diff options
| author | 2023-12-23 15:21:08 +0000 | |
|---|---|---|
| committer | 2023-12-23 15:21:08 +0000 | |
| commit | 8d4680ecf819cba62dbccd6870825d0ee458f589 (patch) | |
| tree | 640798df7d8869544725b89442ff14c97c8ebe16 | |
| parent | b55243ae8e480bd205af6eb6908042d2b9455ab0 (diff) | |
| parent | c39b0d2ccf3b9a7e505136109403c0a857f9f9f5 (diff) | |
Merge "[Permissions] Add temporary logging to debug Bluetooth security exception" into main
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index d3931a303d0d..10e6edc2941f 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -26,6 +26,7 @@ import static android.app.AppOpsManager.ATTRIBUTION_FLAGS_NONE; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_ERRORED; import static android.app.AppOpsManager.MODE_IGNORED; +import static android.app.AppOpsManager.OP_BLUETOOTH_CONNECT; import static android.content.pm.ApplicationInfo.AUTO_REVOKE_DISALLOWED; import static android.content.pm.ApplicationInfo.AUTO_REVOKE_DISCOURAGED; @@ -1228,6 +1229,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { sPlatformPermissions.put(permission, permissionInfo); } } catch (PackageManager.NameNotFoundException ignored) { + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as package" + + " not found when retrieving permission info"); + } return PermissionChecker.PERMISSION_HARD_DENIED; } } @@ -1347,17 +1353,34 @@ public class PermissionManagerService extends IPermissionManager.Stub { // way we can avoid the datasource creating an attribution context for every call. if (!(fromDatasource && current.equals(attributionSource)) && next != null && !current.isTrusted(context)) { + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as " + + current + " attribution source isn't a data source and " + + current + " isn't trusted"); + } return PermissionChecker.PERMISSION_HARD_DENIED; } // If we already checked the permission for this one, skip the work if (!skipCurrentChecks && !checkPermission(context, permissionManagerServiceInt, permission, current)) { + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as we" + + " aren't skipping permission checks and permission check returns" + + " false for " + current); + } return PermissionChecker.PERMISSION_HARD_DENIED; } if (next != null && !checkPermission(context, permissionManagerServiceInt, permission, next)) { + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as" + + " permission check returns false for next source " + next); + } return PermissionChecker.PERMISSION_HARD_DENIED; } @@ -1402,6 +1425,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { switch (opMode) { case AppOpsManager.MODE_ERRORED: { + if (permission.equals(Manifest.permission.BLUETOOTH_CONNECT)) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as op" + + " mode is MODE_ERRORED for " + attributionSource); + } return PermissionChecker.PERMISSION_HARD_DENIED; } case AppOpsManager.MODE_IGNORED: { @@ -1670,6 +1697,12 @@ public class PermissionManagerService extends IPermissionManager.Stub { final AttributionSource resolvedAttributionSource = resolveAttributionSource( context, accessorSource); if (resolvedAttributionSource.getPackageName() == null) { + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (op == OP_BLUETOOTH_CONNECT) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as resolved" + + "package name for " + resolvedAttributionSource + " returned" + + " null"); + } return AppOpsManager.MODE_ERRORED; } int notedOp = op; @@ -1683,6 +1716,13 @@ public class PermissionManagerService extends IPermissionManager.Stub { if (attributedOp != AppOpsManager.OP_NONE && attributedOp != op) { checkedOpResult = appOpsManager.checkOpNoThrow(op, resolvedAttributionSource); if (checkedOpResult == MODE_ERRORED) { + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (op == OP_BLUETOOTH_CONNECT) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as" + + " checkOp for resolvedAttributionSource " + + resolvedAttributionSource + " and op " + op + + " returned MODE_ERRORED"); + } return checkedOpResult; } notedOp = attributedOp; @@ -1722,7 +1762,22 @@ public class PermissionManagerService extends IPermissionManager.Stub { throw new SecurityException(msg + ":" + e.getMessage()); } } - return Math.max(checkedOpResult, notedOpResult); + int result = Math.max(checkedOpResult, notedOpResult); + // TODO(b/302609140): Remove extra logging after this issue is diagnosed. + if (op == OP_BLUETOOTH_CONNECT && result == MODE_ERRORED) { + if (result == checkedOpResult) { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as" + + " checkOp for resolvedAttributionSource " + + resolvedAttributionSource + " and op " + op + + " returned MODE_ERRORED"); + } else { + Slog.e(LOG_TAG, "BLUETOOTH_CONNECT permission hard denied as" + + " noteOp for resolvedAttributionSource " + + resolvedAttributionSource + " and op " + notedOp + + " returned MODE_ERRORED"); + } + } + return result; } } |