# Print output for @column tags ?>
public
final
class
AttributionSource
extends Object
implements
Parcelable
java.lang.Object | |
↳ | android.content.AttributionSource |
This class represents a source to which access to permission protected data should be attributed. Attribution sources can be chained to represent cases where the protected data would flow through several applications. For example, app A may ask app B for contacts and in turn app B may ask app C for contacts. In this case, the attribution chain would be A -> B -> C and the data flow would be C -> B -> A. There are two main benefits of using the attribution source mechanism: avoid doing explicit permission checks on behalf of the calling app if you are accessing private data on their behalf to send back; avoid double data access blaming which happens as you check the calling app's permissions and when you access the data behind these permissions (for runtime permissions). Also if not explicitly blaming the caller the data access would be counted towards your app vs to the previous app where yours was just a proxy.
Every Context
has an attribution source and you can get it via Context.getAttributionSource()
representing itself, which is a chain of one. You
can attribute work to another app, or more precisely to a chain of apps, through
which the data you would be accessing would flow, via Context#createContext(
ContextParams)
plus specifying an attribution source for the next app to receive
the protected data you are accessing via AttributionSource.Builder#setNext(
AttributionSource)
. Creating this attribution chain ensures that the datasource would
check whether every app in the attribution chain has permission to access the data
before releasing it. The datasource will also record appropriately that this data was
accessed by the apps in the sequence if the data is behind a sensitive permission
(e.g. dangerous). Again, this is useful if you are accessing the data on behalf of another
app, for example a speech recognizer using the mic so it can provide recognition to
a calling app.
You can create an attribution chain of you and any other app without any verification
as this is something already available via the AppOpsManager
APIs.
This is supported to handle cases where you don't have access to the caller's attribution
source and you can directly use the AttributionSource.Builder
APIs. However,
if the data flows through more than two apps (more than you access the data for the
caller) you need to have a handle to the AttributionSource
for the calling app's
context in order to create an attribution context. This means you either need to have an
API for the other app to send you its attribution source or use a platform API that pipes
the callers attribution source.
You cannot forge an attribution chain without the participation of every app in the attribution chain (aside of the special case mentioned above). To create an attribution source that is trusted you need to create an attribution context that points to an attribution source that was explicitly created by the app that it refers to, recursively.
Since creating an attribution context leads to all permissions for apps in the attribution chain being checked, you need to expect getting a security exception when accessing permission protected APIs since some app in the chain may not have the permission.
Nested classes | |
---|---|
class |
AttributionSource.Builder
A builder for |
Inherited constants |
---|
Fields | |
---|---|
public
static
final
Creator<AttributionSource> |
CREATOR
|
Public methods | |
---|---|
boolean
|
checkCallingUid()
If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain. |
int
|
describeContents()
Describe the kinds of special objects contained in this Parcelable instance's marshaled representation. |
void
|
enforceCallingUid()
If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain. |
boolean
|
equals(Object o)
Indicates whether some other object is "equal to" this one. |
String
|
getAttributionTag()
The attribution tag of the app accessing the permission protected data. |
AttributionSource
|
getNext()
The next app to receive the permission protected data. |
String
|
getPackageName()
The package that is accessing the permission protected data. |
int
|
getUid()
The UID that is accessing the permission protected data. |
int
|
hashCode()
Returns a hash code value for the object. |
boolean
|
isTrusted(Context context)
Checks whether this attribution source can be trusted. |
String
|
toString()
Returns a string representation of the object. |
void
|
writeToParcel(Parcel dest, int flags)
Flatten this object in to a Parcel. |
Inherited methods | |
---|---|
public boolean checkCallingUid ()
If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain. f
Returns | |
---|---|
boolean |
if the attribution source cannot be trusted to be from the caller. |
public int describeContents ()
Describe the kinds of special objects contained in this Parcelable
instance's marshaled representation. For example, if the object will
include a file descriptor in the output of writeToParcel(android.os.Parcel, int)
,
the return value of this method must include the
CONTENTS_FILE_DESCRIPTOR
bit.
Returns | |
---|---|
int |
a bitmask indicating the set of special object types marshaled
by this Parcelable object instance.
