diff options
73 files changed, 254 insertions, 422 deletions
diff --git a/core/java/com/android/internal/util/DumpUtils.java b/core/java/com/android/internal/util/DumpUtils.java index 64e1d109120f..4659d3c48a22 100644 --- a/core/java/com/android/internal/util/DumpUtils.java +++ b/core/java/com/android/internal/util/DumpUtils.java @@ -16,7 +16,12 @@ package com.android.internal.util; +import android.app.AppOpsManager; +import android.content.Context; +import android.content.pm.PackageManager; +import android.os.Binder; import android.os.Handler; +import android.util.Slog; import java.io.PrintWriter; import java.io.StringWriter; @@ -25,6 +30,9 @@ import java.io.StringWriter; * Helper functions for dumping the state of system services. */ public final class DumpUtils { + private static final String TAG = "DumpUtils"; + private static final boolean DEBUG = true; + private DumpUtils() { } @@ -55,4 +63,90 @@ public final class DumpUtils { public interface Dump { void dump(PrintWriter pw, String prefix); } + + private static void logMessage(PrintWriter pw, String msg) { + if (DEBUG) Slog.v(TAG, msg); + pw.println(msg); + } + + /** + * Verify that caller holds {@link android.Manifest.permission#DUMP}. + * + * @return true if access should be granted. + * @hide + */ + public static boolean checkDumpPermission(Context context, String tag, PrintWriter pw) { + if (context.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) + != PackageManager.PERMISSION_GRANTED) { + logMessage(pw, "Permission Denial: can't dump " + tag + " from from pid=" + + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() + + " due to missing android.permission.DUMP permission"); + return false; + } else { + return true; + } + } + + /** + * Verify that caller holds + * {@link android.Manifest.permission#PACKAGE_USAGE_STATS} and that they + * have {@link AppOpsManager#OP_GET_USAGE_STATS} access. + * + * @return true if access should be granted. + * @hide + */ + public static boolean checkUsageStatsPermission(Context context, String tag, PrintWriter pw) { + // System internals always get access + final int uid = Binder.getCallingUid(); + switch (uid) { + case android.os.Process.ROOT_UID: + case android.os.Process.SYSTEM_UID: + case android.os.Process.SHELL_UID: + return true; + } + + // Caller always needs to hold permission + if (context.checkCallingOrSelfPermission(android.Manifest.permission.PACKAGE_USAGE_STATS) + != PackageManager.PERMISSION_GRANTED) { + logMessage(pw, "Permission Denial: can't dump " + tag + " from from pid=" + + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() + + " due to missing android.permission.PACKAGE_USAGE_STATS permission"); + return false; + } + + // And finally, caller needs to have appops access; this is totally + // hacky, but it's the easiest way to wire this up without retrofitting + // Binder.dump() to pass through package names. + final AppOpsManager appOps = context.getSystemService(AppOpsManager.class); + final String[] pkgs = context.getPackageManager().getPackagesForUid(uid); + if (pkgs != null) { + for (String pkg : pkgs) { + if (appOps.checkOpNoThrow(AppOpsManager.OP_GET_USAGE_STATS, uid, + pkg) == AppOpsManager.MODE_ALLOWED) { + appOps.noteOp(AppOpsManager.OP_GET_USAGE_STATS, uid, pkg); + if (DEBUG) Slog.v(TAG, "Found package " + pkg + " with " + + "android:get_usage_stats access"); + return true; + } + } + } + + logMessage(pw, "Permission Denial: can't dump " + tag + " from from pid=" + + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() + + " due to android:get_usage_stats app-op not allowed"); + return false; + } + + /** + * Verify that caller holds both {@link android.Manifest.permission#DUMP} + * and {@link android.Manifest.permission#PACKAGE_USAGE_STATS}, and that + * they have {@link AppOpsManager#OP_GET_USAGE_STATS} access. + * + * @return true if access should be granted. + * @hide + */ + public static boolean checkDumpAndUsageStatsPermission(Context context, String tag, + PrintWriter pw) { + return checkDumpPermission(context, tag, pw) && checkUsageStatsPermission(context, tag, pw); + } } diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java index acaae7b298dd..087c24866146 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java @@ -104,6 +104,7 @@ import com.android.internal.R; import com.android.internal.annotations.GuardedBy; import com.android.internal.content.PackageMonitor; import com.android.internal.os.SomeArgs; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IntPair; import com.android.server.LocalServices; import com.android.server.policy.AccessibilityShortcutController; @@ -2360,7 +2361,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { @Override public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - mSecurityPolicy.enforceCallingPermission(Manifest.permission.DUMP, FUNCTION_DUMP); + if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; synchronized (mLock) { pw.println("ACCESSIBILITY MANAGER (dumpsys accessibility)"); pw.println(); @@ -3658,7 +3659,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { @Override public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - mSecurityPolicy.enforceCallingPermission(Manifest.permission.DUMP, FUNCTION_DUMP); + if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; synchronized (mLock) { pw.append("Service[label=" + mAccessibilityServiceInfo.getResolveInfo() .loadLabel(mContext.getPackageManager())); diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java index 8aa37ef2d4eb..0482e734c234 100644 --- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java +++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java @@ -97,6 +97,7 @@ import com.android.internal.appwidget.IAppWidgetHost; import com.android.internal.appwidget.IAppWidgetService; import com.android.internal.os.BackgroundThread; import com.android.internal.os.SomeArgs; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.widget.IRemoteViewsAdapterConnection; import com.android.internal.widget.IRemoteViewsFactory; @@ -714,10 +715,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, - "Permission Denial: can't dump from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { if (args.length > 0 && "--proto".equals(args[0])) { diff --git a/services/autofill/java/com/android/server/autofill/AutofillManagerService.java b/services/autofill/java/com/android/server/autofill/AutofillManagerService.java index 72d37ad10310..be14440a6a5c 100644 --- a/services/autofill/java/com/android/server/autofill/AutofillManagerService.java +++ b/services/autofill/java/com/android/server/autofill/AutofillManagerService.java @@ -60,6 +60,7 @@ import android.view.autofill.IAutoFillManagerClient; import com.android.internal.annotations.GuardedBy; import com.android.internal.os.BackgroundThread; import com.android.internal.os.IResultReceiver; +import com.android.internal.util.DumpUtils; import com.android.internal.util.Preconditions; import com.android.server.FgThread; import com.android.server.LocalServices; @@ -418,13 +419,7 @@ public final class AutofillManagerService extends SystemService { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingPermission( - Manifest.permission.DUMP) != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump autofill from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { pw.print("Disabled users: "); pw.println(mDisabledUsers); final int size = mServicesCache.size(); diff --git a/services/backup/java/com/android/server/backup/BackupManagerService.java b/services/backup/java/com/android/server/backup/BackupManagerService.java index 57d357044e5f..94bbc9984ec2 100644 --- a/services/backup/java/com/android/server/backup/BackupManagerService.java +++ b/services/backup/java/com/android/server/backup/BackupManagerService.java @@ -117,6 +117,7 @@ import android.util.StringBuilderPrinter; import com.android.internal.annotations.GuardedBy; import com.android.internal.backup.IBackupTransport; import com.android.internal.backup.IObbBackupService; +import com.android.internal.util.DumpUtils; import com.android.server.AppWidgetBackupBridge; import com.android.server.EventLogTags; import com.android.server.SystemConfig; @@ -11138,7 +11139,7 @@ if (MORE_DEBUG) Slog.v(TAG, " + got " + nRead + "; now wanting " + (size - soF } public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; long identityToken = Binder.clearCallingIdentity(); try { diff --git a/services/backup/java/com/android/server/backup/Trampoline.java b/services/backup/java/com/android/server/backup/Trampoline.java index c40f2ca0b5ac..a109e6319faa 100644 --- a/services/backup/java/com/android/server/backup/Trampoline.java +++ b/services/backup/java/com/android/server/backup/Trampoline.java @@ -35,6 +35,8 @@ import android.os.SystemProperties; import android.os.UserHandle; import android.util.Slog; +import com.android.internal.util.DumpUtils; + import java.io.File; import java.io.FileDescriptor; import java.io.IOException; @@ -372,7 +374,7 @@ public class Trampoline