Protect system services with DUMP permission.
Change-Id: I5e53859f8b8e5473e54eca43ebd7de841f1a05ff
diff --git a/core/java/android/server/BluetoothA2dpService.java b/core/java/android/server/BluetoothA2dpService.java
index c4cb3a5..300bc68 100644
--- a/core/java/android/server/BluetoothA2dpService.java
+++ b/core/java/android/server/BluetoothA2dpService.java
@@ -588,6 +588,8 @@
@Override
protected synchronized void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
if (mAudioDevices.isEmpty()) return;
pw.println("Cached audio devices:");
for (BluetoothDevice device : mAudioDevices.keySet()) {
diff --git a/core/java/android/server/BluetoothService.java b/core/java/android/server/BluetoothService.java
index 7a97455..a420734 100755
--- a/core/java/android/server/BluetoothService.java
+++ b/core/java/android/server/BluetoothService.java
@@ -1775,6 +1775,8 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
if (getBluetoothStateInternal() != BluetoothAdapter.STATE_ON) {
return;
}
diff --git a/core/java/android/service/dreams/DreamManagerService.java b/core/java/android/service/dreams/DreamManagerService.java
index 8712fa2..4a14ced 100644
--- a/core/java/android/service/dreams/DreamManagerService.java
+++ b/core/java/android/service/dreams/DreamManagerService.java
@@ -169,6 +169,8 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
pw.println("Dreamland:");
pw.print(" component="); pw.println(mCurrentDreamComponent);
pw.print(" token="); pw.println(mCurrentDreamToken);
diff --git a/media/java/android/media/AudioService.java b/media/java/android/media/AudioService.java
index 48d3712..afd2824 100644
--- a/media/java/android/media/AudioService.java
+++ b/media/java/android/media/AudioService.java
@@ -4085,6 +4085,8 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
// TODO probably a lot more to do here than just the audio focus and remote control stacks
dumpFocusStack(pw);
dumpRCStack(pw);
diff --git a/packages/SystemUI/src/com/android/systemui/SystemUIService.java b/packages/SystemUI/src/com/android/systemui/SystemUIService.java
index 1ae15be..ae568f8 100644
--- a/packages/SystemUI/src/com/android/systemui/SystemUIService.java
+++ b/packages/SystemUI/src/com/android/systemui/SystemUIService.java
@@ -111,14 +111,6 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
- if (checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
- != PackageManager.PERMISSION_GRANTED) {
- pw.println("Permission Denial: can't dump StatusBar from from pid="
- + Binder.getCallingPid()
- + ", uid=" + Binder.getCallingUid());
- return;
- }
-
if (args == null || args.length == 0) {
for (SystemUI ui: mServices) {
pw.println("dumping service: " + ui.getClass().getName());
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index a0d5beb..a3768c6 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -5714,6 +5714,8 @@
@Override
public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
long identityToken = Binder.clearCallingIdentity();
try {
dumpInternal(pw);
@@ -5723,16 +5725,6 @@
}
private void dumpInternal(PrintWriter pw) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
- != PackageManager.PERMISSION_GRANTED) {
- pw.println("Permission Denial: can't dump Backup Manager service from from pid="
- + Binder.getCallingPid()
- + ", uid=" + Binder.getCallingUid()
- + " without permission "
- + android.Manifest.permission.DUMP);
- return;
- }
-
synchronized (mQueueLock) {
pw.println("Backup Manager is " + (mEnabled ? "enabled" : "disabled")
+ " / " + (!mProvisioned ? "not " : "") + "provisioned / "
diff --git a/services/java/com/android/server/CountryDetectorService.java b/services/java/com/android/server/CountryDetectorService.java
index 3112b50..fc76277 100644
--- a/services/java/com/android/server/CountryDetectorService.java
+++ b/services/java/com/android/server/CountryDetectorService.java
@@ -212,6 +212,8 @@
@SuppressWarnings("unused")
@Override
protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
if (!DEBUG) return;
try {
final Printer p = new PrintWriterPrinter(fout);
diff --git a/services/java/com/android/server/DiskStatsService.java b/services/java/com/android/server/DiskStatsService.java
index 8ef974a..ac25dc5 100644
--- a/services/java/com/android/server/DiskStatsService.java
+++ b/services/java/com/android/server/DiskStatsService.java
@@ -34,6 +34,8 @@
* statistics about the status of the disk.
*/
public class DiskStatsService extends Binder {
+ private static final String TAG = "DiskStatsService";
+
private final Context mContext;
public DiskStatsService(Context context) {
@@ -42,7 +44,7 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
- // This data is accessible to any app -- no permission check needed.
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
// Run a quick-and-dirty performance test: write 512 bytes
byte[] junk = new byte[512];
diff --git a/services/java/com/android/server/SamplingProfilerService.java b/services/java/com/android/server/SamplingProfilerService.java
index 61267d0..0034d2c 100644
--- a/services/java/com/android/server/SamplingProfilerService.java
+++ b/services/java/com/android/server/SamplingProfilerService.java
@@ -39,9 +39,11 @@
private static final boolean LOCAL_LOGV = false;
public static final String SNAPSHOT_DIR = SamplingProfilerIntegration.SNAPSHOT_DIR;
+ private final Context mContext;
private FileObserver snapshotObserver;
public SamplingProfilerService(Context context) {
+ mContext = context;
registerSettingObserver(context);
startWorking(context);
}
@@ -94,6 +96,8 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
pw.println("SamplingProfilerService:");
pw.println("Watching directory: " + SNAPSHOT_DIR);
}