final ArrayMap<String, ArrayMap<String, Boolean>> mOemPermissions = new ArrayMap<>();
+ private final ArraySet<String> mBugreportWhitelistedPackages = new ArraySet<>();
+
public static SystemConfig getInstance() {
synchronized (SystemConfig.class) {
if (sInstance == null) {
return Collections.emptyMap();
}
+ public ArraySet<String> getBugreportWhitelistedPackages() {
+ return mBugreportWhitelistedPackages;
+ }
+
SystemConfig() {
// Read configuration from system
readPermissions(Environment.buildPath(
mHiddenApiPackageWhitelist.add(pkgname);
}
XmlUtils.skipCurrentTag(parser);
+ } else if ("bugreport-whitelisted".equals(name)) {
+ String pkgname = parser.getAttributeValue(null, "package");
+ if (pkgname == null) {
+ Slog.w(TAG, "<" + name + "> without package in " + permFile
+ + " at " + parser.getPositionDescription());
+ } else {
+ mBugreportWhitelistedPackages.add(pkgname);
+ }
+ XmlUtils.skipCurrentTag(parser);
} else {
Slog.w(TAG, "Tag " + name + " is unknown or not allowed in "
+ permFile.getParent());
import android.os.SystemClock;
import android.os.SystemProperties;
import android.os.UserManager;
+import android.util.ArraySet;
import android.util.Slog;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.util.Preconditions;
+import com.android.server.SystemConfig;
import java.io.FileDescriptor;
private final Object mLock = new Object();
private final Context mContext;
private final AppOpsManager mAppOps;
+ private final ArraySet<String> mBugreportWhitelistedPackages;
BugreportManagerServiceImpl(Context context) {
mContext = context;
mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
+ mBugreportWhitelistedPackages =
+ SystemConfig.getInstance().getBugreportWhitelistedPackages();
}
@Override
int callingUid = Binder.getCallingUid();
mAppOps.checkPackage(callingUid, callingPackage);
+ if (!mBugreportWhitelistedPackages.contains(callingPackage)) {
+ throw new SecurityException(
+ callingPackage + " is not whitelisted to use Bugreport API");
+ }
synchronized (mLock) {
startBugreportLocked(callingUid, callingPackage, bugreportFd, screenshotFd,
bugreportMode, listener);