extends IBackupManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; BackupManagerService svc = mService; if (svc != null) { diff --git a/services/core/java/com/android/server/AlarmManagerService.java b/services/core/java/com/android/server/AlarmManagerService.java index c6af2903453c..efb33ee0edbe 100644 --- a/services/core/java/com/android/server/AlarmManagerService.java +++ b/services/core/java/com/android/server/AlarmManagerService.java @@ -80,6 +80,7 @@ import static android.app.AlarmManager.RTC; import static android.app.AlarmManager.ELAPSED_REALTIME_WAKEUP; import static android.app.AlarmManager.ELAPSED_REALTIME; +import com.android.internal.util.DumpUtils; import com.android.internal.util.LocalLog; class AlarmManagerService extends SystemService { @@ -1384,14 +1385,7 @@ class AlarmManagerService extends SystemService { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump AlarmManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; dumpImpl(pw); } }; diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java index a5e357ca91f8..422fe357132a 100644 --- a/services/core/java/com/android/server/AppOpsService.java +++ b/services/core/java/com/android/server/AppOpsService.java @@ -70,6 +70,7 @@ import com.android.internal.app.IAppOpsService; import com.android.internal.app.IAppOpsCallback; import com.android.internal.os.Zygote; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.Preconditions; import com.android.internal.util.XmlUtils; @@ -2028,13 +2029,7 @@ public class AppOpsService extends IAppOpsService.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ApOps service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; if (args != null) { for (int i=0; i<args.length; i++) { diff --git a/services/core/java/com/android/server/BatteryService.java b/services/core/java/com/android/server/BatteryService.java index fd44794b043c..83bd9ebded95 100644 --- a/services/core/java/com/android/server/BatteryService.java +++ b/services/core/java/com/android/server/BatteryService.java @@ -24,6 +24,7 @@ import android.os.ResultReceiver; import android.os.ShellCallback; import android.os.ShellCommand; import com.android.internal.app.IBatteryStats; +import com.android.internal.util.DumpUtils; import com.android.server.am.BatteryStatsService; import com.android.server.lights.Light; import com.android.server.lights.LightsManager; @@ -945,14 +946,7 @@ public final class BatteryService extends SystemService { private final class BinderService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump Battery service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; if (args.length > 0 && "--proto".equals(args[0])) { dumpProto(fd); diff --git a/services/core/java/com/android/server/BluetoothManagerService.java b/services/core/java/com/android/server/BluetoothManagerService.java index 58e86318e80e..6c4895c91f27 100644 --- a/services/core/java/com/android/server/BluetoothManagerService.java +++ b/services/core/java/com/android/server/BluetoothManagerService.java @@ -60,6 +60,7 @@ import android.provider.Settings; import android.provider.Settings.SettingNotFoundException; import android.util.Slog; +import com.android.internal.util.DumpUtils; import com.android.server.pm.PackageManagerService; import java.io.FileDescriptor; @@ -2084,7 +2085,7 @@ class BluetoothManagerService extends IBluetoothManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return; String errorMsg = null; boolean protoOut = (args.length > 0) && args[0].startsWith("--proto"); diff --git a/services/core/java/com/android/server/CommonTimeManagementService.java b/services/core/java/com/android/server/CommonTimeManagementService.java index 60b366aca5bc..07c8679a6bf5 100644 --- a/services/core/java/com/android/server/CommonTimeManagementService.java +++ b/services/core/java/com/android/server/CommonTimeManagementService.java @@ -37,6 +37,7 @@ import android.os.ServiceManager; import android.os.SystemProperties; import android.util.Log; +import com.android.internal.util.DumpUtils; import com.android.server.net.BaseNetworkObserver; /** @@ -177,13 +178,7 @@ class CommonTimeManagementService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println(String.format( - "Permission Denial: can't dump CommonTimeManagement service from from " + - "pid=%d, uid=%d", Binder.getCallingPid(), Binder.getCallingUid())); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; if (!mDetectedAtStartup) { pw.println("Native Common Time service was not detected at startup. " + diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index d02b72660709..0e752ffdb5a5 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -125,6 +125,7 @@ import com.android.internal.net.VpnConfig; import com.android.internal.net.VpnInfo; import com.android.internal.net.VpnProfile; import com.android.internal.util.AsyncChannel; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.MessageUtils; import com.android.internal.util.WakeupMessage; @@ -1927,14 +1928,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter writer, String[] args) { final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); - if (mContext.checkCallingOrSelfPermission( - android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ConnectivityService " + - "from from pid=" + Binder.getCallingPid() + ", uid=" + - Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; if (argsContain(args, "--diag")) { dumpNetworkDiagnostics(pw); diff --git a/services/core/java/com/android/server/CountryDetectorService.java b/services/core/java/com/android/server/CountryDetectorService.java index a478b2f47637..d8a2fe35c7e8 100644 --- a/services/core/java/com/android/server/CountryDetectorService.java +++ b/services/core/java/com/android/server/CountryDetectorService.java @@ -21,6 +21,7 @@ import java.io.PrintWriter; import java.util.HashMap; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.server.location.ComprehensiveCountryDetector; import android.content.Context; @@ -208,8 +209,7 @@ public class CountryDetectorService extends ICountryDetector.Stub implements Run @SuppressWarnings("unused") @Override protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); - + if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return; if (!DEBUG) return; try { final Printer p = new PrintWriterPrinter(fout); diff --git a/services/core/java/com/android/server/DeviceIdleController.java b/services/core/java/com/android/server/DeviceIdleController.java index 26b15d8ed4b1..8945952dd901 100644 --- a/services/core/java/com/android/server/DeviceIdleController.java +++ b/services/core/java/com/android/server/DeviceIdleController.java @@ -81,6 +81,7 @@ import android.view.Display; import com.android.internal.app.IBatteryStats; import com.android.internal.os.AtomicFile; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.XmlUtils; import com.android.server.am.BatteryStatsService; @@ -2879,13 +2880,7 @@ public class DeviceIdleController extends SystemService } void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump DeviceIdleController from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; if (args != null) { int userId = UserHandle.USER_SYSTEM; diff --git a/services/core/java/com/android/server/DiskStatsService.java b/services/core/java/com/android/server/DiskStatsService.java index 1bdff6be4bbe..7c51aa06e733 100644 --- a/services/core/java/com/android/server/DiskStatsService.java +++ b/services/core/java/com/android/server/DiskStatsService.java @@ -30,6 +30,7 @@ import android.util.Log; import android.util.Slog; import android.util.proto.ProtoOutputStream; +import com.android.internal.util.DumpUtils; import com.android.server.storage.DiskStatsFileLogger; import com.android.server.storage.DiskStatsLoggingService; @@ -62,7 +63,7 @@ public class DiskStatsService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; // Run a quick-and-dirty performance test: write 512 bytes byte[] junk = new byte[512]; diff --git a/services/core/java/com/android/server/DockObserver.java b/services/core/java/com/android/server/DockObserver.java index 122074ba4dac..e5a7b4e4ee23 100644 --- a/services/core/java/com/android/server/DockObserver.java +++ b/services/core/java/com/android/server/DockObserver.java @@ -35,6 +35,8 @@ import android.provider.Settings; import android.util.Log; import android.util.Slog; +import com.android.internal.util.DumpUtils; + import java.io.FileDescriptor; import java.io.FileNotFoundException; import java.io.FileReader; @@ -252,14 +254,7 @@ final class DockObserver extends SystemService { private final class BinderService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump dock observer service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; final long ident = Binder.clearCallingIdentity(); try { synchronized (mLock) { diff --git a/services/core/java/com/android/server/DropBoxManagerService.java b/services/core/java/com/android/server/DropBoxManagerService.java index 040d22cbe124..894bca35de83 100644 --- a/services/core/java/com/android/server/DropBoxManagerService.java +++ b/services/core/java/com/android/server/DropBoxManagerService.java @@ -40,6 +40,7 @@ import android.util.Slog; import libcore.io.IoUtils; import com.android.internal.os.IDropBoxManagerService; +import com.android.internal.util.DumpUtils; import java.io.BufferedOutputStream; import java.io.File; @@ -350,11 +351,7 @@ public final class DropBoxManagerService extends SystemService { } public synchronized void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: Can't dump DropBoxManagerService"); - return; - } + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; try { init(); diff --git a/services/core/java/com/android/server/GraphicsStatsService.java b/services/core/java/com/android/server/GraphicsStatsService.java index 19bedfbb3471..7283dec4096d 100644 --- a/services/core/java/com/android/server/GraphicsStatsService.java +++ b/services/core/java/com/android/server/GraphicsStatsService.java @@ -37,6 +37,8 @@ import android.util.Log; import android.view.IGraphicsStats; import android.view.IGraphicsStatsCallback; +import com.android.internal.util.DumpUtils; + import java.io.File; import java.io.FileDescriptor; import java.io.IOException; @@ -345,7 +347,7 @@ public class GraphicsStatsService extends IGraphicsStats.