commit 29aa30e56c0e0ffb3f4a91c4212bb9c5d7eb9d03
author Kenny Guy <kennyguy@google.com> Thu Nov 30 13:43:46 2017 +0000
committer Kenny Guy <kennyguy@google.com> Thu Nov 30 15:00:38 2017 +0000
tree ad6f97603a6bb3e7bcc1e0d974b2ce6af482933b
parent 05013b377266f9e4e2651c6aa819960479dc3676

Limit access to package names in brightness slider data.

Only allow access to package names if the calling package
has PACKAGE_USAGE_STATS.

Bug: 69405990
Test: runtest -c com.android.server.display.BrightnessTrackerTest frameworks-services
Change-Id: I1c924d408a7c74620b9aa9d672c99a6424bb85ca

services/core/java/com/android/server/display/DisplayManagerService.java

diff --git a/services/core/java/com/android/server/display/DisplayManagerService.java b/services/core/java/com/android/server/display/DisplayManagerService.java
index 379aaad..19a74d7 100644
--- a/services/core/java/com/android/server/display/DisplayManagerService.java
+++ b/services/core/java/com/android/server/display/DisplayManagerService.java
@@ -29,6 +29,7 @@
 
 import android.Manifest;
 import android.annotation.NonNull;
+import android.app.AppOpsManager;
 import android.content.Context;
 import android.content.pm.PackageManager;
 import android.content.pm.ParceledListSlice;
@@ -1752,14 +1753,30 @@
         }
 
         @Override // Binder call
-        public ParceledListSlice<BrightnessChangeEvent> getBrightnessEvents() {
+        public ParceledListSlice<BrightnessChangeEvent> getBrightnessEvents(String callingPackage) {
             mContext.enforceCallingOrSelfPermission(
                     Manifest.permission.BRIGHTNESS_SLIDER_USAGE,
                     "Permission to read brightness events.");
-            int userId = UserHandle.getUserId(Binder.getCallingUid());
+
+            final int callingUid = Binder.getCallingUid();
+            AppOpsManager appOpsManager = mContext.getSystemService(AppOpsManager.class);
+            final int mode = appOpsManager.checkOp(AppOpsManager.OP_GET_USAGE_STATS,
+                    callingUid, callingPackage);
+            final boolean hasUsageStats;
+            if (mode == AppOpsManager.MODE_DEFAULT) {
+                // The default behavior here is to check if PackageManager has given the app
+                // permission.
+                hasUsageStats = mContext.checkCallingPermission(
+                        Manifest.permission.PACKAGE_USAGE_STATS)
+                        == PackageManager.PERMISSION_GRANTED;
+            } else {
+                hasUsageStats = mode == AppOpsManager.MODE_ALLOWED;
+            }
+
+            final int userId = UserHandle.getUserId(callingUid);
             final long token = Binder.clearCallingIdentity();
             try {
-                return mBrightnessTracker.getEvents(userId);
+                return mBrightnessTracker.getEvents(userId, hasUsageStats);
             } finally {
                 Binder.restoreCallingIdentity(token);
             }