Add @Enforce AIDL annotation
If used, this annotation will add logic in the Binder stub to verify the
caller's permissions. The annotation is in the format:
@Enforce(condition="permission = READ_PHONE_STATE || uid = SYSTEM_UID")
void Method();
Permissions should be constants defined in the
android.Manifest.permission class. UIDs should be constants defined in
the android.os.Process class.
Only Java service implementations are supported for now.
Bug: 197828948
Test: aidl-golden-test
Change-Id: Id80680de4ba09fcfacbb66079fa4d015809001b7
diff --git a/aidl_language.cpp b/aidl_language.cpp
index 5941f35..95b84b4 100644
--- a/aidl_language.cpp
+++ b/aidl_language.cpp
@@ -35,6 +35,7 @@
#include "aidl_language_y.h"
#include "comments.h"
#include "logging.h"
+#include "permission/parser.h"
#include "aidl.h"
@@ -155,6 +156,7 @@
"SuppressWarnings",
CONTEXT_TYPE | CONTEXT_MEMBER,
{{"value", kStringArrayType, /* required= */ true}}},
+ {AidlAnnotation::Type::ENFORCE, "Enforce", CONTEXT_METHOD, {{"condition", kStringType}}},
};
return kSchemas;
}
@@ -394,6 +396,24 @@
return {};
}
+// Parses the @Enforce annotation expression.
+std::unique_ptr<perm::Expression> AidlAnnotatable::EnforceExpression(
+ const AidlNode& context) const {
+ auto annot = GetAnnotation(annotations_, AidlAnnotation::Type::ENFORCE);
+ if (annot) {
+ auto perm_expr = annot->ParamValue<std::string>("condition");
+ if (perm_expr.has_value()) {
+ auto expr = perm::Parser::Parse(perm_expr.value());
+ if (expr.ok()) {
+ return std::move(expr.value());
+ }
+ AIDL_FATAL(context) << "Unable to parse @Enforce annotation: " << expr.error();
+ }
+ AIDL_FATAL(context) << "@Enforce annotation without condition";
+ }
+ return {};
+}
+
bool AidlAnnotatable::IsStableApiParcelable(Options::Language lang) const {
return lang == Options::Language::JAVA &&
GetAnnotation(annotations_, AidlAnnotation::Type::JAVA_STABLE_PARCELABLE);