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return; boolean dumpProto = false; for (String str : args) { if ("--proto".equals(str)) { diff --git a/services/core/java/com/android/server/InputMethodManagerService.java b/services/core/java/com/android/server/InputMethodManagerService.java index e619e8bfc663..39bfedae69d8 100644 --- a/services/core/java/com/android/server/InputMethodManagerService.java +++ b/services/core/java/com/android/server/InputMethodManagerService.java @@ -33,6 +33,7 @@ import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.os.HandlerCaller; import com.android.internal.os.SomeArgs; import com.android.internal.os.TransferPipe; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.view.IInputContext; import com.android.internal.view.IInputMethod; @@ -4378,14 +4379,7 @@ public class InputMethodManagerService extends IInputMethodManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump InputMethodManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; IInputMethod method; ClientState client; diff --git a/services/core/java/com/android/server/LocationManagerService.java b/services/core/java/com/android/server/LocationManagerService.java index 979096e158fe..f0720f326e15 100644 --- a/services/core/java/com/android/server/LocationManagerService.java +++ b/services/core/java/com/android/server/LocationManagerService.java @@ -26,6 +26,7 @@ import com.android.internal.location.ProviderProperties; import com.android.internal.location.ProviderRequest; import com.android.internal.os.BackgroundThread; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.server.location.ActivityRecognitionProxy; import com.android.server.location.FlpHardwareProvider; import com.android.server.location.FusedProxy; @@ -3026,13 +3027,7 @@ public class LocationManagerService extends ILocationManager.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump LocationManagerService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { pw.println("Current Location Manager state:"); diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index 6f3ff10e306c..e26630bc4aee 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -79,6 +79,7 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.widget.ICheckCredentialProgressCallback; import com.android.internal.widget.ILockSettings; import com.android.internal.widget.LockPatternUtils; @@ -2178,14 +2179,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args){ - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump LockSettingsService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (this) { pw.println("Current lock settings service state:"); diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java index 74328c0b55d9..ce4efd18f578 100644 --- a/services/core/java/com/android/server/NetworkManagementService.java +++ b/services/core/java/com/android/server/NetworkManagementService.java @@ -95,6 +95,7 @@ import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.app.IBatteryStats; import com.android.internal.net.NetworkStatsFactory; +import com.android.internal.util.DumpUtils; import com.android.internal.util.HexDump; import com.android.internal.util.Preconditions; import com.android.server.NativeDaemonConnector.Command; @@ -2313,7 +2314,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("NetworkManagementService NativeDaemonConnector Log:"); mConnector.dump(fd, pw, args); diff --git a/services/core/java/com/android/server/NetworkScoreService.java b/services/core/java/com/android/server/NetworkScoreService.java index 78c0fe620dda..a5debda34a01 100644 --- a/services/core/java/com/android/server/NetworkScoreService.java +++ b/services/core/java/com/android/server/NetworkScoreService.java @@ -69,6 +69,7 @@ import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.content.PackageMonitor; import com.android.internal.os.TransferPipe; +import com.android.internal.util.DumpUtils; import java.io.FileDescriptor; import java.io.IOException; @@ -925,7 +926,7 @@ public class NetworkScoreService extends INetworkScoreService.Stub { @Override protected void dump(final FileDescriptor fd, final PrintWriter writer, final String[] args) { - mContext.enforceCallingOrSelfPermission(permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return; final long token = Binder.clearCallingIdentity(); try { NetworkScorerAppData currentScorer = mNetworkScorerAppManager.getActiveScorer(); diff --git a/services/core/java/com/android/server/NetworkTimeUpdateService.java b/services/core/java/com/android/server/NetworkTimeUpdateService.java index b64c65dd5827..ebcda44548f8 100644 --- a/services/core/java/com/android/server/NetworkTimeUpdateService.java +++ b/services/core/java/com/android/server/NetworkTimeUpdateService.java @@ -40,6 +40,7 @@ import android.util.TimeUtils; import android.util.TrustedTime; import com.android.internal.telephony.TelephonyIntents; +import com.android.internal.util.DumpUtils; import java.io.FileDescriptor; import java.io.PrintWriter; @@ -323,15 +324,7 @@ public class NetworkTimeUpdateService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump NetworkTimeUpdateService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid() - + " without permission " - + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.print("PollingIntervalMs: "); TimeUtils.formatDuration(mPollingIntervalMs, pw); pw.print("\nPollingIntervalShorterMs: "); diff --git a/services/core/java/com/android/server/NsdService.java b/services/core/java/com/android/server/NsdService.java index a44b065d4225..8ae95d5ada22 100644 --- a/services/core/java/com/android/server/NsdService.java +++ b/services/core/java/com/android/server/NsdService.java @@ -41,6 +41,7 @@ import java.util.HashMap; import java.util.concurrent.CountDownLatch; import com.android.internal.util.AsyncChannel; +import com.android.internal.util.DumpUtils; import com.android.internal.util.Protocol; import com.android.internal.util.State; import com.android.internal.util.StateMachine; @@ -811,13 +812,7 @@ public class NsdService extends INsdManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ServiceDiscoverService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; for (ClientInfo client : mClients.values()) { pw.println("Client Info"); diff --git a/services/core/java/com/android/server/PinnerService.java b/services/core/java/com/android/server/PinnerService.java index fa5a52c712cd..a94bf79fcb30 100644 --- a/services/core/java/com/android/server/PinnerService.java +++ b/services/core/java/com/android/server/PinnerService.java @@ -37,6 +37,7 @@ import android.util.Slog; import com.android.internal.app.ResolverActivity; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import dalvik.system.DexFile; import dalvik.system.VMRuntime; @@ -333,7 +334,7 @@ public final class PinnerService extends SystemService { private final class BinderService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("Pinned Files:"); synchronized(this) { for (int i = 0; i < mPinnedFiles.size(); i++) { diff --git a/services/core/java/com/android/server/SamplingProfilerService.java b/services/core/java/com/android/server/SamplingProfilerService.java index fbf1aa4b8db0..5f9269570e9d 100644 --- a/services/core/java/com/android/server/SamplingProfilerService.java +++ b/services/core/java/com/android/server/SamplingProfilerService.java @@ -27,6 +27,7 @@ import android.database.ContentObserver; import android.os.SystemProperties; import android.provider.Settings; import com.android.internal.os.SamplingProfilerIntegration; +import com.android.internal.util.DumpUtils; import java.io.File; import java.io.FileDescriptor; @@ -96,7 +97,7 @@ public class SamplingProfilerService extends Binder { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("SamplingProfilerService:"); pw.println("Watching directory: " + SNAPSHOT_DIR); diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index c68000ab00d4..d79609856c3f 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -102,6 +102,7 @@ import com.android.internal.os.FuseUnavailableMountException; import com.android.internal.os.SomeArgs; import com.android.internal.os.Zygote; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.HexDump; import com.android.internal.util.IndentingPrintWriter; @@ -3911,7 +3912,7 @@ class StorageManagerService extends IStorageManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter writer, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return; final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " ", 160); synchronized (mLock) { diff --git a/services/core/java/com/android/server/TelephonyRegistry.java b/services/core/java/com/android/server/TelephonyRegistry.java index 531df81b7126..7c1a6093beda 100644 --- a/services/core/java/com/android/server/TelephonyRegistry.java +++ b/services/core/java/com/android/server/TelephonyRegistry.java @@ -60,6 +60,7 @@ import com.android.internal.telephony.IPhoneStateListener; import com.android.internal.telephony.PhoneConstantConversions; import com.android.internal.telephony.PhoneConstants; import com.android.internal.telephony.TelephonyIntents; +import com.android.internal.util.DumpUtils; import com.android.server.am.BatteryStatsService; /** @@ -1391,12 +1392,7 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump telephony.registry from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mRecords) { final int recordCount = mRecords.size(); pw.println("last known state:"); diff --git a/services/core/java/com/android/server/TextServicesManagerService.java b/services/core/java/com/android/server/TextServicesManagerService.java index feda273b4e5c..9068745c1ef3 100644 --- a/services/core/java/com/android/server/TextServicesManagerService.java +++ b/services/core/java/com/android/server/TextServicesManagerService.java @@ -25,6 +25,7 @@ import com.android.internal.textservice.ISpellCheckerSession; import com.android.internal.textservice.ISpellCheckerSessionListener; import com.android.internal.textservice.ITextServicesManager; import com.android.internal.textservice.ITextServicesSessionListener; +import com.android.internal.util.DumpUtils; import org.xmlpull.v1.XmlPullParserException; @@ -757,14 +758,7 @@ public class TextServicesManagerService extends ITextServicesManager.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump TextServicesManagerService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized(mSpellCheckerMap) { pw.println("Current Text Services Manager state:"); diff --git a/services/core/java/com/android/server/UiModeManagerService.java b/services/core/java/com/android/server/UiModeManagerService.java index 227e2a2ac3e4..04421cc7ee3c 100644 --- a/services/core/java/com/android/server/UiModeManagerService.java +++ b/services/core/java/com/android/server/UiModeManagerService.java @@ -60,6 +60,7 @@ import com.android.internal.R; import com.android.internal.app.DisableCarModeActivity; import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; +import com.android.internal.util.DumpUtils; import com.android.server.power.ShutdownThread; import com.android.server.twilight.TwilightListener; import com.android.server.twilight.TwilightManager; @@ -352,15 +353,7 @@ final class UiModeManagerService extends SystemService { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump uimode service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; dumpImpl(pw); } }; diff --git a/services/core/java/com/android/server/UpdateLockService.java b/services/core/java/com/android/server/UpdateLockService.java index 7f33973c8d5c..06f73e28829e 100644 --- a/services/core/java/com/android/server/UpdateLockService.java +++ b/services/core/java/com/android/server/UpdateLockService.java @@ -29,6 +29,8 @@ import android.os.UpdateLock; import android.os.UserHandle; import android.util.Slog; +import com.android.internal.util.DumpUtils; + import java.io.FileDescriptor; import java.io.PrintWriter; @@ -112,14 +114,7 @@ public class UpdateLockService extends IUpdateLock.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump update lock service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; mLocks.dump(pw); } } diff --git a/services/core/java/com/android/server/VibratorService.java b/services/core/java/com/android/server/VibratorService.java index c4676d12c8bd..678ae38514a3 100644 --- a/services/core/java/com/android/server/VibratorService.java +++ b/services/core/java/com/android/server/VibratorService.java @@ -54,6 +54,7 @@ import android.media.AudioAttributes; import com.android.internal.app.IAppOpsService; import com.android.internal.app.IBatteryStats; +import com.android.internal.util.DumpUtils; import com.android.server.power.BatterySaverPolicy.ServiceType; import java.io.FileDescriptor; @@ -874,14 +875,8 @@ public class VibratorService extends IVibratorService.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; - pw.println("Permission Denial: can't dump vibrator service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } pw.println("Previous vibrations:"); synchronized (mLock) { for (VibrationInfo info : mPreviousVibrations) { diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java index ad2ed93cdcdb..d996ee282ef9 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java @@ -92,6 +92,7 @@ import com.android.internal.content.PackageMonitor; import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.Preconditions; import com.android.server.LocalServices; @@ -4867,13 +4868,7 @@ public class AccountManagerService @Override protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - fout.println("Permission Denial: can't dump AccountsManager from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return; final boolean isCheckinRequest = scanArgs(args, "--checkin") || scanArgs(args, "-c"); final IndentingPrintWriter ipw = new IndentingPrintWriter(fout, " "); diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 81d0a7cd30ac..8282b94c5805 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -350,6 +350,7 @@ import com.android.internal.os.Zygote; import com.android.internal.policy.IKeyguardDismissCallback; import com.android.internal.telephony.TelephonyIntents; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastPrintWriter; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.MemInfoReader; @@ -2656,14 +2657,8 @@ public class ActivityManagerService extends IActivityManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump meminfo from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } - + if (!DumpUtils.checkDumpPermission(mActivityManagerService.mContext, + "meminfo", pw)) return; mActivityManagerService.dumpApplicationMemoryUsage(fd, pw, " ", args, false, null); } } @@ -2676,14 +2671,8 @@ public class ActivityManagerService extends IActivityManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump gfxinfo from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } - + if (!DumpUtils.checkDumpPermission(mActivityManagerService.mContext, + "gfxinfo", pw)) return; mActivityManagerService.dumpGraphicsHardwareUsage(fd, pw, args); } } @@ -2696,14 +2685,8 @@ public class ActivityManagerService extends IActivityManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump dbinfo from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } - + if (!DumpUtils.checkDumpPermission(mActivityManagerService.mContext, + "dbinfo", pw)) return; mActivityManagerService.dumpDbInfo(fd, pw, args); } } @@ -2716,14 +2699,8 @@ public class ActivityManagerService extends IActivityManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mActivityManagerService.checkCallingPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump cpuinfo from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } - + if (!DumpUtils.checkDumpPermission(mActivityManagerService.mContext, + "cpuinfo", pw)) return; synchronized (mActivityManagerService.mProcessCpuTracker) { pw.print(mActivityManagerService.mProcessCpuTracker.printCurrentLoad()); pw.print(mActivityManagerService.mProcessCpuTracker.printCurrentState( @@ -14758,15 +14735,7 @@ public class ActivityManagerService extends IActivityManager.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (checkCallingPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ActivityManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid() - + " without permission " - + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; boolean dumpAll = false; boolean dumpClient = false; diff --git a/services/core/java/com/android/server/am/BatteryStatsService.java b/services/core/java/com/android/server/am/BatteryStatsService.java index d3935d1cd757..938d2cf7c2a8 100644 --- a/services/core/java/com/android/server/am/BatteryStatsService.java +++ b/services/core/java/com/android/server/am/BatteryStatsService.java @@ -59,6 +59,7 @@ import com.android.internal.app.IBatteryStats; import com.android.internal.os.BatteryStatsHelper; import com.android.internal.os.BatteryStatsImpl; import com.android.internal.os.PowerProfile; +import com.android.internal.util.DumpUtils; import com.android.server.LocalServices; import com.android.server.ServiceThread; import com.android.server.power.BatterySaverPolicy.ServiceType; @@ -1188,13 +1189,7 @@ public final class BatteryStatsService extends IBatteryStats.