Protect usage data with OP_GET_USAGE_STATS. APIs that return package usage data (such as the new StatsManager) must ensure that callers hold both the PACKAGE_USAGE_STATS permission and the OP_GET_USAGE_STATS app-op. Add noteOp() method that can be called from native code. Also add missing security checks on shell commands. Bug: 77662908 Test: builds, boots Change-Id: I15efd6f5dde61e807269b5132a052548ea4e800f

commit: 7afcb3f98e7342985ba5e62bf6d3a5ac1282e545 [log] [tgz]
author: Jeff Sharkey <jsharkey@android.com> Mon Apr 09 12:58:40 2018 -0600
committer: Jeff Sharkey <jsharkey@android.com> Mon Apr 16 10:29:24 2018 -0600
tree: c88a2ffdb3cad1bfcb4fb1d542a94770bb61456f
parent: 4610a203244af7dabde0a89792568a03d26d4b36 [diff] [blame]
diff --git a/libs/binder/PermissionController.cpp b/libs/binder/PermissionController.cpp
index 25748ca..96df33c 100644
--- a/libs/binder/PermissionController.cpp
+++ b/libs/binder/PermissionController.cpp

@@ -59,6 +59,12 @@
     return service != NULL ? service->checkPermission(permission, pid, uid) : false;
 }
 
+int32_t PermissionController::noteOp(const String16& op, int32_t uid, const String16& packageName)
+{
+    sp<IPermissionController> service = getService();
+    return service != NULL ? service->noteOp(op, uid, packageName) : MODE_ERRORED;
+}
+
 void PermissionController::getPackagesForUid(const uid_t uid, Vector<String16> &packages)
 {
     sp<IPermissionController> service = getService();
commit	7afcb3f98e7342985ba5e62bf6d3a5ac1282e545	[log] [tgz]
author	Jeff Sharkey <jsharkey@android.com>	Mon Apr 09 12:58:40 2018 -0600
committer	Jeff Sharkey <jsharkey@android.com>	Mon Apr 16 10:29:24 2018 -0600
tree	c88a2ffdb3cad1bfcb4fb1d542a94770bb61456f
parent	4610a203244af7dabde0a89792568a03d26d4b36 [diff] [blame]