From 3abd75ba3a981850cac43a401d0014a836559cb0 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Thu, 29 Sep 2011 11:00:41 -0700
Subject: Add DUMP permission checks to services

Some services have info that is not readily available any other way. Add
a permission check to those services.

Bug: 5389201
Change-Id: I5a9724ec89e1c11ef7813eeb52a6a05b3ea92af5
---
 core/java/android/accounts/AccountManagerService.java | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'core/java/android/accounts/AccountManagerService.java')

diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java
index 173da8d..91def67 100644
--- a/core/java/android/accounts/AccountManagerService.java
+++ b/core/java/android/accounts/AccountManagerService.java
@@ -1811,6 +1811,14 @@ public class AccountManagerService
     }
 
     protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) {
+        if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
+                != PackageManager.PERMISSION_GRANTED) {
+            fout.println("Permission Denial: can't dump AccountsManager from from pid="
+                    + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()
+                    + " without permission " + android.Manifest.permission.DUMP);
+            return;
+        }
+
         synchronized (mCacheLock) {
             final SQLiteDatabase db = mOpenHelper.getReadableDatabase();
 
-- 
cgit v1.1