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump BatteryStats from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; int flags = 0; boolean useCheckinFormat = false; diff --git a/services/core/java/com/android/server/am/ProcessStatsService.java b/services/core/java/com/android/server/am/ProcessStatsService.java index d210ed76eca8..b6ae33df2f62 100644 --- a/services/core/java/com/android/server/am/ProcessStatsService.java +++ b/services/core/java/com/android/server/am/ProcessStatsService.java @@ -616,13 +616,8 @@ public final class ProcessStatsService extends IProcessStats.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mAm.checkCallingPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump procstats from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } + if (!com.android.internal.util.DumpUtils.checkDumpPermission(mAm.mContext, + TAG, pw)) return; long ident = Binder.clearCallingIdentity(); try { diff --git a/services/core/java/com/android/server/audio/AudioService.java b/services/core/java/com/android/server/audio/AudioService.java index 49d1521e378f..70e56b09de13 100644 --- a/services/core/java/com/android/server/audio/AudioService.java +++ b/services/core/java/com/android/server/audio/AudioService.java @@ -114,6 +114,7 @@ import android.util.SparseIntArray; import android.view.KeyEvent; import android.view.accessibility.AccessibilityManager; +import com.android.internal.util.DumpUtils; import com.android.internal.util.XmlUtils; import com.android.server.EventLogTags; import com.android.server.LocalServices; @@ -6116,7 +6117,7 @@ public class AudioService extends IAudioService.Stub @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; mMediaFocusControl.dump(pw); dumpStreamStates(pw); diff --git a/services/core/java/com/android/server/connectivity/Tethering.java b/services/core/java/com/android/server/connectivity/Tethering.java index 07ab0671c926..0e593bd02629 100644 --- a/services/core/java/com/android/server/connectivity/Tethering.java +++ b/services/core/java/com/android/server/connectivity/Tethering.java @@ -70,6 +70,7 @@ import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.telephony.IccCardConstants; import com.android.internal.telephony.TelephonyIntents; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.MessageUtils; import com.android.internal.util.Protocol; @@ -1585,13 +1586,7 @@ public class Tethering extends BaseNetworkObserver implements IControlsTethering // Binder.java closes the resource for us. @SuppressWarnings("resource") final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); - if (mContext.checkCallingOrSelfPermission( - android.Manifest.permission.DUMP) != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ConnectivityService.Tether " + - "from from pid=" + Binder.getCallingPid() + ", uid=" + - Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("Tethering:"); pw.increaseIndent(); diff --git a/services/core/java/com/android/server/content/ContentService.java b/services/core/java/com/android/server/content/ContentService.java index f47a90795fa3..6e31e5db27f5 100644 --- a/services/core/java/com/android/server/content/ContentService.java +++ b/services/core/java/com/android/server/content/ContentService.java @@ -60,6 +60,7 @@ import android.util.SparseArray; import android.util.SparseIntArray; import com.android.internal.annotations.GuardedBy; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.LocalServices; import com.android.server.SystemService; @@ -162,9 +163,7 @@ public final class ContentService extends IContentService.Stub { @Override protected synchronized void dump(FileDescriptor fd, PrintWriter pw_, String[] args) { - mContext.enforceCallingOrSelfPermission(Manifest.permission.DUMP, - "caller doesn't have the DUMP permission"); - + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw_)) return; final IndentingPrintWriter pw = new IndentingPrintWriter(pw_, " "); // This makes it so that future permission checks will be in the context of this diff --git a/services/core/java/com/android/server/display/DisplayManagerService.java b/services/core/java/com/android/server/display/DisplayManagerService.java index fd89b9700714..a1a74377cf62 100644 --- a/services/core/java/com/android/server/display/DisplayManagerService.java +++ b/services/core/java/com/android/server/display/DisplayManagerService.java @@ -23,6 +23,7 @@ import static android.hardware.display.DisplayManager.VIRTUAL_DISPLAY_FLAG_SECUR import static android.hardware.display.DisplayManager .VIRTUAL_DISPLAY_FLAG_CAN_SHOW_WITH_INSECURE_KEYGUARD; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import android.Manifest; @@ -1538,13 +1539,7 @@ public final class DisplayManagerService extends SystemService { @Override // Binder call public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - if (mContext == null - || mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump DisplayManager from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; final long token = Binder.clearCallingIdentity(); try { diff --git a/services/core/java/com/android/server/dreams/DreamManagerService.java b/services/core/java/com/android/server/dreams/DreamManagerService.java index 1991c00ff4e1..313abab7a750 100644 --- a/services/core/java/com/android/server/dreams/DreamManagerService.java +++ b/services/core/java/com/android/server/dreams/DreamManagerService.java @@ -479,14 +479,7 @@ public final class DreamManagerService extends SystemService { private final class BinderService extends IDreamManager.Stub { @Override // Binder call protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump DreamManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; final long ident = Binder.clearCallingIdentity(); try { dumpInternal(pw); diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java index 7d97ce41e8f3..2b85570d66cf 100644 --- a/services/core/java/com/android/server/fingerprint/FingerprintService.java +++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java @@ -56,6 +56,7 @@ import android.util.proto.ProtoOutputStream; import com.android.internal.annotations.GuardedBy; import com.android.internal.logging.MetricsLogger; +import com.android.internal.util.DumpUtils; import com.android.server.SystemServerInitThreadPool; import com.android.server.SystemService; @@ -1071,13 +1072,7 @@ public class FingerprintService extends SystemService implements IHwBinder.Death @Override // Binder call protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump Fingerprint from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; final long ident = Binder.clearCallingIdentity(); try { diff --git a/services/core/java/com/android/server/hdmi/HdmiControlService.java b/services/core/java/com/android/server/hdmi/HdmiControlService.java index 6864e1edaf08..807b1b19f870 100644 --- a/services/core/java/com/android/server/hdmi/HdmiControlService.java +++ b/services/core/java/com/android/server/hdmi/HdmiControlService.java @@ -68,6 +68,7 @@ import android.util.Slog; import android.util.SparseArray; import android.util.SparseIntArray; import com.android.internal.annotations.GuardedBy; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.SystemService; import com.android.server.hdmi.HdmiAnnotations.ServiceThreadOnly; @@ -1677,7 +1678,7 @@ public final class HdmiControlService extends SystemService { @Override protected void dump(FileDescriptor fd, final PrintWriter writer, String[] args) { - getContext().enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(getContext(), TAG, writer)) return; final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); pw.println("mHdmiControlEnabled: " + mHdmiControlEnabled); diff --git a/services/core/java/com/android/server/input/InputManagerService.java b/services/core/java/com/android/server/input/InputManagerService.java index 65a46042f9b8..aafc9a8f50d7 100644 --- a/services/core/java/com/android/server/input/InputManagerService.java +++ b/services/core/java/com/android/server/input/InputManagerService.java @@ -27,6 +27,7 @@ import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.os.SomeArgs; import com.android.internal.R; +import com.android.internal.util.DumpUtils; import com.android.internal.util.Preconditions; import com.android.internal.util.XmlUtils; import com.android.server.DisplayThread; @@ -1747,13 +1748,7 @@ public class InputManagerService extends IInputManager.Stub @Override public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump InputManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("INPUT