Fix dump() without ACCESS_KEYGUARD_SECURE_STORAGE
The only permission that LockSettingsService#dump() is meant to require is DUMP. As per the usual practice, the Binder calling identity should be cleared after the permission check so that unwanted permission checks don't happen deeper in the call stack. This fixes commit b0bcbce7 ("Lock down the ability to read from the locksettings database") (http://ag/21025749), which had unintentionally made dump() start requiring ACCESS_KEYGUARD_SECURE_STORAGE. The error message received was the following: Security exception: uid=2000 needs permission android.permission.ACCESS_KEYGUARD_SECURE_STORAGE to read sp-handle for user 0 Bug: 256170784 Test: adb shell dumpsys lock_settings # without adb root Change-Id: Ie5e75e925dd4ffdda0cda3c3a58a6503ba44f54c
Loading
Please register or sign in to comment