From f1077c30952f17a34b545ac3374625c0d8be1bd3 Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Fri, 31 Mar 2017 14:08:23 -0600 Subject: [PATCH] Consistent dump() permission checking. This change introduces new methods on DumpUtils that can check if the caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all existing dump() methods to use these checks so that we emit consistent error messages. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca --- services/core/java/com/android/server/NsdService.java | 9 ++------- .../java/com/android/server/net/NetworkStatsService.java | 3 ++- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/services/core/java/com/android/server/NsdService.java b/services/core/java/com/android/server/NsdService.java index a44b065d42..8ae95d5ada 100644 --- a/services/core/java/com/android/server/NsdService.java +++ b/services/core/java/com/android/server/NsdService.java @@ -41,6 +41,7 @@ import java.util.HashMap; import java.util.concurrent.CountDownLatch; import com.android.internal.util.AsyncChannel; +import com.android.internal.util.DumpUtils; import com.android.internal.util.Protocol; import com.android.internal.util.State; import com.android.internal.util.StateMachine; @@ -811,13 +812,7 @@ public class NsdService extends INsdManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ServiceDiscoverService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; for (ClientInfo client : mClients.values()) { pw.println("Client Info"); diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 6d666e890f..e746355097 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -122,6 +122,7 @@ import android.util.proto.ProtoOutputStream; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.net.VpnInfo; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FileRotator; import com.android.internal.util.IndentingPrintWriter; import com.android.server.EventLogTags; @@ -1234,7 +1235,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter rawWriter, String[] args) { - mContext.enforceCallingOrSelfPermission(DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, rawWriter)) return; long duration = DateUtils.DAY_IN_MILLIS; final HashSet argSet = new HashSet();