AttributionSource


public final class AttributionSource
extends Object implements Parcelable

java.lang.Object
   ↳ android.content.AttributionSource


This class represents a source to which access to permission protected data should be attributed. Attribution sources can be chained to represent cases where the protected data would flow through several applications. For example, app A may ask app B for contacts and in turn app B may ask app C for contacts. In this case, the attribution chain would be A -> B -> C and the data flow would be C -> B -> A. There are two main benefits of using the attribution source mechanism: avoid doing explicit permission checks on behalf of the calling app if you are accessing private data on their behalf to send back; avoid double data access blaming which happens as you check the calling app's permissions and when you access the data behind these permissions (for runtime permissions). Also if not explicitly blaming the caller the data access would be counted towards your app vs to the previous app where yours was just a proxy.

Every Context has an attribution source and you can get it via Context.getAttributionSource() representing itself, which is a chain of one. You can attribute work to another app, or more precisely to a chain of apps, through which the data you would be accessing would flow, via Context#createContext( ContextParams) plus specifying an attribution source for the next app to receive the protected data you are accessing via AttributionSource.Builder#setNext( AttributionSource). Creating this attribution chain ensures that the datasource would check whether every app in the attribution chain has permission to access the data before releasing it. The datasource will also record appropriately that this data was accessed by the apps in the sequence if the data is behind a sensitive permission (e.g. dangerous). Again, this is useful if you are accessing the data on behalf of another app, for example a speech recognizer using the mic so it can provide recognition to a calling app.

You can create an attribution chain of you and any other app without any verification as this is something already available via the AppOpsManager APIs. This is supported to handle cases where you don't have access to the caller's attribution source and you can directly use the AttributionSource.Builder APIs. However, if the data flows through more than two apps (more than you access the data for the caller) you need to have a handle to the AttributionSource for the calling app's context in order to create an attribution context. This means you either need to have an API for the other app to send you its attribution source or use a platform API that pipes the callers attribution source.

You cannot forge an attribution chain without the participation of every app in the attribution chain (aside of the special case mentioned above). To create an attribution source that is trusted you need to create an attribution context that points to an attribution source that was explicitly created by the app that it refers to, recursively.

Since creating an attribution context leads to all permissions for apps in the attribution chain being checked, you need to expect getting a security exception when accessing permission protected APIs since some app in the chain may not have the permission.

Summary

Nested classes

class AttributionSource.Builder

A builder for AttributionSource 

Inherited constants

Fields

public static final Creator<AttributionSource> CREATOR

Public methods

boolean checkCallingUid()

If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain.

int describeContents()

Describe the kinds of special objects contained in this Parcelable instance's marshaled representation.

void enforceCallingUid()

If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain.

boolean equals(Object o)

Indicates whether some other object is "equal to" this one.

String getAttributionTag()

The attribution tag of the app accessing the permission protected data.

int getDeviceId()

Gets the device ID for this attribution source.

AttributionSource getNext()

The next app to receive the permission protected data.

String getPackageName()

The package that is accessing the permission protected data.

int getPid()

The PID that is accessing the permission protected data.

int getUid()

The UID that is accessing the permission protected data.

int hashCode()

Returns a hash code value for the object.

boolean isTrusted(Context context)

Checks whether this attribution source can be trusted.

static AttributionSource myAttributionSource()

Returns a generic AttributionSource that represents the entire calling process.

String toString()

Returns a string representation of the object.

void writeToParcel(Parcel dest, int flags)

Flatten this object in to a Parcel.

Inherited methods

Fields

CREATOR

Added in API level 31
public static final Creator<AttributionSource> CREATOR

Public methods

checkCallingUid

Added in API level 31
public boolean checkCallingUid ()

If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain.

Returns
boolean if the attribution source cannot be trusted to be from the caller.

describeContents

Added in API level 31
public int describeContents ()

Describe the kinds of special objects contained in this Parcelable instance's marshaled representation. For example, if the object will include a file descriptor in the output of writeToParcel(android.os.Parcel, int), the return value of this method must include the CONTENTS_FILE_DESCRIPTOR bit.

Returns
int a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either 0 or CONTENTS_FILE_DESCRIPTOR

enforceCallingUid

Added in API level 31
public void enforceCallingUid ()

If you are handling an IPC and you don't trust the caller you need to validate whether the attribution source is one for the calling app to prevent the caller to pass you a source from another app without including themselves in the attribution chain.