MANAGER (dumpsys input)\n"); String dumpStr = nativeDump(mPtr); diff --git a/services/core/java/com/android/server/job/JobSchedulerService.java b/services/core/java/com/android/server/job/JobSchedulerService.java index 2de9aaedf7c8..5e05738a835a 100644 --- a/services/core/java/com/android/server/job/JobSchedulerService.java +++ b/services/core/java/com/android/server/job/JobSchedulerService.java @@ -72,6 +72,7 @@ import android.util.TimeUtils; import com.android.internal.app.IBatteryStats; import com.android.internal.app.procstats.ProcessStats; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.server.DeviceIdleController; import com.android.server.LocalServices; import com.android.server.job.JobStore.JobStatusFunctor; @@ -1790,7 +1791,7 @@ public final class JobSchedulerService extends com.android.server.SystemService */ @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - getContext().enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; long identityToken = Binder.clearCallingIdentity(); try { diff --git a/services/core/java/com/android/server/location/ContextHubService.java b/services/core/java/com/android/server/location/ContextHubService.java index 0a15db626684..5e9f3550635f 100644 --- a/services/core/java/com/android/server/location/ContextHubService.java +++ b/services/core/java/com/android/server/location/ContextHubService.java @@ -31,6 +31,8 @@ import android.os.RemoteCallbackList; import android.os.RemoteException; import android.util.Log; +import com.android.internal.util.DumpUtils; + import java.io.FileDescriptor; import java.io.PrintWriter; import java.nio.ByteBuffer; @@ -242,11 +244,7 @@ public class ContextHubService extends IContextHubService.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission("android.permission.DUMP") - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump contexthub service"); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("Dumping ContextHub Service"); diff --git a/services/core/java/com/android/server/media/MediaRouterService.java b/services/core/java/com/android/server/media/MediaRouterService.java index f91ea8c03a39..7b0e51e644fe 100644 --- a/services/core/java/com/android/server/media/MediaRouterService.java +++ b/services/core/java/com/android/server/media/MediaRouterService.java @@ -16,6 +16,7 @@ package com.android.server.media; +import com.android.internal.util.DumpUtils; import com.android.server.Watchdog; import android.Manifest; @@ -258,13 +259,7 @@ public final class MediaRouterService extends IMediaRouterService.Stub // Binder call @Override public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump MediaRouterService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; pw.println("MEDIA ROUTER SERVICE (dumpsys media_router)"); pw.println(); diff --git a/services/core/java/com/android/server/media/MediaSessionService.java b/services/core/java/com/android/server/media/MediaSessionService.java index 4bf9d8f5ff53..64ab848a052e 100644 --- a/services/core/java/com/android/server/media/MediaSessionService.java +++ b/services/core/java/com/android/server/media/MediaSessionService.java @@ -71,6 +71,7 @@ import android.util.SparseIntArray; import android.view.KeyEvent; import android.view.ViewConfiguration; +import com.android.internal.util.DumpUtils; import com.android.server.LocalServices; import com.android.server.SystemService; import com.android.server.Watchdog; @@ -1283,13 +1284,7 @@ public class MediaSessionService extends SystemService implements Monitor { @Override public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump MediaSessionService from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; pw.println("MEDIA SESSION SERVICE (dumpsys media_session)"); pw.println(); diff --git a/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java b/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java index 3ea4f2c78a19..9d92cbcb2d03 100644 --- a/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java +++ b/services/core/java/com/android/server/media/projection/MediaProjectionManagerService.java @@ -39,6 +39,7 @@ import android.os.UserHandle; import android.util.ArrayMap; import android.util.Slog; +import com.android.internal.util.DumpUtils; import com.android.server.SystemService; import java.io.FileDescriptor; @@ -314,14 +315,7 @@ public final class MediaProjectionManagerService extends SystemService @Override // Binder call public void dump(FileDescriptor fd, final PrintWriter pw, String[] args) { - if (mContext == null - || mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump MediaProjectionManager from from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; final long token = Binder.clearCallingIdentity(); try { MediaProjectionManagerService.this.dump(pw); diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java index f180c5089aa1..8227753cc802 100644 --- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java +++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java @@ -181,6 +181,7 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.telephony.PhoneConstants; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.IndentingPrintWriter; import com.android.server.DeviceIdleController; @@ -2585,7 +2586,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter writer, String[] args) { - mContext.enforceCallingOrSelfPermission(DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return; final IndentingPrintWriter fout = new IndentingPrintWriter(writer, " "); diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 6d666e890f9a..e746355097fb 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -122,6 +122,7 @@ import android.util.proto.ProtoOutputStream; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.net.VpnInfo; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FileRotator; import com.android.internal.util.IndentingPrintWriter; import com.android.server.EventLogTags; @@ -1234,7 +1235,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter rawWriter, String[] args) { - mContext.enforceCallingOrSelfPermission(DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, rawWriter)) return; long duration = DateUtils.DAY_IN_MILLIS; final HashSet<String> argSet = new HashSet<String>(); diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java index ede5a5e8e337..4a963c7c2c90 100644 --- a/services/core/java/com/android/server/notification/NotificationManagerService.java +++ b/services/core/java/com/android/server/notification/NotificationManagerService.java @@ -144,6 +144,7 @@ import com.android.internal.logging.MetricsLogger; import com.android.internal.logging.nano.MetricsProto; import com.android.internal.logging.nano.MetricsProto.MetricsEvent; import com.android.internal.statusbar.NotificationVisibility; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.Preconditions; import com.android.server.DeviceIdleController; @@ -2451,14 +2452,7 @@ public class NotificationManagerService extends SystemService { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump NotificationManager from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; final DumpFilter filter = DumpFilter.parseFromArguments(args); if (filter != null && filter.stats) { dumpJson(pw, filter); diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 2115f316402f..3c58d9760b5a 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -254,6 +254,7 @@ import com.android.internal.os.Zygote; import com.android.internal.telephony.CarrierAppUtils; import com.android.internal.util.ArrayUtils; import com.android.internal.util.ConcurrentUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastPrintWriter; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.IndentingPrintWriter; @@ -20230,15 +20231,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump ActivityManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid() - + " without permission " - + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; DumpState dumpState = new DumpState(); boolean fullPreferred = false; diff --git a/services/core/java/com/android/server/pm/ShortcutService.java b/services/core/java/com/android/server/pm/ShortcutService.java index a5b739efce12..6ddd3b360928 100644 --- a/services/core/java/com/android/server/pm/ShortcutService.java +++ b/services/core/java/com/android/server/pm/ShortcutService.java @@ -96,6 +96,7 @@ import android.view.IWindowManager; import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.Preconditions; import com.android.server.LocalServices; @@ -3447,8 +3448,7 @@ public class ShortcutService extends IShortcutService.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, - "can't dump by this caller"); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; boolean checkin = false; boolean clear = false; if (args != null) { diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index 8ecf6f74bc8f..63e2d4770c9a 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -89,6 +89,7 @@ import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.app.IAppOpsService; import com.android.internal.logging.MetricsLogger; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.Preconditions; import com.android.internal.util.XmlUtils; @@ -3358,15 +3359,7 @@ public class UserManagerService extends IUserManager.