Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6df866a8 authored Mar 31, 2017 by Jeff Sharkey

Enforce PACKAGE_USAGE_STATS for usage data.

Some system services are offering package usage data through both
public/system APIs and through dump() calls.  In principle, usage
data hould always be protected with PACKAGE_USAGE_STATS, so start
enforcing that.  (Otherwise if a user blocked PACKAGE_USAGE_STATS
access to an app, that app could still obtain the data via dump()
if they held the DUMP permission.)

Bottom line, let's respect the user's wishes.

Protecting the entire output like this is pretty blunt, but future
CLs can add more nuance to the output if desired.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: I46173562713bea7d89e12a4313c78eb52ea8d77d

parent fe9a53bc

services/backup/java/com/android/server/backup/BackupManagerService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -11139,7 +11139,7 @@ if (MORE_DEBUG) Slog.v(TAG, " + got " + nRead + "; now wanting " + (size - soF
		}

		public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
		if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
		if (!DumpUtils.checkDumpAndUsageStatsPermission(mContext, TAG, pw)) return;

		long identityToken = Binder.clearCallingIdentity();
		try {

services/core/java/com/android/server/AlarmManagerService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -1385,7 +1385,7 @@ class AlarmManagerService extends SystemService {

		@Override
		protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
		if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return;
		if (!DumpUtils.checkDumpAndUsageStatsPermission(getContext(), TAG, pw)) return;
		dumpImpl(pw);
		}
		};

services/core/java/com/android/server/AppOpsService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -2029,7 +2029,7 @@ public class AppOpsService extends IAppOpsService.Stub {

		@Override
		protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
		if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
		if (!DumpUtils.checkDumpAndUsageStatsPermission(mContext, TAG, pw)) return;

		if (args != null) {
		for (int i=0; i<args.length; i++) {

services/core/java/com/android/server/DiskStatsService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -63,7 +63,7 @@ public class DiskStatsService extends Binder {

		@Override
		protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
		if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
		if (!DumpUtils.checkDumpAndUsageStatsPermission(mContext, TAG, pw)) return;

		// Run a quick-and-dirty performance test: write 512 bytes
		byte[] junk = new byte[512];

services/core/java/com/android/server/DropBoxManagerService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -351,7 +351,7 @@ public final class DropBoxManagerService extends SystemService {
		}

		public synchronized void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
		if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return;
		if (!DumpUtils.checkDumpAndUsageStatsPermission(getContext(), TAG, pw)) return;

		try {
		init();