Consistent dump() permission checking.
This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.
Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
diff --git a/services/core/java/com/android/server/NetworkScoreService.java b/services/core/java/com/android/server/NetworkScoreService.java
index 78c0fe6..a5debda 100644
--- a/services/core/java/com/android/server/NetworkScoreService.java
+++ b/services/core/java/com/android/server/NetworkScoreService.java
@@ -69,6 +69,7 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.content.PackageMonitor;
import com.android.internal.os.TransferPipe;
+import com.android.internal.util.DumpUtils;
import java.io.FileDescriptor;
import java.io.IOException;
@@ -925,7 +926,7 @@
@Override
protected void dump(final FileDescriptor fd, final PrintWriter writer, final String[] args) {
- mContext.enforceCallingOrSelfPermission(permission.DUMP, TAG);
+ if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return;
final long token = Binder.clearCallingIdentity();
try {
NetworkScorerAppData currentScorer = mNetworkScorerAppManager.getActiveScorer();