commit 1d89216eac8d5c122056165d77322151cc26a70c
author Alex Buynytskyy <alexbuy@google.com> Fri Apr 03 23:00:19 2020 -0700
committer Alex Buynytskyy <alexbuy@google.com> Mon Apr 06 12:22:49 2020 -0700
tree bad152666c0b2e0b2e4728b83418b19f1d73e498
parent 3fc58ee5d501fc4a87455b690762207d8de52a32

Appops permission monitoring for GET_USAGE_STATS.

This makes sure DataLoader won't be able to obtain read logs once user
denies access.

Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest
Test: adb shell appops set 1000 GET_USAGE_STATS deny
Change-Id: Ibbb74933b4ef0dd8f5fe27732743e5820b8ee4dc

services/incremental/IncrementalServiceValidation.h

diff --git a/services/incremental/IncrementalServiceValidation.h b/services/incremental/IncrementalServiceValidation.h
index 24f9f7f..48894c6 100644
--- a/services/incremental/IncrementalServiceValidation.h
+++ b/services/incremental/IncrementalServiceValidation.h
@@ -41,7 +41,8 @@
             : -EIO;
 }
 
-inline binder::Status CheckPermissionForDataDelivery(const char* permission, const char* operation) {
+inline binder::Status CheckPermissionForDataDelivery(const char* permission, const char* operation,
+                                                     const char* package) {
     using android::base::StringPrintf;
 
     int32_t pid;
@@ -52,23 +53,23 @@
                          StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
     }
 
+    String16 packageName{package};
+
     // Caller must also have op granted.
     PermissionController pc;
-    // Package is a required parameter. Need to obtain one.
-    Vector<String16> packages;
-    pc.getPackagesForUid(uid, packages);
-    if (packages.empty()) {
+    if (auto packageUid = pc.getPackageUid(packageName, 0); packageUid != uid) {
         return Exception(binder::Status::EX_SECURITY,
-                         StringPrintf("UID %d / PID %d has no packages", uid, pid));
+                         StringPrintf("UID %d / PID %d does not own package %s", uid, pid,
+                                      package));
     }
-    switch (auto result = pc.noteOp(String16(operation), uid, packages[0]); result) {
+    switch (auto result = pc.noteOp(String16(operation), uid, packageName); result) {
         case PermissionController::MODE_ALLOWED:
         case PermissionController::MODE_DEFAULT:
             return binder::Status::ok();
         default:
             return Exception(binder::Status::EX_SECURITY,
-                             StringPrintf("UID %d / PID %d lacks app-op %s, error %d", uid, pid,
-                                          operation, result));
+                             StringPrintf("UID %d / PID %d / package %s lacks app-op %s, error %d",
+                                          uid, pid, package, operation, result));
     }
 }