Throws
SecurityException if the attribution source cannot be trusted to be from the caller.

equals

Added in API level 31
public boolean equals (Object o)

Indicates whether some other object is "equal to" this one.

The equals method implements an equivalence relation on non-null object references:

  • It is reflexive: for any non-null reference value x, x.equals(x) should return true.
  • It is symmetric: for any non-null reference values x and y, x.equals(y) should return true if and only if y.equals(x) returns true.
  • It is transitive: for any non-null reference values x, y, and z, if x.equals(y) returns true and y.equals(z) returns true, then x.equals(z) should return true.
  • It is consistent: for any non-null reference values x and y, multiple invocations of x.equals(y) consistently return true or consistently return false, provided no information used in equals comparisons on the objects is modified.
  • For any non-null reference value x, x.equals(null) should return false.

An equivalence relation partitions the elements it operates on into equivalence classes; all the members of an equivalence class are equal to each other. Members of an equivalence class are substitutable for each other, at least for some purposes.

Parameters
o Object: This value may be null.

Returns
boolean true if this object is the same as the obj argument; false otherwise.

getAttributionTag

Added in API level 31
public String getAttributionTag ()

The attribution tag of the app accessing the permission protected data.

Returns
String This value may be null.

getDeviceId

Added in API level 35
public int getDeviceId ()

Gets the device ID for this attribution source. Attribution source can set the device ID using Builder#setDeviceId(int), the default device ID is Context#DEVICE_ID_DEFAULT.

This device ID is used for permissions checking during attribution source validation.

Returns
int

getNext

Added in API level 31
public AttributionSource getNext ()

The next app to receive the permission protected data.

Returns
AttributionSource This value may be null.

getPackageName

Added in API level 31
public String getPackageName ()

The package that is accessing the permission protected data.

Returns
String This value may be null.

getPid

Added in API level 34
public int getPid ()

The PID that is accessing the permission protected data.

Returns
int

getUid

Added in API level 31
public int getUid ()

The UID that is accessing the permission protected data.

Returns
int

hashCode

Added in API level 31
public int hashCode ()

Returns a hash code value for the object. This method is supported for the benefit of hash tables such as those provided by HashMap.

The general contract of hashCode is:

  • Whenever it is invoked on the same object more than once during an execution of a Java application, the hashCode method must consistently return the same integer, provided no information used in equals comparisons on the object is modified. This integer need not remain consistent from one execution of an application to another execution of the same application.
  • If two objects are equal according to the equals method, then calling the hashCode method on each of the two objects must produce the same integer result.
  • It is not required that if two objects are unequal according to the equals method, then calling the hashCode method on each of the two objects must produce distinct integer results. However, the programmer should be aware that producing distinct integer results for unequal objects may improve the performance of hash tables.

Returns
int a hash code value for this object.

isTrusted

Added in API level 31
public boolean isTrusted (Context context)

Checks whether this attribution source can be trusted. That is whether the app it refers to created it and provided to the attribution chain.

Parameters
context Context: Context handle. This value cannot be null.

Returns
boolean Whether this is a trusted source.

myAttributionSource

Added in API level 33
public static AttributionSource myAttributionSource ()

Returns a generic AttributionSource that represents the entire calling process.

Callers are strongly encouraged to use a more specific attribution source whenever possible, such as from Context#getAttributionSource(), since that enables developers to have more detailed and scoped control over attribution within sub-components of their app.

Returns
AttributionSource a generic AttributionSource representing the entire calling process This value cannot be null.

Throws
IllegalStateException when no accurate AttributionSource can be determined

toString

Added in API level 31
public String toString ()

Returns a string representation of the object.

Returns
String a string representation of the object.

writeToParcel

Added in API level 31
public void writeToParcel (Parcel dest, 
                int flags)

Flatten this object in to a Parcel.

Parameters
dest Parcel: This value cannot be null.

flags int: Additional flags about how the object should be written. May be 0 or Parcelable.PARCELABLE_WRITE_RETURN_VALUE. Value is either 0 or a combination of Parcelable.PARCELABLE_WRITE_RETURN_VALUE, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES