Protect system services with DUMP permission.
Change-Id: I5e53859f8b8e5473e54eca43ebd7de841f1a05ff
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index a0d5beb..a3768c6 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -5714,6 +5714,8 @@
@Override
public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
long identityToken = Binder.clearCallingIdentity();
try {
dumpInternal(pw);
@@ -5723,16 +5725,6 @@
}
private void dumpInternal(PrintWriter pw) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
- != PackageManager.PERMISSION_GRANTED) {
- pw.println("Permission Denial: can't dump Backup Manager service from from pid="
- + Binder.getCallingPid()
- + ", uid=" + Binder.getCallingUid()
- + " without permission "
- + android.Manifest.permission.DUMP);
- return;
- }
-
synchronized (mQueueLock) {
pw.println("Backup Manager is " + (mEnabled ? "enabled" : "disabled")
+ " / " + (!mProvisioned ? "not " : "") + "provisioned / "
diff --git a/services/java/com/android/server/CountryDetectorService.java b/services/java/com/android/server/CountryDetectorService.java
index 3112b50..fc76277 100644
--- a/services/java/com/android/server/CountryDetectorService.java
+++ b/services/java/com/android/server/CountryDetectorService.java
@@ -212,6 +212,8 @@
@SuppressWarnings("unused")
@Override
protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
if (!DEBUG) return;
try {
final Printer p = new PrintWriterPrinter(fout);
diff --git a/services/java/com/android/server/DiskStatsService.java b/services/java/com/android/server/DiskStatsService.java
index 8ef974a..ac25dc5 100644
--- a/services/java/com/android/server/DiskStatsService.java
+++ b/services/java/com/android/server/DiskStatsService.java
@@ -34,6 +34,8 @@
* statistics about the status of the disk.
*/
public class DiskStatsService extends Binder {
+ private static final String TAG = "DiskStatsService";
+
private final Context mContext;
public DiskStatsService(Context context) {
@@ -42,7 +44,7 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
- // This data is accessible to any app -- no permission check needed.
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
// Run a quick-and-dirty performance test: write 512 bytes
byte[] junk = new byte[512];
diff --git a/services/java/com/android/server/SamplingProfilerService.java b/services/java/com/android/server/SamplingProfilerService.java
index 61267d0..0034d2c 100644
--- a/services/java/com/android/server/SamplingProfilerService.java
+++ b/services/java/com/android/server/SamplingProfilerService.java
@@ -39,9 +39,11 @@
private static final boolean LOCAL_LOGV = false;
public static final String SNAPSHOT_DIR = SamplingProfilerIntegration.SNAPSHOT_DIR;
+ private final Context mContext;
private FileObserver snapshotObserver;
public SamplingProfilerService(Context context) {
+ mContext = context;
registerSettingObserver(context);
startWorking(context);
}
@@ -94,6 +96,8 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
+
pw.println("SamplingProfilerService:");
pw.println("Watching directory: " + SNAPSHOT_DIR);
}