diff options
| -rw-r--r-- | src/com/android/server/NetworkStackService.java | 3 | ||||
| -rw-r--r-- | src/com/android/server/util/PermissionUtil.java | 17 |
2 files changed, 17 insertions, 3 deletions
diff --git a/src/com/android/server/NetworkStackService.java b/src/com/android/server/NetworkStackService.java index 057012d..cca71e7 100644 --- a/src/com/android/server/NetworkStackService.java +++ b/src/com/android/server/NetworkStackService.java @@ -20,6 +20,7 @@ import static android.net.dhcp.IDhcpServer.STATUS_INVALID_ARGUMENT; import static android.net.dhcp.IDhcpServer.STATUS_SUCCESS; import static android.net.dhcp.IDhcpServer.STATUS_UNKNOWN_ERROR; +import static com.android.server.util.PermissionUtil.checkDumpPermission; import static com.android.server.util.PermissionUtil.checkNetworkStackCallingPermission; import android.annotation.NonNull; @@ -139,7 +140,7 @@ public class NetworkStackService extends Service { @Override protected void dump(@NonNull FileDescriptor fd, @NonNull PrintWriter fout, @Nullable String[] args) { - checkNetworkStackCallingPermission(); + checkDumpPermission(); final IndentingPrintWriter pw = new IndentingPrintWriter(fout, " "); pw.println("NetworkStack logs:"); mLog.dump(fd, pw, args); diff --git a/src/com/android/server/util/PermissionUtil.java b/src/com/android/server/util/PermissionUtil.java index 733f873..82bf038 100644 --- a/src/com/android/server/util/PermissionUtil.java +++ b/src/com/android/server/util/PermissionUtil.java @@ -31,8 +31,21 @@ public final class PermissionUtil { */ public static void checkNetworkStackCallingPermission() { // TODO: check that the calling PID is the system server. - if (getCallingUid() != Process.SYSTEM_UID && getCallingUid() != Process.ROOT_UID) { - throw new SecurityException("Invalid caller: " + getCallingUid()); + final int caller = getCallingUid(); + if (caller != Process.SYSTEM_UID && caller != Process.BLUETOOTH_UID) { + throw new SecurityException("Invalid caller: " + caller); + } + } + + /** + * Check that the caller is allowed to dump the network stack, e.g. dumpsys. + * @throws SecurityException The caller is not allowed to dump the network stack. + */ + public static void checkDumpPermission() { + final int caller = getCallingUid(); + if (caller != Process.SYSTEM_UID && caller != Process.ROOT_UID + && caller != Process.SHELL_UID) { + throw new SecurityException("No dump permissions for caller: " + caller); } } |