Merge "Add a whitelist to control packages that can use Bugreporting API"

2019-03-14 10:13:32 +00:00
parent 4837dbe536 ee4d7be219
commit 17492d0691
2 changed files with 24 additions and 0 deletions
--- a/core/java/com/android/server/SystemConfig.java
+++ b/core/java/com/android/server/SystemConfig.java
@@ -175,6 +175,8 @@ public class SystemConfig {

    final ArrayMap<String, ArrayMap<String, Boolean>> mOemPermissions = new ArrayMap<>();

+    private final ArraySet<String> mBugreportWhitelistedPackages = new ArraySet<>();
+
    public static SystemConfig getInstance() {
        synchronized (SystemConfig.class) {
            if (sInstance == null) {
@@ -288,6 +290,10 @@ public class SystemConfig {
        return Collections.emptyMap();
    }

+    public ArraySet<String> getBugreportWhitelistedPackages() {
+        return mBugreportWhitelistedPackages;
+    }
+
    SystemConfig() {
        // Read configuration from system
        readPermissions(Environment.buildPath(
@@ -707,6 +713,15 @@ public class SystemConfig {
                        mHiddenApiPackageWhitelist.add(pkgname);
                    }
                    XmlUtils.skipCurrentTag(parser);
+                } else if ("bugreport-whitelisted".equals(name)) {
+                    String pkgname = parser.getAttributeValue(null, "package");
+                    if (pkgname == null) {
+                        Slog.w(TAG, "<" + name + "> without package in " + permFile
+                                + " at " + parser.getPositionDescription());
+                    } else {
+                        mBugreportWhitelistedPackages.add(pkgname);
+                    }
+                    XmlUtils.skipCurrentTag(parser);
                } else {
                    Slog.w(TAG, "Tag " + name + " is unknown or not allowed in "
                            + permFile.getParent());
--- a/services/core/java/com/android/server/os/BugreportManagerServiceImpl.java
+++ b/services/core/java/com/android/server/os/BugreportManagerServiceImpl.java
@@ -31,10 +31,12 @@ import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserManager;
+import android.util.ArraySet;
 import android.util.Slog;

 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.util.Preconditions;
+import com.android.server.SystemConfig;

 import java.io.FileDescriptor;

@@ -55,10 +57,13 @@ class BugreportManagerServiceImpl extends IDumpstate.Stub {
    private final Object mLock = new Object();
    private final Context mContext;
    private final AppOpsManager mAppOps;
+    private final ArraySet<String> mBugreportWhitelistedPackages;

    BugreportManagerServiceImpl(Context context) {
        mContext = context;
        mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
+        mBugreportWhitelistedPackages =
+                SystemConfig.getInstance().getBugreportWhitelistedPackages();
    }

    @Override
@@ -83,6 +88,10 @@ class BugreportManagerServiceImpl extends IDumpstate.Stub {
        int callingUid = Binder.getCallingUid();
        mAppOps.checkPackage(callingUid, callingPackage);

+        if (!mBugreportWhitelistedPackages.contains(callingPackage)) {
+            throw new SecurityException(
+                    callingPackage + " is not whitelisted to use Bugreport API");
+        }
        synchronized (mLock) {
            startBugreportLocked(callingUid, callingPackage, bugreportFd, screenshotFd,
                    bugreportMode, listener);