LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Consistent dump() permission checking.

Browse Source 
This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access.  It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
This commit is contained in:
Jeff Sharkey
2017-03-31 14:08:23 -06:00
parent f8dd5d479a
commit f1077c3095
2 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
services/core/java/com/android/server/NsdService.java
View File

@@ -41,6 +41,7 @@ import java.util.HashMap;
import java.util.concurrent.CountDownLatch; import java.util.concurrent.CountDownLatch;
import com.android.internal.util.AsyncChannel; import com.android.internal.util.AsyncChannel;
import com.android.internal.util.DumpUtils;
import com.android.internal.util.Protocol; import com.android.internal.util.Protocol;
import com.android.internal.util.State; import com.android.internal.util.State;
import com.android.internal.util.StateMachine; import com.android.internal.util.StateMachine;
@@ -811,13 +812,7 @@ public class NsdService extends INsdManager.Stub {
@Override @Override
public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
!= PackageManager.PERMISSION_GRANTED) {
pw.println("Permission Denial: can't dump ServiceDiscoverService from from pid="
+ Binder.getCallingPid()
+ ", uid=" + Binder.getCallingUid());
return;
}
for (ClientInfo client : mClients.values()) { for (ClientInfo client : mClients.values()) {
pw.println("Client Info"); pw.println("Client Info");

3
services/core/java/com/android/server/net/NetworkStatsService.java
View File

@@ -122,6 +122,7 @@ import android.util.proto.ProtoOutputStream;
import com.android.internal.annotations.VisibleForTesting; import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.VpnInfo; import com.android.internal.net.VpnInfo;
import com.android.internal.util.ArrayUtils; import com.android.internal.util.ArrayUtils;
import com.android.internal.util.DumpUtils;
import com.android.internal.util.FileRotator; import com.android.internal.util.FileRotator;
import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.IndentingPrintWriter;
import com.android.server.EventLogTags; import com.android.server.EventLogTags;
@@ -1234,7 +1235,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
@Override @Override
protected void dump(FileDescriptor fd, PrintWriter rawWriter, String[] args) { protected void dump(FileDescriptor fd, PrintWriter rawWriter, String[] args) {
mContext.enforceCallingOrSelfPermission(DUMP, TAG); if (!DumpUtils.checkDumpPermission(mContext, TAG, rawWriter)) return;
long duration = DateUtils.DAY_IN_MILLIS; long duration = DateUtils.DAY_IN_MILLIS;
final HashSet<String> argSet = new HashSet<String>(); final HashSet<String> argSet = new HashSet<String>();