commit fe9a53bc45fd0124a876dc0a49680aaf86641d3e
author Jeff Sharkey <jsharkey@android.com> Fri Mar 31 14:08:23 2017 -0600
committer Jeff Sharkey <jsharkey@android.com> Sun Apr 02 22:29:07 2017 -0600
tree 56d1ea4b6f0fe98fa628a72f197cefa0fbabcb22
parent 21a5edcc24cbca1ae3f0855d71737b22ab81ad6d

Consistent dump() permission checking.

This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access.  It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca

services/core/java/com/android/server/location/ContextHubService.java

diff --git a/services/core/java/com/android/server/location/ContextHubService.java b/services/core/java/com/android/server/location/ContextHubService.java
index 0a15db6..5e9f355 100644
--- a/services/core/java/com/android/server/location/ContextHubService.java
+++ b/services/core/java/com/android/server/location/ContextHubService.java
@@ -31,6 +31,8 @@
 import android.os.RemoteException;
 import android.util.Log;
 
+import com.android.internal.util.DumpUtils;
+
 import java.io.FileDescriptor;
 import java.io.PrintWriter;
 import java.nio.ByteBuffer;
@@ -242,11 +244,7 @@
 
     @Override
     protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
-        if (mContext.checkCallingOrSelfPermission("android.permission.DUMP")
-            != PackageManager.PERMISSION_GRANTED) {
-            pw.println("Permission Denial: can't dump contexthub service");
-            return;
-        }
+        if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
 
         pw.println("Dumping ContextHub Service");