diff options
author | Eugene Susla <eugenesusla@google.com> | 2019-03-28 13:50:17 -0700 |
---|---|---|
committer | Anis Assi <anisassi@google.com> | 2020-05-08 09:25:52 -0700 |
commit | 8d50c49dffaa71b2fadbd2bbc2452e65678d5ed7 (patch) | |
tree | 9ddcf059b2031bfe2c8b48ff881aeef7ecfc8ef5 | |
parent | f8c8787e80e313ff2a93e137dc136419d12f6e72 (diff) | |
download | base-android-9.0.0_r58.tar.gz |
RESTRICT AUTOMERGEandroid-9.0.0_r58
Prevent accessing companion records from arbitrary uids
Test: manual
Fixes: 129476618
Change-Id: I7b18cfcdf58e62a445cbb508116c6ce7c1cea8d7
(cherry picked from commit 84cccfe6cdbc57ee372ee1a0fea64c7a11c53766)
-rw-r--r-- | core/res/AndroidManifest.xml | 5 | ||||
-rw-r--r-- | services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 66c497e99776..e81268b2fe72 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3116,6 +3116,11 @@ <permission android:name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS" android:protectionLevel="signature|privileged" /> + <!-- Allows an application to manage the companion devices. + @hide --> + <permission android:name="android.permission.MANAGE_COMPANION_DEVICES" + android:protectionLevel="signature" /> + <!-- @SystemApi Allows an application to use SurfaceFlinger's low level features. <p>Not for use by third-party applications. @hide diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java index d44fe4dbc450..bf2b83b1b249 100644 --- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java +++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java @@ -629,6 +629,11 @@ public class CompanionDeviceManagerService extends SystemService implements Bind + "associate USER_ID PACKAGE MAC_ADDRESS\n" + "disassociate USER_ID PACKAGE MAC_ADDRESS"; + ShellCmd() { + getContext().enforceCallingOrSelfPermission( + android.Manifest.permission.MANAGE_COMPANION_DEVICES, "ShellCmd"); + } + @Override public int onCommand(String cmd) { switch (cmd) { |