commit 6b649257377b4ba2dd8a2a02b8dd692a72a2cc1e
author Jeff Sharkey <jsharkey@android.com> Mon Apr 16 09:50:22 2018 -0600
committer Jeff Sharkey <jsharkey@android.com> Mon Apr 16 12:44:32 2018 -0600
tree f06149447b480ee548d00896ec5847adee3896a8
parent 167032ab002714d26a14735bbcdc072c5fa693b7

Protect usage data with OP_GET_USAGE_STATS.

APIs that return package usage data (such as the new StatsManager)
must ensure that callers hold both the PACKAGE_USAGE_STATS permission
and the OP_GET_USAGE_STATS app-op.

Add noteOp() method that can be called from native code.

Also add missing security checks on command interface.

Bug: 77662908, 78121728
Test: builds, boots
Change-Id: Ie0d51e4baaacd9d7d36ba0c587ec91a870b9df17

cmds/statsd/src/StatsService.h

diff --git a/cmds/statsd/src/StatsService.h b/cmds/statsd/src/StatsService.h
index d502796..774a3e9 100644
--- a/cmds/statsd/src/StatsService.h
+++ b/cmds/statsd/src/StatsService.h
@@ -81,36 +81,44 @@
     /**
      * Binder call for clients to request data for this configuration key.
      */
-    virtual Status getData(int64_t key, vector<uint8_t>* output) override;
+    virtual Status getData(int64_t key,
+                           const String16& packageName,
+                           vector<uint8_t>* output) override;
 
 
     /**
      * Binder call for clients to get metadata across all configs in statsd.
      */
-    virtual Status getMetadata(vector<uint8_t>* output) override;
+    virtual Status getMetadata(const String16& packageName,
+                               vector<uint8_t>* output) override;
 
 
     /**
      * Binder call to let clients send a configuration and indicate they're interested when they
      * should requestData for this configuration.
      */
-    virtual Status addConfiguration(int64_t key, const vector<uint8_t>& config) override;
+    virtual Status addConfiguration(int64_t key,
+                                    const vector<uint8_t>& config,
+                                    const String16& packageName) override;
 
     /**
      * Binder call to let clients register the data fetch operation for a configuration.
      */
     virtual Status setDataFetchOperation(int64_t key,
-                                         const sp<android::IBinder>& intentSender) override;
+                                         const sp<android::IBinder>& intentSender,
+                                         const String16& packageName) override;
 
     /**
      * Binder call to remove the data fetch operation for the specified config key.
      */
-    virtual Status removeDataFetchOperation(int64_t key) override;
+    virtual Status removeDataFetchOperation(int64_t key,
+                                            const String16& packageName) override;
 
     /**
      * Binder call to allow clients to remove the specified configuration.
      */
-    virtual Status removeConfiguration(int64_t key) override;
+    virtual Status removeConfiguration(int64_t key,
+                                       const String16& packageName) override;
 
     /**
      * Binder call to associate the given config's subscriberId with the given intentSender.
@@ -118,12 +126,15 @@
      */
     virtual Status setBroadcastSubscriber(int64_t configId,
                                           int64_t subscriberId,
-                                          const sp<android::IBinder>& intentSender) override;
+                                          const sp<android::IBinder>& intentSender,
+                                          const String16& packageName) override;
 
     /**
      * Binder call to unassociate the given config's subscriberId with any intentSender.
      */
-    virtual Status unsetBroadcastSubscriber(int64_t configId, int64_t subscriberId) override;
+    virtual Status unsetBroadcastSubscriber(int64_t configId,
+                                            int64_t subscriberId,
+                                            const String16& packageName) override;
 
     /** Inform statsCompanion that statsd is ready. */
     virtual void sayHiToStatsCompanion();