Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07964b49 authored by Nikita Ioffe's avatar Nikita Ioffe
Browse files

Add a whitelist to control packages that can use Bugreporting API 

Test: checked SecurityException is thrown for my custom app
Test: whiltelisted my custom app, checked no SecurityException is thrown
Bug: 126541701
Change-Id: Id0b61ccc1adf40bcb455d3b59b640f4b160bdd84
parent ea5e754c

core/java/com/android/server/SystemConfig.java

+15 −0
Original line number Diff line number Diff line
@@ -206,6 +206,8 @@ public class SystemConfig { 
    // associate with any other apps, but does not limit what apps B can associate with.

    final ArrayMap<String, ArraySet<String>> mAllowedAssociations = new ArrayMap<>();



    private final ArraySet<String> mBugreportWhitelistedPackages = new ArraySet<>();



    public static SystemConfig getInstance() {

        synchronized (SystemConfig.class) {

            if (sInstance == null) {
@@ -339,6 +341,10 @@ public class SystemConfig { 
        return mAllowedAssociations;

    }



    public ArraySet<String> getBugreportWhitelistedPackages() {

        return mBugreportWhitelistedPackages;

    }



    SystemConfig() {

        // Read configuration from system

        readPermissions(Environment.buildPath(
@@ -924,6 +930,15 @@ public class SystemConfig { 
                        }

                        XmlUtils.skipCurrentTag(parser);

                    } break;

                    case "bugreport-whitelisted": {

                        String pkgname = parser.getAttributeValue(null, "package");

                        if (pkgname == null) {

                            Slog.w(TAG, "<" + name + "> without package in " + permFile

                                    + " at " + parser.getPositionDescription());

                        } else {

                            mBugreportWhitelistedPackages.add(pkgname);

                        }

                    } break;

                    default: {

                        Slog.w(TAG, "Tag " + name + " is unknown in "

                                + permFile + " at " + parser.getPositionDescription());

services/core/java/com/android/server/os/BugreportManagerServiceImpl.java

+9 −0
Original line number Diff line number Diff line
@@ -31,10 +31,12 @@ import android.os.ServiceManager; 
import android.os.SystemClock;

import android.os.SystemProperties;

import android.os.UserManager;

import android.util.ArraySet;

import android.util.Slog;



import com.android.internal.annotations.GuardedBy;

import com.android.internal.util.Preconditions;

import com.android.server.SystemConfig;



import java.io.FileDescriptor;
@@ -55,10 +57,13 @@ class BugreportManagerServiceImpl extends IDumpstate.Stub { 
    private final Object mLock = new Object();

    private final Context mContext;

    private final AppOpsManager mAppOps;

    private final ArraySet<String> mBugreportWhitelistedPackages;



    BugreportManagerServiceImpl(Context context) {

        mContext = context;

        mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);

        mBugreportWhitelistedPackages =

                SystemConfig.getInstance().getBugreportWhitelistedPackages();

    }



    @Override
@@ -88,6 +93,10 @@ class BugreportManagerServiceImpl extends IDumpstate.Stub { 
        int callingUid = Binder.getCallingUid();

        mAppOps.checkPackage(callingUid, callingPackage);



        if (!mBugreportWhitelistedPackages.contains(callingPackage)) {

            throw new SecurityException(

                    callingPackage + " is not whitelisted to use Bugreport API");

        }

        synchronized (mLock) {

            startBugreportLocked(callingUid, callingPackage, bugreportFd, screenshotFd,

                    bugreportMode, listener);