adservices/service-core/java/com/android/adservices/service/measurement/access/ManifestBasedAdtechAccessResolver.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

/*
 * Copyright (C) 2022 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.adservices.service.measurement.access;

import static android.adservices.common.AdServicesStatusUtils.STATUS_CALLER_NOT_ALLOWED;

import android.adservices.common.AdServicesStatusUtils;
import android.annotation.NonNull;
import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;

import com.android.adservices.data.enrollment.EnrollmentDao;
import com.android.adservices.service.Flags;
import com.android.adservices.service.common.AppManifestConfigHelper;
import com.android.adservices.service.enrollment.EnrollmentData;

/** Resolves whether the app developer has included the adtech in the app manifest. */
public class ManifestBasedAdtechAccessResolver implements IAccessResolver {
    private static final String ERROR_MESSAGE = "Caller is not authorized.";
    private final EnrollmentDao mEnrollmentDao;
    private final Flags mFlags;
    private final String mPackageName;
    private final Uri mUrl;

    public ManifestBasedAdtechAccessResolver(
            @NonNull EnrollmentDao enrollmentDao,
            @NonNull Flags flags,
            @NonNull String packageName,
            Uri url) {
        mEnrollmentDao = enrollmentDao;
        mFlags = flags;
        mPackageName = packageName;
        mUrl = url;
    }

    @Override
    public boolean isAllowed(@NonNull Context context) {
        if (mFlags.isDisableMeasurementEnrollmentCheck()) {
            return true;
        }
        /* Note: The following block of code only checks (and returns false) if the
        first URL in the chain is not allowed based on enrollment. The ones that appear
        later in the chain will be silently dropped if not included in the enrollment list.
        This is implemented elsewhere.
        TODO: verify that the above behavior aligns with the expectation of the serving
        adtech.
        */
        if (mUrl == null || TextUtils.isEmpty(mUrl.toString())) {
            return false;
        }
        String uriWithoutParams = mUrl.buildUpon().clearQuery().fragment(null).build().toString();
        EnrollmentData enrollment =
                mEnrollmentDao.getEnrollmentDataFromMeasurementUrl(uriWithoutParams);
        boolean enrollmentKnown = (enrollment != null) && (enrollment.getEnrollmentId() != null);
        return enrollmentKnown
                && AppManifestConfigHelper.isAllowedAttributionAccess(
                        context, mPackageName, enrollment.getEnrollmentId());
    }

    @NonNull
    @Override
    public String getErrorMessage() {
        return ERROR_MESSAGE;
    }

    @NonNull
    @Override
    @AdServicesStatusUtils.StatusCode
    public int getErrorStatusCode() {
        return STATUS_CALLER_NOT_ALLOWED;
    }
}