AP2A.240805.005.F1)

* tag 'android-14.0.0_r61':
  Fix permission bypasses to multiple methods

Change-Id: I88d091e981ca70bf1dc34baf7aa8410be37da219
diff --git a/android/app/src/com/android/bluetooth/Utils.java b/android/app/src/com/android/bluetooth/Utils.java
index 8ce32f5..ca80330 100644
--- a/android/app/src/com/android/bluetooth/Utils.java
+++ b/android/app/src/com/android/bluetooth/Utils.java
@@ -548,10 +548,10 @@
         }
         // STOPSHIP(b/188391719): enable this security enforcement
         // attributionSource.enforceCallingUid();
-        AttributionSource currentAttribution = new AttributionSource
-                .Builder(context.getAttributionSource())
-                .setNext(attributionSource)
-                .build();
+        AttributionSource currentAttribution =
+                new AttributionSource.Builder(context.getAttributionSource())
+                        .setNext(Objects.requireNonNull(attributionSource))
+                        .build();
         PermissionManager pm = context.getSystemService(PermissionManager.class);
         if (pm == null) {
             return false;
@@ -823,10 +823,10 @@
             Log.e(TAG, "Permission denial: Location is off.");
             return false;
         }
-        AttributionSource currentAttribution = new AttributionSource
-                .Builder(context.getAttributionSource())
-                .setNext(attributionSource)
-                .build();
+        AttributionSource currentAttribution =
+                new AttributionSource.Builder(context.getAttributionSource())
+                        .setNext(Objects.requireNonNull(attributionSource))
+                        .build();
         // STOPSHIP(b/188391719): enable this security enforcement
         // attributionSource.enforceCallingUid();
         PermissionManager pm = context.getSystemService(PermissionManager.class);
@@ -857,10 +857,10 @@
             return false;
         }
 
-        final AttributionSource currentAttribution = new AttributionSource
-                .Builder(context.getAttributionSource())
-                .setNext(attributionSource)
-                .build();
+        final AttributionSource currentAttribution =
+                new AttributionSource.Builder(context.getAttributionSource())
+                        .setNext(Objects.requireNonNull(attributionSource))
+                        .build();
         // STOPSHIP(b/188391719): enable this security enforcement
         // attributionSource.enforceCallingUid();
         PermissionManager pm = context.getSystemService(PermissionManager.class);
@@ -895,10 +895,10 @@
             return false;
         }
 
-        AttributionSource currentAttribution = new AttributionSource
-                .Builder(context.getAttributionSource())
-                .setNext(attributionSource)
-                .build();
+        AttributionSource currentAttribution =
+                new AttributionSource.Builder(context.getAttributionSource())
+                        .setNext(Objects.requireNonNull(attributionSource))
+                        .build();
         // STOPSHIP(b/188391719): enable this security enforcement
         // attributionSource.enforceCallingUid();
         PermissionManager pm = context.getSystemService(PermissionManager.class);
diff --git a/android/app/tests/unit/src/com/android/bluetooth/UtilsTest.java b/android/app/tests/unit/src/com/android/bluetooth/UtilsTest.java
index b4d73bc..2b3d17e 100644
--- a/android/app/tests/unit/src/com/android/bluetooth/UtilsTest.java
+++ b/android/app/tests/unit/src/com/android/bluetooth/UtilsTest.java
@@ -120,10 +120,12 @@
         boolean enabledStatus = locationManager.isLocationEnabledForUser(userHandle);
 
         locationManager.setLocationEnabledForUser(false, userHandle);
-        assertThat(Utils.checkCallerHasCoarseLocation(context, null, userHandle)).isFalse();
+        assertThat(Utils.checkCallerHasCoarseLocation(
+                       context, context.getAttributionSource(), userHandle))
+                .isFalse();
 
         locationManager.setLocationEnabledForUser(true, userHandle);
-        Utils.checkCallerHasCoarseLocation(context, null, userHandle);
+        Utils.checkCallerHasCoarseLocation(context, context.getAttributionSource(), userHandle);
         if (!enabledStatus) {
             locationManager.setLocationEnabledForUser(false, userHandle);
         }
@@ -137,10 +139,13 @@
         boolean enabledStatus = locationManager.isLocationEnabledForUser(userHandle);
 
         locationManager.setLocationEnabledForUser(false, userHandle);
-        assertThat(Utils.checkCallerHasCoarseOrFineLocation(context, null, userHandle)).isFalse();
+        assertThat(Utils.checkCallerHasCoarseOrFineLocation(
+                       context, context.getAttributionSource(), userHandle))
+                .isFalse();
 
         locationManager.setLocationEnabledForUser(true, userHandle);
-        Utils.checkCallerHasCoarseOrFineLocation(context, null, userHandle);
+        Utils.checkCallerHasCoarseOrFineLocation(
+                context, context.getAttributionSource(), userHandle);
         if (!enabledStatus) {
             locationManager.setLocationEnabledForUser(false, userHandle);
         }
diff --git a/service/src/com/android/server/bluetooth/BtPermissionUtils.java b/service/src/com/android/server/bluetooth/BtPermissionUtils.java
index c68f25b..b3ba3b0 100644
--- a/service/src/com/android/server/bluetooth/BtPermissionUtils.java
+++ b/service/src/com/android/server/bluetooth/BtPermissionUtils.java
@@ -86,7 +86,9 @@
             String message) {
         final String permission = BLUETOOTH_CONNECT;
         AttributionSource currentSource =
-                new AttributionSource.Builder(ctx.getAttributionSource()).setNext(source).build();
+                new AttributionSource.Builder(ctx.getAttributionSource())
+                        .setNext(Objects.requireNonNull(source))
+                        .build();
         final int result =
                 permissionManager.checkPermissionForDataDeliveryFromDataSource(
                         permission, currentSource, message);