Value is either 0 or CONTENTS_FILE_DESCRIPTOR |
public void enforceCallingUid ()
If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain.
Throws | |
---|---|
SecurityException |
if the attribution source cannot be trusted to be from the caller. |
public boolean equals (Object o)
Indicates whether some other object is "equal to" this one.
The equals
method implements an equivalence relation
on non-null object references:
x
, x.equals(x)
should return
true
.
x
and y
, x.equals(y)
should return true
if and only if
y.equals(x)
returns true
.
x
, y
, and z
, if
x.equals(y)
returns true
and
y.equals(z)
returns true
, then
x.equals(z)
should return true
.
x
and y
, multiple invocations of
x.equals(y)
consistently return true
or consistently return false
, provided no
information used in equals
comparisons on the
objects is modified.
x
,
x.equals(null)
should return false
.
The equals
method for class Object
implements
the most discriminating possible equivalence relation on objects;
that is, for any non-null reference values x
and
y
, this method returns true
if and only
if x
and y
refer to the same object
(x == y
has the value true
).
Note that it is generally necessary to override the hashCode
method whenever this method is overridden, so as to maintain the
general contract for the hashCode
method, which states
that equal objects must have equal hash codes.
Parameters | |
---|---|
o |
Object : This value may be null . |
Returns | |
---|---|
boolean |
true if this object is the same as the obj
argument; false otherwise. |
public String getAttributionTag ()
The attribution tag of the app accessing the permission protected data.
Returns | |
---|---|
String |
This value may be null . |
public AttributionSource getNext ()
The next app to receive the permission protected data.
Returns | |
---|---|
AttributionSource |
This value may be null . |
public String getPackageName ()
The package that is accessing the permission protected data.
Returns | |
---|---|
String |
This value may be null . |
public int getUid ()
The UID that is accessing the permission protected data.
Returns | |
---|---|
int |
public int hashCode ()
Returns a hash code value for the object. This method is
supported for the benefit of hash tables such as those provided by
HashMap
.
The general contract of hashCode
is:
hashCode
method
must consistently return the same integer, provided no information
used in equals
comparisons on the object is modified.
This integer need not remain consistent from one execution of an
application to another execution of the same application.
equals(Object)
method, then calling the hashCode
method on each of
the two objects must produce the same integer result.
equals(java.lang.Object)
method, then calling the hashCode
method on each of the
two objects must produce distinct integer results. However, the
programmer should be aware that producing distinct integer results
for unequal objects may improve the performance of hash tables.
As much as is reasonably practical, the hashCode method defined by
class Object
does return distinct integers for distinct
objects. (This is typically implemented by converting the internal
address of the object into an integer, but this implementation
technique is not required by the
Java™ programming language.)
Returns | |
---|---|
int |
a hash code value for this object. |
public boolean isTrusted (Context context)
Checks whether this attribution source can be trusted. That is whether the app it refers to created it and provided to the attribution chain.
Parameters | |
---|---|
context |
Context : Context handle.
This value cannot be null . |
Returns | |
---|---|
boolean |
Whether this is a trusted source. |
public String toString ()
Returns a string representation of the object. In general, the
toString
method returns a string that
"textually represents" this object. The result should
be a concise but informative representation that is easy for a
person to read.
It is recommended that all subclasses override this method.
The toString
method for class Object
returns a string consisting of the name of the class of which the
object is an instance, the at-sign character `@
', and
the unsigned hexadecimal representation of the hash code of the
object. In other words, this method returns a string equal to the
value of:
getClass().getName() + '@' + Integer.toHexString(hashCode())
Returns | |
---|---|
String |
a string representation of the object. |
public void writeToParcel (Parcel dest, int flags)
Flatten this object in to a Parcel.
Parameters | |
---|---|
dest |
Parcel : This value cannot be null . |
flags |
int : Additional flags about how the object should be written.
May be 0 or Parcelable.PARCELABLE_WRITE_RETURN_VALUE .
Value is either 0 or a combination of Parcelable.PARCELABLE_WRITE_RETURN_VALUE , and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES |