Fix dump() without ACCESS_KEYGUARD_SECURE_STORAGE - platform/frameworks/base

diff options

author	Eric Biggers <ebiggers@google.com>	2023-03-06 18:25:07 +0000
committer	Eric Biggers <ebiggers@google.com>	2023-03-06 18:53:22 +0000
commit	3766125b0b621604e194036ade3a909357dbccc5 (patch)
tree	2091b5b78cd860743be05c0c3681af9825fd0942 /libs/androidfw/StringPool.cpp
parent	aeba6853935797f84d6d41630bad566bdcb2f0fd (diff)

Fix dump() without ACCESS_KEYGUARD_SECURE_STORAGE

The only permission that LockSettingsService#dump() is meant to require is DUMP. As per the usual practice, the Binder calling identity should be cleared after the permission check so that unwanted permission checks don't happen deeper in the call stack. This fixes commit b0bcbce79c5d ("Lock down the ability to read from the locksettings database") (http://ag/21025749), which had unintentionally made dump() start requiring ACCESS_KEYGUARD_SECURE_STORAGE. The error message received was the following: Security exception: uid=2000 needs permission android.permission.ACCESS_KEYGUARD_SECURE_STORAGE to read sp-handle for user 0 Bug: 256170784 Test: adb shell dumpsys lock_settings # without adb root Change-Id: Ie5e75e925dd4ffdda0cda3c3a58a6503ba44f54c

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: