From 605a44fe93bd532667b1778a9304d0ecc541b3d8 Mon Sep 17 00:00:00 2001
From: Alex Buynytskyy <alexbuy@google.com>
Date: Thu, 2 Apr 2020 15:21:47 -0700
Subject: [PATCH] Additional operation check when enabling read logs.

Vold now does not check caller's permission, but only accepts
transactions from system_server. And it's up to system server to do the
right thing and check permissions/appops.

Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest
Test: adb shell appops set 1000 GET_USAGE_STATS deny
Change-Id: Id56c1673b135b72b3ec86e572aa4bcca3afc19ab
---
 VoldNativeService.cpp           | 7 ++-----
 VoldNativeServiceValidation.cpp | 7 +++----
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index d1d7d86..0cce561 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -53,7 +53,6 @@ namespace vold {
 namespace {
 
 constexpr const char* kDump = "android.permission.DUMP";
-constexpr const char* kDataUsageStats = "android.permission.LOADER_USAGE_STATS";
 
 static binder::Status error(const std::string& msg) {
     PLOG(ERROR) << msg;
@@ -920,11 +919,9 @@ binder::Status VoldNativeService::unmountIncFs(const std::string& dir) {
 binder::Status VoldNativeService::setIncFsMountOptions(
         const ::android::os::incremental::IncrementalFileSystemControlParcel& control,
         bool enableReadLogs) {
-    auto status = CheckPermission(kDataUsageStats);
-    if (!status.isOk()) {
-        return status;
-    }
+    ENFORCE_SYSTEM_OR_ROOT;
 
+    auto status = Ok();
     auto incfsControl = IncFs_CreateControl(dup(control.cmd.get()), dup(control.pendingReads.get()),
                                             dup(control.log.get()));
     if (auto error = IncFs_SetOptions(
diff --git a/VoldNativeServiceValidation.cpp b/VoldNativeServiceValidation.cpp
index 2e21ace..ee1e65a 100644
--- a/VoldNativeServiceValidation.cpp
+++ b/VoldNativeServiceValidation.cpp
@@ -39,11 +39,10 @@ binder::Status Exception(uint32_t code, const std::string& msg) {
 }
 
 binder::Status CheckPermission(const char* permission) {
-    pid_t pid;
-    uid_t uid;
+    int32_t pid;
+    int32_t uid;
 
-    if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
-                               reinterpret_cast<int32_t*>(&uid))) {
+    if (checkCallingPermission(String16(permission), &pid, &uid)) {
         return Ok();
     } else {
         return Exception(binder::Status::EX_SECURITY,