From 2ffca5a0de56c8ce3826526abd2b7d934356df5e Mon Sep 17 00:00:00 2001
From: Sunny Goyal <sunnygoyal@google.com>
Date: Wed, 20 May 2020 15:39:41 -0700
Subject: [PATCH] Adding permission check for dumping visible windows

Bug: 157010495
Test: Verfied that 3P apps cant call this API
Change-Id: I0dee93c82d33152fc54b6784970103c82a8ba6ef
---
 .../com/android/server/wm/WindowManagerShellCommand.java     | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/core/java/com/android/server/wm/WindowManagerShellCommand.java b/services/core/java/com/android/server/wm/WindowManagerShellCommand.java
index 619d87bc49f07..bdecb8d99752a 100644
--- a/services/core/java/com/android/server/wm/WindowManagerShellCommand.java
+++ b/services/core/java/com/android/server/wm/WindowManagerShellCommand.java
@@ -351,6 +351,11 @@ public class WindowManagerShellCommand extends ShellCommand {
     }
 
     private int runDumpVisibleWindowViews(PrintWriter pw) {
+        if (!mInternal.checkCallingPermission(android.Manifest.permission.DUMP,
+                "runDumpVisibleWindowViews()")) {
+            throw new SecurityException("Requires DUMP permission");
+        }
+
         try (ZipOutputStream out = new ZipOutputStream(getRawOutputStream())) {
             ArrayList<Pair<String, ByteTransferPipe>> requestList = new ArrayList<>();
             synchronized (mInternal.mGlobalLock) {