commit fe9a53bc45fd0124a876dc0a49680aaf86641d3e
author Jeff Sharkey <jsharkey@android.com> Fri Mar 31 14:08:23 2017 -0600
committer Jeff Sharkey <jsharkey@android.com> Sun Apr 02 22:29:07 2017 -0600
tree 56d1ea4b6f0fe98fa628a72f197cefa0fbabcb22
parent 21a5edcc24cbca1ae3f0855d71737b22ab81ad6d

Consistent dump() permission checking.

This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access.  It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca

services/core/java/com/android/server/pm/ShortcutService.java

diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java
index a5b739e..6ddd3b3 100644
--- a/services/core/java/com/android/server/pm/ShortcutService.java
+++ b/services/core/java/com/android/server/pm/ShortcutService.java
@@ -96,6 +96,7 @@
 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.os.BackgroundThread;
+import com.android.internal.util.DumpUtils;
 import com.android.internal.util.FastXmlSerializer;
 import com.android.internal.util.Preconditions;
 import com.android.server.LocalServices;
@@ -3447,8 +3448,7 @@
 
     @Override
     public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
-        enforceCallingOrSelfPermission(android.Manifest.permission.DUMP,
-                "can't dump by this caller");
+        if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
         boolean checkin = false;
         boolean clear = false;
         if (args != null) {