From e6ee3be1c254404dad842298f6f56c11cc6c7ac8 Mon Sep 17 00:00:00 2001
From: Nick Pelly <npelly@google.com>
Date: Thu, 8 Oct 2009 23:27:28 +0200
Subject: [PATCH] BT API security audit: fix a couple of permission mistakes.

Make functions that are meant to be BLUETOOTH_ADMIN really
BLUETOOTH_ADMIN.

Add some missing javadoc for permissions.

The only functional change here is the BLUETOOTH->BLUETOOTH_ADMIN
changes. This is super safe because every system app that uses BT
has both permissions.

Change-Id: Iddc61f9fd5d81fe0171358665a0fa52f2fa02871
DrNo: eastham
Joke: How do you catch a rabbit? Hide behind a tree and make carrott noises.
---
 core/java/android/bluetooth/BluetoothAdapter.java | 2 ++
 core/java/android/bluetooth/BluetoothDevice.java  | 6 ++++++
 core/java/android/server/BluetoothService.java    | 7 ++++---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/core/java/android/bluetooth/BluetoothAdapter.java b/core/java/android/bluetooth/BluetoothAdapter.java
index cc35b7da9f75b..5b34ef9ec05af 100644
--- a/core/java/android/bluetooth/BluetoothAdapter.java
+++ b/core/java/android/bluetooth/BluetoothAdapter.java
@@ -569,6 +569,7 @@ public final class BluetoothAdapter {
      * <p>Applications can also register for {@link #ACTION_DISCOVERY_STARTED}
      * or {@link #ACTION_DISCOVERY_FINISHED} to be notified when discovery
      * starts or completes.
+     * <p>Requires {@link android.Manifest.permission#BLUETOOTH}.
      *
      * @return true if discovering
      */
@@ -582,6 +583,7 @@ public final class BluetoothAdapter {
     /**
      * Return the set of {@link BluetoothDevice} objects that are bonded
      * (paired) to the local adapter.
+     * <p>Requires {@link android.Manifest.permission#BLUETOOTH}.
      *
      * @return unmodifiable set of {@link BluetoothDevice}, or null on error
      */
diff --git a/core/java/android/bluetooth/BluetoothDevice.java b/core/java/android/bluetooth/BluetoothDevice.java
index 39a74acee888e..849e6c7b24641 100644
--- a/core/java/android/bluetooth/BluetoothDevice.java
+++ b/core/java/android/bluetooth/BluetoothDevice.java
@@ -513,6 +513,7 @@ public final class BluetoothDevice implements Parcelable {
 
     /**
      * Get trust state of a remote device.
+     * <p>Requires {@link android.Manifest.permission#BLUETOOTH}.
      * @hide
      */
     public boolean getTrustState() {
@@ -526,6 +527,7 @@ public final class BluetoothDevice implements Parcelable {
 
     /**
      * Set trust state for a remote device.
+     * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
      * @param value the trust state value (true or false)
      * @hide
      */
@@ -657,6 +659,8 @@ public final class BluetoothDevice implements Parcelable {
      * Call #connect on the returned #BluetoothSocket to begin the connection.
      * The remote device will not be authenticated and communication on this
      * socket will not be encrypted.
+     * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}
+     *
      * @param port    remote port
      * @return An RFCOMM BluetoothSocket
      * @throws IOException On error, for example Bluetooth not available, or
@@ -671,6 +675,8 @@ public final class BluetoothDevice implements Parcelable {
     /**
      * Construct a SCO socket ready to start an outgoing connection.
      * Call #connect on the returned #BluetoothSocket to begin the connection.
+     * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}
+     *
      * @return a SCO BluetoothSocket
      * @throws IOException on error, for example Bluetooth not available, or
      *                     insufficient permissions.
diff --git a/core/java/android/server/BluetoothService.java b/core/java/android/server/BluetoothService.java
index 7ebd91dd4d741..f0bd249aff690 100644
--- a/core/java/android/server/BluetoothService.java
+++ b/core/java/android/server/BluetoothService.java
@@ -191,10 +191,10 @@ public class BluetoothService extends IBluetooth.Stub {
     /**
      * Bring down bluetooth. Returns true on success.
      *
-     * @param saveSetting If true, disable BT in settings
+     * @param saveSetting If true, persist the new setting
      */
     public synchronized boolean disable(boolean saveSetting) {
-        mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");
+        mContext.enforceCallingOrSelfPermission(BLUETOOTH_ADMIN_PERM, "Need BLUETOOTH_ADMIN permission");
 
         switch (mBluetoothState) {
         case BluetoothAdapter.STATE_OFF:
@@ -1013,7 +1013,8 @@ public class BluetoothService extends IBluetooth.Stub {
      */
     public synchronized boolean setTrust(String address, boolean value) {
         if (!BluetoothAdapter.checkBluetoothAddress(address)) {
-            mContext.enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");
+            mContext.enforceCallingOrSelfPermission(BLUETOOTH_ADMIN_PERM,
+                    "Need BLUETOOTH_ADMIN permission");
             return false;
         }