Add DUMP permission checks to services

Some services have info that is not readily available any other way. Add a permission check to those services. Bug: 5389201 Change-Id: I5a9724ec89e1c11ef7813eeb52a6a05b3ea92af5
author: Kenny Root <kroot@google.com> 2011-09-29 11:00:41 -0700
committer: Kenny Root <kroot@google.com> 2011-09-29 11:04:15 -0700
commit: 3abd75ba3a981850cac43a401d0014a836559cb0 (patch)
tree: fe163a35d5f394f8304288b4722e2a674bac553f
parent: b9c13d091efde4865ed5cfaf1c5a17b0bb17a38e (diff)
download: frameworks_base-3abd75ba3a981850cac43a401d0014a836559cb0.zip
frameworks_base-3abd75ba3a981850cac43a401d0014a836559cb0.tar.gz
frameworks_base-3abd75ba3a981850cac43a401d0014a836559cb0.tar.bz2
4 files changed, 50 insertions, 0 deletions
diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java
index 173da8d..91def67 100644
--- a/core/java/android/accounts/AccountManagerService.java
+++ b/core/java/android/accounts/AccountManagerService.java
@@ -1811,6 +1811,14 @@ public class AccountManagerService
     }
 
     protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) {
+        if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
+                != PackageManager.PERMISSION_GRANTED) {
+            fout.println("Permission Denial: can't dump AccountsManager from from pid="
+                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                    + " without permission " + android.Manifest.permission.DUMP);
+            return;
+        }
+
         synchronized (mCacheLock) {
             final SQLiteDatabase db = mOpenHelper.getReadableDatabase();
 
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
index 2942c28..d038d76 100644
--- a/services/java/com/android/server/am/ActivityManagerService.java
+++ b/services/java/com/android/server/am/ActivityManagerService.java
@@ -1318,6 +1318,14 @@ public final class ActivityManagerService extends ActivityManagerNative
 
         @Override
         protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+            if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP)
+                    != PackageManager.PERMISSION_GRANTED) {
+                pw.println("Permission Denial: can't dump meminfo from from pid="
+                        + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                        + " without permission " + android.Manifest.permission.DUMP);
+                return;
+            }
+
             mActivityManagerService.dumpApplicationMemoryUsage(fd, pw, "  ", args);
         }
     }
@@ -1330,6 +1338,14 @@ public final class ActivityManagerService extends ActivityManagerNative
 
         @Override
         protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+            if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP)
+                    != PackageManager.PERMISSION_GRANTED) {
+                pw.println("Permission Denial: can't dump gfxinfo from from pid="
+                        + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                        + " without permission " + android.Manifest.permission.DUMP);
+                return;
+            }
+
             mActivityManagerService.dumpGraphicsHardwareUsage(fd, pw, args);
         }
     }
@@ -1342,6 +1358,14 @@ public final class ActivityManagerService extends ActivityManagerNative
 
         @Override
         protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+            if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP)
+                    != PackageManager.PERMISSION_GRANTED) {
+                pw.println("Permission Denial: can't dump cpuinfo from from pid="
+                        + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                        + " without permission " + android.Manifest.permission.DUMP);
+                return;
+            }
+
             synchronized (mActivityManagerService.mProcessStatsThread) {
                 pw.print(mActivityManagerService.mProcessStats.printCurrentLoad());
                 pw.print(mActivityManagerService.mProcessStats.printCurrentState(
diff --git a/services/java/com/android/server/am/BatteryStatsService.java b/services/java/com/android/server/am/BatteryStatsService.java
index 226723f..b44dc8a 100644
--- a/services/java/com/android/server/am/BatteryStatsService.java
+++ b/services/java/com/android/server/am/BatteryStatsService.java
@@ -21,6 +21,7 @@ import android.bluetooth.BluetoothHeadset;
 import android.bluetooth.BluetoothProfile;
 import android.content.Context;
 import android.content.pm.ApplicationInfo;
+import android.content.pm.PackageManager;
 import android.os.Binder;
 import android.os.IBinder;
 import android.os.Parcel;
@@ -457,6 +458,14 @@ public final class BatteryStatsService extends IBatteryStats.Stub {
 
     @Override
     protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+        if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
+                != PackageManager.PERMISSION_GRANTED) {
+            pw.println("Permission Denial: can't dump BatteryStats from from pid="
+                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                    + " without permission " + android.Manifest.permission.DUMP);
+            return;
+        }
+
         boolean isCheckin = false;
         boolean noOutput = false;
         if (args != null) {
diff --git a/services/java/com/android/server/am/UsageStatsService.java b/services/java/com/android/server/am/UsageStatsService.java
index 0d36d69..e810e3c 100644
--- a/services/java/com/android/server/am/UsageStatsService.java
+++ b/services/java/com/android/server/am/UsageStatsService.java
@@ -19,6 +19,7 @@ package com.android.server.am;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
 import android.os.Binder;
 import android.os.IBinder;
 import android.os.FileUtils;
@@ -1034,6 +1035,14 @@ public final class UsageStatsService extends IUsageStats.Stub {
      * The data persisted to file is parsed and the stats are computed. 
      */
     protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+        if (mContext.checkCallingPermission(android.Manifest.permission.DUMP)
+                != PackageManager.PERMISSION_GRANTED) {
+            pw.println("Permission Denial: can't dump UsageStats from from pid="
+                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                    + " without permission " + android.Manifest.permission.DUMP);
+            return;
+        }
+
         final boolean isCheckinRequest = scanArgs(args, "--checkin");
         final boolean isCompactOutput = isCheckinRequest || scanArgs(args, "-c");
         final boolean deleteAfterPrint = isCheckinRequest || scanArgs(args, "-d");
author	Kenny Root <kroot@google.com>	2011-09-29 11:00:41 -0700
committer	Kenny Root <kroot@google.com>	2011-09-29 11:04:15 -0700
commit	3abd75ba3a981850cac43a401d0014a836559cb0 (patch)
tree	fe163a35d5f394f8304288b4722e2a674bac553f
parent	b9c13d091efde4865ed5cfaf1c5a17b0bb17a38e (diff)
download	frameworks_base-3abd75ba3a981850cac43a401d0014a836559cb0.zip frameworks_base-3abd75ba3a981850cac43a401d0014a836559cb0.tar.gz frameworks_base-3abd75ba3a981850cac43a401d0014a836559cb0.tar.bz2