summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/com/android/server/NetworkStackService.java3
-rw-r--r--src/com/android/server/util/PermissionUtil.java17
2 files changed, 17 insertions, 3 deletions
diff --git a/src/com/android/server/NetworkStackService.java b/src/com/android/server/NetworkStackService.java
index 057012d..cca71e7 100644
--- a/src/com/android/server/NetworkStackService.java
+++ b/src/com/android/server/NetworkStackService.java
@@ -20,6 +20,7 @@ import static android.net.dhcp.IDhcpServer.STATUS_INVALID_ARGUMENT;
import static android.net.dhcp.IDhcpServer.STATUS_SUCCESS;
import static android.net.dhcp.IDhcpServer.STATUS_UNKNOWN_ERROR;
+import static com.android.server.util.PermissionUtil.checkDumpPermission;
import static com.android.server.util.PermissionUtil.checkNetworkStackCallingPermission;
import android.annotation.NonNull;
@@ -139,7 +140,7 @@ public class NetworkStackService extends Service {
@Override
protected void dump(@NonNull FileDescriptor fd, @NonNull PrintWriter fout,
@Nullable String[] args) {
- checkNetworkStackCallingPermission();
+ checkDumpPermission();
final IndentingPrintWriter pw = new IndentingPrintWriter(fout, " ");
pw.println("NetworkStack logs:");
mLog.dump(fd, pw, args);
diff --git a/src/com/android/server/util/PermissionUtil.java b/src/com/android/server/util/PermissionUtil.java
index 733f873..82bf038 100644
--- a/src/com/android/server/util/PermissionUtil.java
+++ b/src/com/android/server/util/PermissionUtil.java
@@ -31,8 +31,21 @@ public final class PermissionUtil {
*/
public static void checkNetworkStackCallingPermission() {
// TODO: check that the calling PID is the system server.
- if (getCallingUid() != Process.SYSTEM_UID && getCallingUid() != Process.ROOT_UID) {
- throw new SecurityException("Invalid caller: " + getCallingUid());
+ final int caller = getCallingUid();
+ if (caller != Process.SYSTEM_UID && caller != Process.BLUETOOTH_UID) {
+ throw new SecurityException("Invalid caller: " + caller);
+ }
+ }
+
+ /**
+ * Check that the caller is allowed to dump the network stack, e.g. dumpsys.
+ * @throws SecurityException The caller is not allowed to dump the network stack.
+ */
+ public static void checkDumpPermission() {
+ final int caller = getCallingUid();
+ if (caller != Process.SYSTEM_UID && caller != Process.ROOT_UID
+ && caller != Process.SHELL_UID) {
+ throw new SecurityException("No dump permissions for caller: " + caller);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-04 02:41:36 +0000