Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / a4664b66a3ea8f50b570e7bbf7bb34f04fa02439
commita4664b66a3ea8f50b570e7bbf7bb34f04fa02439[log] [tgz]
authormattgilbride <mattgilbride@google.com>Thu Jul 28 19:07:25 2022 +0000
committermattgilbride <mattgilbride@google.com>Tue Aug 16 10:50:24 2022 +0000
treeccb390aaa94dfbb8ad02128c172193a8a200ddf8
parent2a7eb38239d2cb33d5a05a9e45dd47c171507376 [diff]
Add ManualPermissionCheckDetector

This linter looks at methods that implement an AIDL interface.
If a given method contains a simple permission check, it suggests
moving that check to an @EnforcePermission annotation. The intent
is to keep as many permission checks as possible at a lower-level
to the service implementation, thus mitigating permission bypass
vulnerabilities.

Also rearranges some helpers/constants for reuse, and moves everything related to aidl to its own package.

Test: atest ManualPermissionCheckDetectorTest --host
Bug: 232058525
Change-Id: Ie6eaf061d74bd773742aa47f731e95e4b137f438
10 files changed
tree: ccb390aaa94dfbb8ad02128c172193a8a200ddf8
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. lowpan/
  19. media/
  20. mime/
  21. mms/
  22. native/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. rs/
  30. samples/
  31. sax/
  32. services/
  33. startop/
  34. telecomm/
  35. telephony/
  36. test-base/
  37. test-legacy/
  38. test-mock/
  39. test-runner/
  40. tests/
  41. tools/
  42. wifi/
  43. .clang-format
  44. .gitignore
  45. .mailmap
  46. Android.bp
  47. Android.mk
  48. ApiDocs.bp
  49. BATTERY_STATS_OWNERS
  50. CleanSpec.mk
  51. framework-jarjar-rules.txt
  52. GAME_MANAGER_OWNERS
  53. INPUT_OWNERS
  54. lint-baseline.xml
  55. METADATA
  56. MODULE_LICENSE_APACHE2
  57. MULTIUSER_OWNERS
  58. NOTICE
  59. OWNERS
  60. OWNERS.md
  61. PACKAGE_MANAGER_OWNERS
  62. pathmap.mk
  63. PREUPLOAD.cfg
  64. ProtoLibraries.bp
  65. StubLibraries.bp
  66. TEST_MAPPING
  67. TestProtoLibraries.bp
  68. TRACE_OWNERS
  69. ZYGOTE_OWNERS