From e6ee3be1c254404dad842298f6f56c11cc6c7ac8 Mon Sep 17 00:00:00 2001 From: Nick Pelly Date: Thu, 8 Oct 2009 23:27:28 +0200 Subject: BT API security audit: fix a couple of permission mistakes. Make functions that are meant to be BLUETOOTH_ADMIN really BLUETOOTH_ADMIN. Add some missing javadoc for permissions. The only functional change here is the BLUETOOTH->BLUETOOTH_ADMIN changes. This is super safe because every system app that uses BT has both permissions. Change-Id: Iddc61f9fd5d81fe0171358665a0fa52f2fa02871 DrNo: eastham Joke: How do you catch a rabbit? Hide behind a tree and make carrott noises. --- core/java/android/server/BluetoothService.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'core/java/android/server') diff --git a/core/java/android/server/BluetoothService.java b/core/java/android/server/BluetoothService.java index 7ebd91d..f0bd249 100644 --- a/core/java/android/server/BluetoothService.java +++ b/core/java/android/server/BluetoothService.java @@ -191,10 +191,10 @@ public class BluetoothService extends IBluetooth.Stub { /** * Bring down bluetooth. Returns true on success. * - * @param saveSetting If true, disable BT in settings + * @param saveSetting If true, persist the new setting */ public synchronized boolean disable(boolean saveSetting) { - mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission"); + mContext.enforceCallingOrSelfPermission(BLUETOOTH_ADMIN_PERM, "Need BLUETOOTH_ADMIN permission"); switch (mBluetoothState) { case BluetoothAdapter.STATE_OFF: @@ -1013,7 +1013,8 @@ public class BluetoothService extends IBluetooth.Stub { */ public synchronized boolean setTrust(String address, boolean value) { if (!BluetoothAdapter.checkBluetoothAddress(address)) { - mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission"); + mContext.enforceCallingOrSelfPermission(BLUETOOTH_ADMIN_PERM, + "Need BLUETOOTH_ADMIN permission"); return false; } -- cgit v1.1