Update the permission check for dump

ServicePermissionsTest#testDumpProtected expects to see nothing
from dump() if the caller does not have the required permission.

After the refactor the ConnectivityService#dump(). It does not
leak real information for those callers without permission but
show the title of dumpsys, i.e. it shows "DUMP OF SERVICE HIGH
connectivity". This breaks the test since the test expects to
see nothing.

Move the permission check to the front of dump call stack since
there is no way to call other private dump related methods.

Bug: 185425662
Test: atest android.security.cts.ServicePermissionsTest
Test: adb shell dumpsys connectivity
Change-Id: I173c968a4f1c4d6f618ed87725a6ccda8d309988

1 files changed, 2 insertions, 1 deletions

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index efb376863c27..a1e3d326bf29 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -2789,6 +2789,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
     @Override
     protected void dump(@NonNull FileDescriptor fd, @NonNull PrintWriter writer,
             @Nullable String[] args) {
+        if (!checkDumpPermission(mContext, TAG, writer)) return;
+
         mPriorityDumper.dump(fd, writer, args);
     }
 
@@ -2806,7 +2808,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
 
     private void doDump(FileDescriptor fd, PrintWriter writer, String[] args) {
         final IndentingPrintWriter pw = new IndentingPrintWriter(writer, "  ");
-        if (!checkDumpPermission(mContext, TAG, pw)) return;
 
         if (CollectionUtils.contains(args, DIAG_ARG)) {
             dumpNetworkDiagnostics(pw);