From 70348a267209502e71f571c3348071e6bbafd2eb Mon Sep 17 00:00:00 2001 From: Chiachang Wang Date: Mon, 19 Apr 2021 10:59:24 +0800 Subject: [PATCH] Update the permission check for dump ServicePermissionsTest#testDumpProtected expects to see nothing from dump() if the caller does not have the required permission. After the refactor the ConnectivityService#dump(). It does not leak real information for those callers without permission but show the title of dumpsys, i.e. it shows "DUMP OF SERVICE HIGH connectivity". This breaks the test since the test expects to see nothing. Move the permission check to the front of dump call stack since there is no way to call other private dump related methods. Bug: 185425662 Test: atest android.security.cts.ServicePermissionsTest Test: adb shell dumpsys connectivity Change-Id: I173c968a4f1c4d6f618ed87725a6ccda8d309988 --- services/core/java/com/android/server/ConnectivityService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index efb376863c..a1e3d326bf 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -2789,6 +2789,8 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override protected void dump(@NonNull FileDescriptor fd, @NonNull PrintWriter writer, @Nullable String[] args) { + if (!checkDumpPermission(mContext, TAG, writer)) return; + mPriorityDumper.dump(fd, writer, args); } @@ -2806,7 +2808,6 @@ public class ConnectivityService extends IConnectivityManager.Stub private void doDump(FileDescriptor fd, PrintWriter writer, String[] args) { final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); - if (!checkDumpPermission(mContext, TAG, pw)) return; if (CollectionUtils.contains(args, DIAG_ARG)) { dumpNetworkDiagnostics(pw);