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump UserManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid() - + " without permission " - + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; long now = System.currentTimeMillis(); StringBuilder sb = new StringBuilder(); diff --git a/services/core/java/com/android/server/power/PowerManagerService.java b/services/core/java/com/android/server/power/PowerManagerService.java index 4f67e8ce2d15..9c4e700c87d3 100644 --- a/services/core/java/com/android/server/power/PowerManagerService.java +++ b/services/core/java/com/android/server/power/PowerManagerService.java @@ -75,6 +75,7 @@ import com.android.internal.app.IBatteryStats; import com.android.internal.hardware.AmbientDisplayConfiguration; import com.android.internal.os.BackgroundThread; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.server.EventLogTags; import com.android.server.LockGuard; import com.android.server.RescueParty; @@ -4503,13 +4504,7 @@ public final class PowerManagerService extends SystemService @Override // Binder call protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump PowerManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; final long ident = Binder.clearCallingIdentity(); diff --git a/services/core/java/com/android/server/search/SearchManagerService.java b/services/core/java/com/android/server/search/SearchManagerService.java index edeb77407f77..8c317310fb6d 100644 --- a/services/core/java/com/android/server/search/SearchManagerService.java +++ b/services/core/java/com/android/server/search/SearchManagerService.java @@ -47,6 +47,7 @@ import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; import com.android.internal.content.PackageMonitor; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.LocalServices; import com.android.server.SystemService; @@ -371,7 +372,7 @@ public class SearchManagerService extends ISearchManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; IndentingPrintWriter ipw = new IndentingPrintWriter(pw, " "); synchronized (mSearchables) { diff --git a/services/core/java/com/android/server/statusbar/StatusBarManagerService.java b/services/core/java/com/android/server/statusbar/StatusBarManagerService.java index 83ea075434e8..212bd61dbc9a 100644 --- a/services/core/java/com/android/server/statusbar/StatusBarManagerService.java +++ b/services/core/java/com/android/server/statusbar/StatusBarManagerService.java @@ -39,6 +39,7 @@ import com.android.internal.statusbar.IStatusBar; import com.android.internal.statusbar.IStatusBarService; import com.android.internal.statusbar.NotificationVisibility; import com.android.internal.statusbar.StatusBarIcon; +import com.android.internal.util.DumpUtils; import com.android.server.LocalServices; import com.android.server.notification.NotificationDelegate; import com.android.server.power.ShutdownThread; @@ -981,13 +982,7 @@ public class StatusBarManagerService extends IStatusBarService.Stub { // ================================================================================ protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump StatusBar from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { pw.println(" mDisabled1=0x" + Integer.toHexString(mDisabled1)); diff --git a/services/core/java/com/android/server/storage/DeviceStorageMonitorService.java b/services/core/java/com/android/server/storage/DeviceStorageMonitorService.java index a847a3c43dfb..275b612312ca 100644 --- a/services/core/java/com/android/server/storage/DeviceStorageMonitorService.java +++ b/services/core/java/com/android/server/storage/DeviceStorageMonitorService.java @@ -20,6 +20,7 @@ import android.app.NotificationChannel; import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; +import com.android.internal.util.DumpUtils; import com.android.server.EventLogTags; import com.android.server.SystemService; import com.android.server.pm.InstructionSets; @@ -467,15 +468,7 @@ public class DeviceStorageMonitorService extends SystemService { private final Binder mRemoteService = new Binder() { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump " + SERVICE + " from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; dumpImpl(fd, pw, args); } diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 4570b0d0a99d..f4f7e2403f0c 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -59,6 +59,7 @@ import android.view.IWindowManager; import android.view.WindowManagerGlobal; import com.android.internal.annotations.GuardedBy; import com.android.internal.content.PackageMonitor; +import com.android.internal.util.DumpUtils; import com.android.internal.widget.LockPatternUtils; import com.android.server.SystemService; import java.io.FileDescriptor; @@ -849,8 +850,7 @@ public class TrustManagerService extends SystemService { @Override protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) { - mContext.enforceCallingPermission(Manifest.permission.DUMP, - "dumping TrustManagerService"); + if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return; if (isSafeMode()) { fout.println("disabled because the system is in safe mode."); return; diff --git a/services/core/java/com/android/server/tv/TvInputHardwareManager.java b/services/core/java/com/android/server/tv/TvInputHardwareManager.java index 08eca73e1702..6117da7b1a38 100644 --- a/services/core/java/com/android/server/tv/TvInputHardwareManager.java +++ b/services/core/java/com/android/server/tv/TvInputHardwareManager.java @@ -59,6 +59,7 @@ import android.util.SparseBooleanArray; import android.view.KeyEvent; import android.view.Surface; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.SystemService; @@ -549,12 +550,7 @@ class TvInputHardwareManager implements TvInputHal.Callback { public void dump(FileDescriptor fd, final PrintWriter writer, String[] args) { final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump TvInputHardwareManager from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { pw.println("TvInputHardwareManager Info:"); diff --git a/services/core/java/com/android/server/tv/TvInputManagerService.java b/services/core/java/com/android/server/tv/TvInputManagerService.java index 52763a179e73..be91f48fb76f 100644 --- a/services/core/java/com/android/server/tv/TvInputManagerService.java +++ b/services/core/java/com/android/server/tv/TvInputManagerService.java @@ -77,6 +77,7 @@ import android.view.Surface; import com.android.internal.content.PackageMonitor; import com.android.internal.os.SomeArgs; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.IoThread; import com.android.server.SystemService; @@ -1912,12 +1913,7 @@ public final class TvInputManagerService extends SystemService { @SuppressWarnings("resource") protected void dump(FileDescriptor fd, final PrintWriter writer, String[] args) { final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump TvInputManager from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { pw.println("User Ids (Current user: " + mCurrentUserId + "):"); diff --git a/services/core/java/com/android/server/vr/VrManagerService.java b/services/core/java/com/android/server/vr/VrManagerService.java index 324faff8e781..cc089184d2ed 100644 --- a/services/core/java/com/android/server/vr/VrManagerService.java +++ b/services/core/java/com/android/server/vr/VrManagerService.java @@ -55,6 +55,7 @@ import android.util.Slog; import android.util.SparseArray; import com.android.internal.R; +import com.android.internal.util.DumpUtils; import com.android.server.LocalServices; import com.android.server.SystemConfig; import com.android.server.SystemService; @@ -444,12 +445,8 @@ public class VrManagerService extends SystemService implements EnabledComponentC @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump VrManagerService from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; + pw.println("********* Dump of VrManagerService *********"); pw.println("VR mode is currently: " + ((mVrModeAllowed) ? "allowed" : "disallowed")); pw.println("Persistent VR mode is currently: " + diff --git a/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java b/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java index c6b032b955fa..6a18beb81308 100644 --- a/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java +++ b/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java @@ -87,6 +87,7 @@ import android.view.WindowManager; import com.android.internal.R; import com.android.internal.content.PackageMonitor; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.JournaledFile; import com.android.server.EventLogTags; @@ -2297,14 +2298,7 @@ public class WallpaperManagerService extends IWallpaperManager.