Merge "Prevent accessing companion records from arbitrary uids" into pie-gsipie-gsi

author: Treehugger Robot <treehugger-gerrit@google.com> 2021-01-13 09:08:17 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2021-01-13 09:08:17 +0000
commit: a4e0cfedad3f0407e475ff06ca8b29b784a7f9eb (patch)
tree: 02cfb2dfe2760dc0f2e6053acd0ba501d714c463
parent: 8966e4114424058508e306dac94aa0fd722f8f1f (diff)
parent: 215597afcd5e01059ae71d813a0502d020004e61 (diff)
download: base-pie-gsi.tar.gz
3 files changed, 12 insertions, 0 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index d0ae9dbc55ae..778d3189db21 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3128,6 +3128,11 @@
     <permission android:name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS"
         android:protectionLevel="signature|privileged" />
 
+    <!-- Allows an application to manage the companion devices.
+         @hide -->
+    <permission android:name="android.permission.MANAGE_COMPANION_DEVICES"
+                android:protectionLevel="signature" />
+
     <!-- @SystemApi Allows an application to use SurfaceFlinger's low level features.
          <p>Not for use by third-party applications.
          @hide
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index b4f331d89074..a62113ae8222 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -153,6 +153,8 @@
 
     <uses-permission android:name="android.permission.CONTROL_KEYGUARD" />
 
+    <uses-permission android:name="android.permission.MANAGE_COMPANION_DEVICES" />
+
     <application android:label="@string/app_label"
                  android:defaultToDeviceProtectedStorage="true"
                  android:directBootAware="true">
diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index d44fe4dbc450..bf2b83b1b249 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -629,6 +629,11 @@ public class CompanionDeviceManagerService extends SystemService implements Bind
                 + "associate USER_ID PACKAGE MAC_ADDRESS\n"
                 + "disassociate USER_ID PACKAGE MAC_ADDRESS";
 
+        ShellCmd() {
+            getContext().enforceCallingOrSelfPermission(
+                    android.Manifest.permission.MANAGE_COMPANION_DEVICES, "ShellCmd");
+        }
+
         @Override
         public int onCommand(String cmd) {
             switch (cmd) {
author	Treehugger Robot <treehugger-gerrit@google.com>	2021-01-13 09:08:17 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2021-01-13 09:08:17 +0000
commit	a4e0cfedad3f0407e475ff06ca8b29b784a7f9eb (patch)
tree	02cfb2dfe2760dc0f2e6053acd0ba501d714c463
parent	8966e4114424058508e306dac94aa0fd722f8f1f (diff)
parent	215597afcd5e01059ae71d813a0502d020004e61 (diff)
download	base-pie-gsi.tar.gz