Add ManualPermissionCheckDetector - platform/frameworks/base

diff options

author	mattgilbride <mattgilbride@google.com>	2022-07-28 19:07:25 +0000
committer	mattgilbride <mattgilbride@google.com>	2022-08-16 10:50:24 +0000
commit	a4664b66a3ea8f50b570e7bbf7bb34f04fa02439 (patch)
tree	ccb390aaa94dfbb8ad02128c172193a8a200ddf8 /libs/androidfw/StringPool.cpp
parent	2a7eb38239d2cb33d5a05a9e45dd47c171507376 (diff)

Add ManualPermissionCheckDetector

This linter looks at methods that implement an AIDL interface. If a given method contains a simple permission check, it suggests moving that check to an @EnforcePermission annotation. The intent is to keep as many permission checks as possible at a lower-level to the service implementation, thus mitigating permission bypass vulnerabilities. Also rearranges some helpers/constants for reuse, and moves everything related to aidl to its own package. Test: atest ManualPermissionCheckDetectorTest --host Bug: 232058525 Change-Id: Ie6eaf061d74bd773742aa47f731e95e4b137f438

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: