commit 5a4db21004e3485cdbb98214af4568362cff9b68
author Thiébaud Weksteen <tweek@google.com> Thu Sep 02 17:09:34 2021 +0200
committer Thiébaud Weksteen <tweek@google.com> Wed Sep 15 08:38:04 2021 +0000
tree 0b28b9633d18163271f79f8dcac382e578aefcce
parent 442cacfc96f69adce7b55bd28cf07a75fbcb4b65

Add @Enforce AIDL annotation

If used, this annotation will add logic in the Binder stub to verify the
caller's permissions. The annotation is in the format:

@Enforce(condition="permission = READ_PHONE_STATE || uid = SYSTEM_UID")
void Method();

Permissions should be constants defined in the
android.Manifest.permission class. UIDs should be constants defined in
the android.os.Process class.

Only Java service implementations are supported for now.

Bug: 197828948
Test: aidl-golden-test
Change-Id: Id80680de4ba09fcfacbb66079fa4d015809001b7

aidl_language.h

diff --git a/aidl_language.h b/aidl_language.h
index 973f20c..db92535 100644
--- a/aidl_language.h
+++ b/aidl_language.h
@@ -32,6 +32,7 @@
 #include "location.h"
 #include "logging.h"
 #include "options.h"
+#include "permission/parser.h"
 
 using android::aidl::AidlTypenames;
 using android::aidl::CodeWriter;
@@ -231,6 +232,7 @@
     DESCRIPTOR,
     RUST_DERIVE,
     SUPPRESS_WARNINGS,
+    ENFORCE,
   };
 
   using TargetContext = uint16_t;
@@ -349,6 +351,7 @@
   const AidlAnnotation* RustDerive() const;
   const AidlAnnotation* BackingType() const;
   std::vector<std::string> SuppressWarnings() const;
+  std::unique_ptr<perm::Expression> EnforceExpression(const AidlNode&) const;
 
   // ToString is for dumping AIDL.
   // Returns string representation of annotations.
@@ -1287,4 +1290,4 @@
     n.DispatchVisit(v);
   };
   bottom_up(node);
-}
\ No newline at end of file
+}