commit 6df866a8510af2776c48425a361f708ae7f5d7d6
author Jeff Sharkey <jsharkey@android.com> Fri Mar 31 14:08:23 2017 -0600
committer Jeff Sharkey <jsharkey@android.com> Sun Apr 02 22:29:07 2017 -0600
tree 1e1db7717b7a7dc6e030c2f2eefb6c01ce541893
parent fe9a53bc45fd0124a876dc0a49680aaf86641d3e

Enforce PACKAGE_USAGE_STATS for usage data.

Some system services are offering package usage data through both
public/system APIs and through dump() calls.  In principle, usage
data hould always be protected with PACKAGE_USAGE_STATS, so start
enforcing that.  (Otherwise if a user blocked PACKAGE_USAGE_STATS
access to an app, that app could still obtain the data via dump()
if they held the DUMP permission.)

Bottom line, let's respect the user's wishes.

Protecting the entire output like this is pretty blunt, but future
CLs can add more nuance to the output if desired.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: I46173562713bea7d89e12a4313c78eb52ea8d77d

services/core/java/com/android/server/AlarmManagerService.java

diff --git a/services/core/java/com/android/server/AlarmManagerService.java b/services/core/java/com/android/server/AlarmManagerService.java
index efb33ee..8b32c16 100644
--- a/services/core/java/com/android/server/AlarmManagerService.java
+++ b/services/core/java/com/android/server/AlarmManagerService.java
@@ -1385,7 +1385,7 @@
 
         @Override
         protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
-            if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return;
+            if (!DumpUtils.checkDumpAndUsageStatsPermission(getContext(), TAG, pw)) return;
             dumpImpl(pw);
         }
     };