From b4aaa9d8adae5971f7f6589afc22008afa2f8d2b Mon Sep 17 00:00:00 2001
From: Eugene Susla <eugenesusla@google.com>
Date: Thu, 28 Mar 2019 13:50:17 -0700
Subject: [PATCH] RESTRICT AUTOMERGE Prevent accessing companion records from
 arbitrary uids

Test: manual
Fixes: 129476618
Change-Id: I7b18cfcdf58e62a445cbb508116c6ce7c1cea8d7
---
 core/res/AndroidManifest.xml                                 | 5 +++++
 packages/Shell/AndroidManifest.xml                           | 1 +
 .../server/companion/CompanionDeviceManagerService.java      | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index e7e20fc41eeec..4528985bc8522 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3518,6 +3518,11 @@
     <permission android:name="android.permission.OBSERVE_ROLE_HOLDERS"
                 android:protectionLevel="signature|installer" />
 
+    <!-- Allows an application to manage the companion devices.
+         @hide -->
+    <permission android:name="android.permission.MANAGE_COMPANION_DEVICES"
+                android:protectionLevel="signature" />
+
     <!-- @SystemApi Allows an application to use SurfaceFlinger's low level features.
          <p>Not for use by third-party applications.
          @hide
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index da139d74f8aef..19eac7ccdb027 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -181,6 +181,7 @@
     <uses-permission android:name="android.permission.READ_CLIPBOARD_IN_BACKGROUND" />
     <!-- Permission needed to wipe the device for Test Harness Mode -->
     <uses-permission android:name="android.permission.ENABLE_TEST_HARNESS_MODE" />
+    <uses-permission android:name="android.permission.MANAGE_COMPANION_DEVICES" />
 
     <uses-permission android:name="android.permission.MANAGE_APPOPS" />
 
diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index 54a3ecb226872..067becbf0c529 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -660,6 +660,11 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
                 + "associate USER_ID PACKAGE MAC_ADDRESS\n"
                 + "disassociate USER_ID PACKAGE MAC_ADDRESS";
 
+        ShellCmd() {
+            getContext().enforceCallingOrSelfPermission(
+                    android.Manifest.permission.MANAGE_COMPANION_DEVICES, "ShellCmd");
+        }
+
         @Override
         public int onCommand(String cmd) {
             switch (cmd) {