diff options
5 files changed, 225 insertions, 12 deletions
diff --git a/core/api/system-current.txt b/core/api/system-current.txt index c184ba54bdf7..aabfc86029f2 100644 --- a/core/api/system-current.txt +++ b/core/api/system-current.txt @@ -12896,6 +12896,30 @@ package android.security.authenticationpolicy { package android.security.intrusiondetection { + @FlaggedApi("android.security.afl_api") public final class IntrusionDetectionEvent implements android.os.Parcelable { + ctor public IntrusionDetectionEvent(@NonNull android.app.admin.SecurityLog.SecurityEvent); + ctor public IntrusionDetectionEvent(@NonNull android.app.admin.DnsEvent); + ctor public IntrusionDetectionEvent(@NonNull android.app.admin.ConnectEvent); + method @FlaggedApi("android.security.afl_api") public int describeContents(); + method @NonNull public android.app.admin.ConnectEvent getConnectEvent(); + method @NonNull public android.app.admin.DnsEvent getDnsEvent(); + method @NonNull public android.app.admin.SecurityLog.SecurityEvent getSecurityEvent(); + method @NonNull public int getType(); + method public void writeToParcel(@NonNull android.os.Parcel, int); + field @NonNull public static final android.os.Parcelable.Creator<android.security.intrusiondetection.IntrusionDetectionEvent> CREATOR; + field public static final int NETWORK_EVENT_CONNECT = 2; // 0x2 + field public static final int NETWORK_EVENT_DNS = 1; // 0x1 + field public static final int SECURITY_EVENT = 0; // 0x0 + } + + @FlaggedApi("android.security.afl_api") public class IntrusionDetectionEventTransport { + ctor public IntrusionDetectionEventTransport(); + method public boolean addData(@NonNull java.util.List<android.security.intrusiondetection.IntrusionDetectionEvent>); + method @NonNull public android.os.IBinder getBinder(); + method public boolean initialize(); + method public boolean release(); + } + @FlaggedApi("android.security.afl_api") public class IntrusionDetectionManager { method @RequiresPermission(android.Manifest.permission.READ_INTRUSION_DETECTION_STATE) public void addStateCallback(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Integer>); method @RequiresPermission(android.Manifest.permission.MANAGE_INTRUSION_DETECTION_STATE) public void disable(@NonNull java.util.concurrent.Executor, @NonNull android.security.intrusiondetection.IntrusionDetectionManager.CommandCallback); diff --git a/core/java/android/security/intrusiondetection/IIntrusionDetectionEventTransport.aidl b/core/java/android/security/intrusiondetection/IIntrusionDetectionEventTransport.aidl index 8759f72ca08a..eab1c156b6be 100644 --- a/core/java/android/security/intrusiondetection/IIntrusionDetectionEventTransport.aidl +++ b/core/java/android/security/intrusiondetection/IIntrusionDetectionEventTransport.aidl @@ -15,6 +15,7 @@ */ package android.security.intrusiondetection; + import android.security.intrusiondetection.IntrusionDetectionEvent; import com.android.internal.infra.AndroidFuture; @@ -24,18 +25,20 @@ oneway interface IIntrusionDetectionEventTransport { /** * Initialize the server side. */ - void initialize(in AndroidFuture<int> resultFuture); + void initialize(in AndroidFuture<boolean> resultFuture); /** - * Send intrusiondetection logging data to the backup destination. + * Send intrusiondetection logging data to the transport destination. * The data is a list of IntrusionDetectionEvent. * The IntrusionDetectionEvent is an abstract class that represents - * different type of events. + * different types of events. */ - void addData(in List<IntrusionDetectionEvent> events, in AndroidFuture<int> resultFuture); + void addData( + in List<IntrusionDetectionEvent> events, + in AndroidFuture<boolean> resultFuture); /** * Release the binder to the server. */ - void release(in AndroidFuture<int> resultFuture); + void release(in AndroidFuture<boolean> resultFuture); } diff --git a/core/java/android/security/intrusiondetection/IntrusionDetectionEvent.java b/core/java/android/security/intrusiondetection/IntrusionDetectionEvent.java index 538acf99c9fe..b479ca7a0b6f 100644 --- a/core/java/android/security/intrusiondetection/IntrusionDetectionEvent.java +++ b/core/java/android/security/intrusiondetection/IntrusionDetectionEvent.java @@ -22,6 +22,7 @@ import android.annotation.NonNull; import android.app.admin.ConnectEvent; import android.app.admin.DnsEvent; import android.app.admin.SecurityLog.SecurityEvent; +import android.annotation.SystemApi; import