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump wallpaper service from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (mLock) { pw.println("System wallpaper state:"); diff --git a/services/core/java/com/android/server/webkit/WebViewUpdateService.java b/services/core/java/com/android/server/webkit/WebViewUpdateService.java index 4a105e18e9ba..3b400b43b725 100644 --- a/services/core/java/com/android/server/webkit/WebViewUpdateService.java +++ b/services/core/java/com/android/server/webkit/WebViewUpdateService.java @@ -33,6 +33,7 @@ import android.webkit.IWebViewUpdateService; import android.webkit.WebViewProviderInfo; import android.webkit.WebViewProviderResponse; +import com.android.internal.util.DumpUtils; import com.android.server.SystemService; import java.io.FileDescriptor; @@ -293,14 +294,7 @@ public class WebViewUpdateService extends SystemService { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump webviewupdate service from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()); - return; - } - + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; WebViewUpdateService.this.mImpl.dumpState(pw); } } diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index 6c7da502ed29..95fbbb89a649 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -204,6 +204,7 @@ import com.android.internal.app.IAssistScreenshotReceiver; import com.android.internal.os.IResultReceiver; import com.android.internal.policy.IKeyguardDismissCallback; import com.android.internal.policy.IShortcutService; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastPrintWriter; import com.android.internal.view.IInputContext; import com.android.internal.view.IInputMethodClient; @@ -6517,13 +6518,7 @@ public class WindowManagerService extends IWindowManager.Stub @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission("android.permission.DUMP") - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump WindowManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; boolean dumpAll = false; diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index db7c99ea4480..6f49324bfc56 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -169,6 +169,7 @@ import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; import com.android.internal.notification.SystemNotificationChannels; import com.android.internal.os.BackgroundThread; import com.android.internal.statusbar.IStatusBarService; +import com.android.internal.util.DumpUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.JournaledFile; import com.android.internal.util.Preconditions; @@ -7269,14 +7270,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - - pw.println("Permission Denial: can't dump DevicePolicyManagerService from from pid=" - + mInjector.binderGetCallingPid() - + ", uid=" + mInjector.binderGetCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; synchronized (this) { pw.println("Current Device Policy Manager state:"); diff --git a/services/midi/java/com/android/server/midi/MidiService.java b/services/midi/java/com/android/server/midi/MidiService.java index 1c18c9b091b7..100e4594b2e7 100644 --- a/services/midi/java/com/android/server/midi/MidiService.java +++ b/services/midi/java/com/android/server/midi/MidiService.java @@ -45,6 +45,7 @@ import android.os.UserHandle; import android.util.Log; import com.android.internal.content.PackageMonitor; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.XmlUtils; import com.android.server.SystemService; @@ -1011,7 +1012,7 @@ public class MidiService extends IMidiManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return; final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); pw.println("MIDI Manager State:"); diff --git a/services/print/java/com/android/server/print/PrintManagerService.java b/services/print/java/com/android/server/print/PrintManagerService.java index d7666d91b6c3..3ec83800557a 100644 --- a/services/print/java/com/android/server/print/PrintManagerService.java +++ b/services/print/java/com/android/server/print/PrintManagerService.java @@ -19,7 +19,6 @@ package com.android.server.print; import static android.content.pm.PackageManager.GET_SERVICES; import static android.content.pm.PackageManager.MATCH_DEBUG_TRIAGED_MISSING; -import android.Manifest; import android.annotation.NonNull; import android.app.ActivityManager; import android.content.ComponentName; @@ -40,22 +39,23 @@ import android.os.UserManager; import android.print.IPrintDocumentAdapter; import android.print.IPrintJobStateChangeListener; import android.print.IPrintManager; -import android.printservice.recommendation.IRecommendationsChangeListener; import android.print.IPrintServicesChangeListener; import android.print.IPrinterDiscoveryObserver; import android.print.PrintAttributes; import android.print.PrintJobId; import android.print.PrintJobInfo; import android.print.PrintManager; -import android.printservice.recommendation.RecommendationInfo; import android.print.PrinterId; import android.printservice.PrintServiceInfo; +import android.printservice.recommendation.IRecommendationsChangeListener; +import android.printservice.recommendation.RecommendationInfo; import android.provider.Settings; import android.util.Log; import android.util.SparseArray; import com.android.internal.content.PackageMonitor; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.internal.util.Preconditions; import com.android.server.SystemService; @@ -628,13 +628,7 @@ public final class PrintManagerService extends SystemService { fd = Preconditions.checkNotNull(fd); pw = Preconditions.checkNotNull(pw); - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump PrintManager from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; synchronized (mLock) { final long identity = Binder.clearCallingIdentity(); diff --git a/services/usage/java/com/android/server/usage/UsageStatsService.java b/services/usage/java/com/android/server/usage/UsageStatsService.java index 7be2b0fb8728..64a72eea2e99 100644 --- a/services/usage/java/com/android/server/usage/UsageStatsService.java +++ b/services/usage/java/com/android/server/usage/UsageStatsService.java @@ -78,6 +78,7 @@ import com.android.internal.app.IBatteryStats; import com.android.internal.os.BackgroundThread; import com.android.internal.os.SomeArgs; import com.android.internal.util.ArrayUtils; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.server.SystemService; @@ -1465,13 +1466,7 @@ public class UsageStatsService extends SystemService implements @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (getContext().checkCallingOrSelfPermission(android.Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump UsageStats from pid=" - + Binder.getCallingPid() + ", uid=" + Binder.getCallingUid() - + " without permission " + android.Manifest.permission.DUMP); - return; - } + if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) return; UsageStatsService.this.dump(args, pw); } diff --git a/services/usb/java/com/android/server/usb/UsbService.java b/services/usb/java/com/android/server/usb/UsbService.java index a87ac9e8a3df..61e1e8f28c59 100644 --- a/services/usb/java/com/android/server/usb/UsbService.java +++ b/services/usb/java/com/android/server/usb/UsbService.java @@ -40,6 +40,7 @@ import android.os.UserManager; import android.util.Slog; import com.android.internal.annotations.GuardedBy; +import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.Preconditions; import com.android.server.SystemService; @@ -480,7 +481,7 @@ public class UsbService extends IUsbManager.Stub { @Override public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG); + if (!DumpUtils.checkDumpPermission(mContext, TAG, writer)) return; final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " "); final long ident = Binder.clearCallingIdentity(); diff --git a/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java b/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java index 03a7db7286b6..dc4b41c3d65a 100644 --- a/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java +++ b/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java @@ -62,6 +62,7 @@ import com.android.internal.app.IVoiceInteractionSessionShowCallback; import com.android.internal.app.IVoiceInteractor; import com.android.internal.content.PackageMonitor; import com.android.internal.os.BackgroundThread; +import com.android.internal.util.DumpUtils; import com.android.server.LocalServices; import com.android.server.SystemService; import com.android.server.UiThread; @@ -1117,13 +1118,7 @@ public class VoiceInteractionManagerService extends SystemService { @Override public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { - if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) - != PackageManager.PERMISSION_GRANTED) { - pw.println("Permission Denial: can't dump voiceinteraction from from pid=" - + Binder.getCallingPid() - + ", uid=" + Binder.getCallingUid()); - return; - } + if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; synchronized (this) { pw.println("VOICE INTERACTION MANAGER (dumpsys voiceinteraction)"); pw.println(" mEnableService: " + mEnableService); |