Optimize AttributionSource tokens - base

For cases where the attribution soruce doesn't need to be
registered as trusted we are now using a shares static
token since the only purpose of the token in these cases
is for watching the source process dying as opposed to that
and security for registered cases.

bug: 192415943

Test: CtsPermissionTestCases
      CtsPermission2TestCases
      CtsPermission3TestCases
      CtsPermission4TestCases
      CtsPermission5TestCases

Change-Id: I93fde9ca1cacada7929761533dcae11b2736ce1e

3 files changed, 24 insertions, 6 deletions

diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
index 5e99c79a7497..f52fdc562b13 100644
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -3149,7 +3149,8 @@ class ContextImpl extends Context {
         // If we want to access protected data on behalf of another app we need to
         // tell the OS that we opt in to participate in the attribution chain.
         if (nextAttributionSource != null) {
-            getSystemService(PermissionManager.class).registerAttributionSource(attributionSource);
+            attributionSource = getSystemService(PermissionManager.class)
+                    .registerAttributionSource(attributionSource);
         }
         return attributionSource;
     }
diff --git a/core/java/android/content/AttributionSource.java b/core/java/android/content/AttributionSource.java
index c499f691b69a..d63ce0f4a943 100644
--- a/core/java/android/content/AttributionSource.java
+++ b/core/java/android/content/AttributionSource.java
@@ -88,6 +88,8 @@ import java.util.Set;
 public final class AttributionSource implements Parcelable {
     private static final String DESCRIPTOR = "android.content.AttributionSource";
 
+    private static final Binder sDefaultToken = new Binder(DESCRIPTOR);
+
     private final @NonNull AttributionSourceState mAttributionSourceState;
 
     private @Nullable AttributionSource mNextCached;
@@ -97,7 +99,7 @@ public final class AttributionSource implements Parcelable {
     @TestApi
     public AttributionSource(int uid, @Nullable String packageName,
             @Nullable String attributionTag) {
-        this(uid, packageName, attributionTag, new Binder(DESCRIPTOR));
+        this(uid, packageName, attributionTag, sDefaultToken);
     }
 
     /** @hide */
@@ -132,7 +134,7 @@ public final class AttributionSource implements Parcelable {
 
     AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag,
             @Nullable String[] renouncedPermissions, @Nullable AttributionSource next) {
-        this(uid, packageName, attributionTag, new Binder(DESCRIPTOR), renouncedPermissions, next);
+        this(uid, packageName, attributionTag, sDefaultToken, renouncedPermissions, next);
     }
 
     AttributionSource(int uid, @Nullable String packageName, @Nullable String attributionTag,
@@ -170,6 +172,12 @@ public final class AttributionSource implements Parcelable {
     }
 
     /** @hide */
+    public AttributionSource withToken(@NonNull Binder token) {
+        return new AttributionSource(getUid(), getPackageName(), getAttributionTag(),
+                token, mAttributionSourceState.renouncedPermissions, getNext());
+    }
+
+    /** @hide */
     public @NonNull AttributionSourceState asState() {
         return mAttributionSourceState;
     }
@@ -543,7 +551,9 @@ public final class AttributionSource implements Parcelable {
             if ((mBuilderFieldsSet & 0x10) == 0) {
                 mAttributionSourceState.next = null;
             }
-            mAttributionSourceState.token = new Binder(DESCRIPTOR);
+
+            mAttributionSourceState.token = sDefaultToken;
+
             if (mAttributionSourceState.next == null) {
                 // The NDK aidl backend doesn't support null parcelable arrays.
                 mAttributionSourceState.next = new AttributionSourceState[0];
diff --git a/core/java/android/permission/PermissionManager.java b/core/java/android/permission/PermissionManager.java
index 4ef0e6e785e8..a52ede87880e 100644
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@@ -44,6 +44,7 @@ import android.content.pm.PermissionGroupInfo;
 import android.content.pm.PermissionInfo;
 import android.content.pm.permission.SplitPermissionInfoParcelable;
 import android.media.AudioManager;
+import android.os.Binder;
 import android.os.Build;
 import android.os.Handler;
 import android.os.Looper;
@@ -1163,18 +1164,24 @@ public final class PermissionManager {
      * that doesn't participate in an attribution chain.
      *
      * @param source The attribution source to register.
+     * @return The registered new attribution source.
      *
      * @see #isRegisteredAttributionSource(AttributionSource)
      *
      * @hide
      */
     @TestApi
-    public void registerAttributionSource(@NonNull AttributionSource source) {
+    public @NonNull AttributionSource registerAttributionSource(@NonNull AttributionSource source) {
+        // We use a shared static token for sources that are not registered since the token's
+        // only used for process death detection. If we are about to use the source for security
+        // enforcement we need to replace the binder with a unique one.
+        final AttributionSource registeredSource = source.withToken(new Binder());
         try {
-            mPermissionManager.registerAttributionSource(source);
+            mPermissionManager.registerAttributionSource(registeredSource);
         } catch (RemoteException e) {
             e.rethrowFromSystemServer();
         }
+        return registeredSource;
     }
 
     /**