android.os.Parcel; import android.os.Parcelable; import android.security.Flags; @@ -31,14 +32,36 @@ import java.lang.annotation.RetentionPolicy; /** * A class that represents a intrusiondetection event. + * * @hide */ +@SystemApi @FlaggedApi(Flags.FLAG_AFL_API) public final class IntrusionDetectionEvent implements Parcelable { private static final String TAG = "IntrusionDetectionEvent"; + /** + * Event type representing a security-related event. + * This type is associated with a {@link SecurityEvent} object. + * + * @see SecurityEvent + */ public static final int SECURITY_EVENT = 0; + + /** + * Event type representing a network DNS event. + * This type is associated with a {@link DnsEvent} object. + * + * @see DnsEvent + */ public static final int NETWORK_EVENT_DNS = 1; + + /** + * Event type representing a network connection event. + * This type is associated with a {@link ConnectEvent} object. + * + * @see ConnectEvent + */ public static final int NETWORK_EVENT_CONNECT = 2; /** @hide */ @@ -67,6 +90,12 @@ public final class IntrusionDetectionEvent implements Parcelable { } }; + /** + * Creates an IntrusionDetectionEvent object with a + * {@link SecurityEvent} object as the event source. + * + * @param securityEvent The SecurityEvent object. + */ public IntrusionDetectionEvent(@NonNull SecurityEvent securityEvent) { mType = SECURITY_EVENT; mSecurityEvent = securityEvent; @@ -74,6 +103,12 @@ public final class IntrusionDetectionEvent implements Parcelable { mNetworkEventConnect = null; } + /** + * Creates an IntrusionDetectionEvent object with a + * {@link DnsEvent} object as the event source. + * + * @param dnsEvent The DnsEvent object. + */ public IntrusionDetectionEvent(@NonNull DnsEvent dnsEvent) { mType = NETWORK_EVENT_DNS; mNetworkEventDns = dnsEvent; @@ -81,6 +116,12 @@ public final class IntrusionDetectionEvent implements Parcelable { mNetworkEventConnect = null; } + /** + * Creates an IntrusionDetectionEvent object with a + * {@link ConnectEvent} object as the event source. + * + * @param connectEvent The ConnectEvent object. + */ public IntrusionDetectionEvent(@NonNull ConnectEvent connectEvent) { mType = NETWORK_EVENT_CONNECT; mNetworkEventConnect = connectEvent; diff --git a/core/java/android/security/intrusiondetection/IntrusionDetectionEventTransport.java b/core/java/android/security/intrusiondetection/IntrusionDetectionEventTransport.java new file mode 100644 index 000000000000..2e2d0f7f2dd2 --- /dev/null +++ b/core/java/android/security/intrusiondetection/IntrusionDetectionEventTransport.java @@ -0,0 +1,145 @@ +/* + * Copyright (C) 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.intrusiondetection; + +import android.annotation.FlaggedApi; +import android.annotation.NonNull; +import android.annotation.SystemApi; +import android.annotation.SuppressLint; +import android.content.ComponentName; +import android.content.Context; +import android.os.IBinder; +import android.util.CloseGuard; + +import android.security.Flags; +import android.security.intrusiondetection.IntrusionDetectionEvent; +import android.security.intrusiondetection.IIntrusionDetectionEventTransport; + +import com.android.internal.infra.AndroidFuture; + +import java.lang.AutoCloseable; +import java.util.List; + +/** + * A class that provides a stable API for transporting intrusion detection events + * to a transport location, such as a file or a network endpoint. + * + * This class acts as a bridge between the {@link IIntrusionDetectionEventTransport} + * interface and its implementations. It allows system components to add intrusion + * detection events ({@link IntrusionDetectionEvent}) to a transport queue, + * which will then be delivered to the specified location. + * + * Usage: + * 1. Obtain an instance of {@link IntrusionDetectionEventTransport} using the constructor. + * 2. Initialize the transport by calling {@link #initialize()}. + * 3. Add events to the transport queue using {@link #addData(List)}. + * 4. Release the transport when finished by calling {@link #release()}. + * + * Key Components: + * - {@link IIntrusionDetectionEventTransport}: The underlying AIDL interface + * for interacting with transport implementations. + * - {@link IntrusionDetectionEvent}: Represents a single event. + * + * @hide + */ +@SystemApi +@FlaggedApi(Flags.FLAG_AFL_API) +@SuppressLint("NotCloseable") +public class IntrusionDetectionEventTransport { + IIntrusionDetectionEventTransport mBinderImpl = new TransportImpl(); + + /** + * Returns the binder interface for this transport. + */ + @NonNull + public IBinder getBinder() { + return mBinderImpl.asBinder(); + } + + /** + * Initializes the transport. + * + * @return whether the initialization was successful. + */ + public boolean initialize() { + return false; + } + + /** + * Adds data to the transport. + * + * @param events the events to add. + * @return whether the addition was successful. + */ + public boolean addData(@NonNull List<IntrusionDetectionEvent> events) { + return false; + } + + /** + * Releases the transport. + * + * The release() method is a callback implemented by the concrete transport + * endpoint. + * The "SuppressLint" annotation is used to allow the release() method to be + * included in the API without requiring the class to implement AutoCloseable. + * + * @return whether the release was successful. + */ + public boolean release() { + return false; + } + + /** + * Bridge between the actual IIntrusionDetectionEventTransport implementation + * and the stable API. If the binder interface needs to change, we use this + * layer to translate so that we can decouple those framework-side changes + * from the IntrusionDetectionEventTransport implementations. + */ + class TransportImpl extends IIntrusionDetectionEventTransport.Stub { + @Override + public void initialize(AndroidFuture<Boolean> resultFuture) { + try { + boolean result = IntrusionDetectionEventTransport.this.initialize(); + resultFuture.complete(result); + } catch (RuntimeException e) { + resultFuture.cancel(/* mayInterruptIfRunning */ true); + } + } + + @Override + public void addData( + List<IntrusionDetectionEvent> events, + AndroidFuture<Boolean> resultFuture) { + try { + boolean result = IntrusionDetectionEventTransport.this.addData(events); + resultFuture.complete(result); + } catch (RuntimeException e) { + resultFuture.cancel(/* mayInterruptIfRunning */ true); + } + } + + @Override + public void release(AndroidFuture<Boolean> resultFuture) { + try { + boolean result = IntrusionDetectionEventTransport.this.release(); + resultFuture.complete(result); + } catch (RuntimeException e) { + resultFuture.cancel(/* mayInterruptIfRunning */ true); + } + } + } +}
\ No newline at end of file diff --git a/services/core/java/com/android/server/security/intrusiondetection/IntrusionDetectionEventTransportConnection.java b/services/core/java/com/android/server/security/intrusiondetection/IntrusionDetectionEventTransportConnection.java index 82f39b327cea..b25656ebf47f 100644 --- a/services/core/java/com/android/server/security/intrusiondetection/IntrusionDetectionEventTransportConnection.java +++ b/services/core/java/com/android/server/security/intrusiondetection/IntrusionDetectionEventTransportConnection.java @@ -60,7 +60,7 @@ public class IntrusionDetectionEventTransportConnection implements ServiceConnec if (!bindService()) { return false; } - AndroidFuture<Integer> resultFuture = new AndroidFuture<>(); + AndroidFuture<Boolean> resultFuture = new AndroidFuture<>(); try { mService.initialize(resultFuture); } catch (RemoteException e) { @@ -68,8 +68,8 @@ public class IntrusionDetectionEventTransportConnection implements ServiceConnec unbindService(); return false; } - Integer result = getFutureResult(resultFuture); - if (result != null && result == 0) { + Boolean result = getFutureResult(resultFuture); + if (result != null && result == true) { return true; } else { unbindService(); @@ -83,22 +83,22 @@ public class IntrusionDetectionEventTransportConnection implements ServiceConnec * @return Whether the data is added to the binder service. */ public boolean addData(List<IntrusionDetectionEvent> data) { - AndroidFuture<Integer> resultFuture = new AndroidFuture<>(); + AndroidFuture<Boolean> resultFuture = new AndroidFuture<>(); try { mService.addData(data, resultFuture); } catch (RemoteException e) { Slog.e(TAG, "Remote Exception", e); return false; } - Integer result = getFutureResult(resultFuture); - return result != null && result == 0; + Boolean result = getFutureResult(resultFuture); + return result != null && result == true; } /** * Release the BackupTransport binder service. */ public void release() { - AndroidFuture<Integer> resultFuture = new AndroidFuture<>(); + AndroidFuture<Boolean> resultFuture = new AndroidFuture<>(); try { mService.release(resultFuture); } catch (RemoteException e) { |