Protect usage data with OP_GET_USAGE_STATS.

APIs that return package usage data (such as the new StatsManager) must ensure that callers hold both the PACKAGE_USAGE_STATS permission and the OP_GET_USAGE_STATS app-op. Add noteOp() method that can be called from native code. Also add missing security checks on shell commands. Bug: 77662908 Test: builds, boots Change-Id: I15efd6f5dde61e807269b5132a052548ea4e800f
author: Jeff Sharkey <jsharkey@android.com> 2018-04-09 12:58:40 -0600
committer: Jeff Sharkey <jsharkey@android.com> 2018-04-16 10:29:24 -0600
commit: 7afcb3f98e7342985ba5e62bf6d3a5ac1282e545 (patch)
tree: c88a2ffdb3cad1bfcb4fb1d542a94770bb61456f /libs/binder/IPermissionController.cpp
parent: 4610a203244af7dabde0a89792568a03d26d4b36 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/libs/binder/IPermissionController.cpp b/libs/binder/IPermissionController.cpp
index ef67ab8dd2..89ebc6c1aa 100644
--- a/libs/binder/IPermissionController.cpp
+++ b/libs/binder/IPermissionController.cpp
@@ -49,6 +49,19 @@ public:
         return reply.readInt32() != 0;
     }
 
+    virtual int32_t noteOp(const String16& op, int32_t uid, const String16& packageName)
+    {
+        Parcel data, reply;
+        data.writeInterfaceToken(IPermissionController::getInterfaceDescriptor());
+        data.writeString16(op);
+        data.writeInt32(uid);
+        data.writeString16(packageName);
+        remote()->transact(NOTE_OP_TRANSACTION, data, &reply);
+        // fail on exception
+        if (reply.readExceptionCode() != 0) return 2; // MODE_ERRORED
+        return reply.readInt32();
+    }
+
     virtual void getPackagesForUid(const uid_t uid, Vector<String16>& packages)
     {
         Parcel data, reply;
@@ -111,6 +124,17 @@ status_t BnPermissionController::onTransact(
             return NO_ERROR;
         } break;
 
+        case NOTE_OP_TRANSACTION: {
+            CHECK_INTERFACE(IPermissionController, data, reply);
+            String16 op = data.readString16();
+            int32_t uid = data.readInt32();
+            String16 packageName = data.readString16();
+            int32_t res = noteOp(op, uid, packageName);
+            reply->writeNoException();
+            reply->writeInt32(res);
+            return NO_ERROR;
+        } break;
+
         case GET_PACKAGES_FOR_UID_TRANSACTION: {
             CHECK_INTERFACE(IPermissionController, data, reply);
             int32_t uid = data.readInt32();
author	Jeff Sharkey <jsharkey@android.com>	2018-04-09 12:58:40 -0600
committer	Jeff Sharkey <jsharkey@android.com>	2018-04-16 10:29:24 -0600
commit	7afcb3f98e7342985ba5e62bf6d3a5ac1282e545 (patch)
tree	c88a2ffdb3cad1bfcb4fb1d542a94770bb61456f /libs/binder/IPermissionController.cpp
parent	4610a203244af7dabde0a89792568a03d26d4b36 (diff)