Use the calling worksource uid for trusted apps.

- Set ThreadLocalWorkSource to the work source uid when app has the
UPDATE_DEVICE_STATS permission. We only enable that in system server for
now.
- By default, set ThreadLocalWorkSource to the calling uid since we
always trust this value.
- If an app sets a work source uid without having the right permission,
we just ignore it (we do not throw an exception)

A follow-up commit will update the code to use the worksource from the
beginning of the call. Currently we get the work source at the end
inside of BinderCallStats, however the value might have been changed
when executing onTransact.

Test: atest binderLibTest BinderWorkSourceTest BinderCallsStatsServiceTest
Change-Id: I351b8ac2b31feececc46c73f373f198b9b603c7e

2 files changed, 12 insertions, 6 deletions

diff --git a/core/java/android/os/Binder.java b/core/java/android/os/Binder.java
index 64314a7d8060..1efbc6b401c0 100644
--- a/core/java/android/os/Binder.java
+++ b/core/java/android/os/Binder.java
@@ -85,6 +85,15 @@ public class Binder implements IBinder {
     public static boolean LOG_RUNTIME_EXCEPTION = false; // DO NOT SUBMIT WITH TRUE
 
     /**
+     * Value to represents that a calling work source is not set.
+     *
+     * This constatnt needs to be kept in sync with IPCThreadState::kUnsetWorkSource.
+     *
+     * @hide
+     */
+    public static final int UNSET_WORKSOURCE = -1;
+
+    /**
      * Control whether dump() calls are allowed.
      */
     private static volatile String sDumpDisabled = null;
@@ -449,8 +458,6 @@ public class Binder implements IBinder {
      * }
      * </pre>
      *
-     * <p>The work source will be propagated for future outgoing binder transactions
-     * executed on this thread.
      * @hide
      **/
     @CriticalNative
@@ -972,7 +979,6 @@ public class Binder implements IBinder {
         if (observer != null) {
             observer.callEnded(callSession, requestSizeBytes, replySizeBytes);
         }
-
         return res;
     }
 }
diff --git a/core/java/com/android/internal/os/BinderCallsStats.java b/core/java/com/android/internal/os/BinderCallsStats.java
index a87bbf33ca9e..925dbdc3f367 100644
--- a/core/java/com/android/internal/os/BinderCallsStats.java
+++ b/core/java/com/android/internal/os/BinderCallsStats.java
@@ -21,6 +21,7 @@ import android.annotation.Nullable;
 import android.os.Binder;
 import android.os.Process;
 import android.os.SystemClock;
+import android.os.ThreadLocalWorkSource;
 import android.os.UserHandle;
 import android.text.format.DateFormat;
 import android.util.ArrayMap;
@@ -162,8 +163,7 @@ public class BinderCallsStats implements BinderInternal.Observer {
                 return;
             }
 
-            final boolean isWorkSourceSet = workSourceUid >= 0;
-            final UidEntry uidEntry = getUidEntry(isWorkSourceSet ? workSourceUid : callingUid);
+            final UidEntry uidEntry = getUidEntry(workSourceUid);
             uidEntry.callCount++;
 
             if (recordCall) {
@@ -464,7 +464,7 @@ public class BinderCallsStats implements BinderInternal.Observer {
     }
 
     protected int getWorkSourceUid() {
-        return Binder.getCallingWorkSourceUid();
+        return ThreadLocalWorkSource.getUid();
     }
 
     protected long getElapsedRealtimeMicro() {