DivestOS/Patches/LineageOS-17.1/android_frameworks_base/378059.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Kunal Malhotra <malhk@google.com>
Date: Thu, 2 Feb 2023 23:48:27 +0000
Subject: [PATCH] Adding in verification of calling UID in onShellCommand

Test: manual testing on device
Bug: b/261709193
(cherry picked from commit b651d295b44eb82d664861b77f33dbde1bce9453)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3ef3f18ba3094c4cc4f954ba23d1da421f9ca8b0)
Merged-In: I68903ebd6d3d85f4bc820b745e3233a448b62273
Change-Id: I68903ebd6d3d85f4bc820b745e3233a448b62273
---
 .../java/com/android/server/am/ActivityManagerService.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 3e99e594a702..faeb5f348834 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -9884,6 +9884,13 @@ public class ActivityManagerService extends IActivityManager.Stub
     public void onShellCommand(FileDescriptor in, FileDescriptor out,
             FileDescriptor err, String[] args, ShellCallback callback,
             ResultReceiver resultReceiver) {
+        final int callingUid = Binder.getCallingUid();
+        if (callingUid != ROOT_UID && callingUid != Process.SHELL_UID) {
+            if (resultReceiver != null) {
+                resultReceiver.send(-1, null);
+            }
+            throw new SecurityException("Shell commands are only callable by root or shell");
+        }
         (new ActivityManagerShellCommand(this, false)).exec(
                 this, in, out, err, args, callback, resultReceiver);
     }
17.1: Import and verify picks https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/353117 https://review.lineageos.org/q/topic:Q_asb_2023-03 https://review.lineageos.org/q/topic:Q_asb_2023-04 https://review.lineageos.org/q/topic:Q_asb_2023-05 https://review.lineageos.org/q/topic:Q_asb_2023-06 https://review.lineageos.org/q/topic:Q_asb_2023-07 https://review.lineageos.org/q/topic:Q_asb_2023-08 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376560 https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376561 https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376562 https://review.lineageos.org/q/topic:Q_asb_2023-09 https://review.lineageos.org/q/topic:Q_asb_2023-10 https://review.lineageos.org/q/topic:Q_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376563 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_webp/+/376568 https://review.lineageos.org/q/topic:Q_asb_2023-12 https://review.lineageos.org/q/topic:Q_asb_2024-01 https://review.lineageos.org/q/topic:Q_asb_2024-02 https://review.lineageos.org/q/topic:Q_asb_2024-03 Signed-off-by: Tavi <tavi@divested.dev> 2024-05-08 11:49:25 -04:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Kunal Malhotra <malhk@google.com>`
			`Date: Thu, 2 Feb 2023 23:48:27 +0000`
			`Subject: [PATCH] Adding in verification of calling UID in onShellCommand`

			`Test: manual testing on device`
			`Bug: b/261709193`
			`(cherry picked from commit b651d295b44eb82d664861b77f33dbde1bce9453)`
			`(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3ef3f18ba3094c4cc4f954ba23d1da421f9ca8b0)`
			`Merged-In: I68903ebd6d3d85f4bc820b745e3233a448b62273`
			`Change-Id: I68903ebd6d3d85f4bc820b745e3233a448b62273`
			`---`
			`.../java/com/android/server/am/ActivityManagerService.java \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java`
			`index 3e99e594a702..faeb5f348834 100644`
			`--- a/services/core/java/com/android/server/am/ActivityManagerService.java`
			`+++ b/services/core/java/com/android/server/am/ActivityManagerService.java`
			`@@ -9884,6 +9884,13 @@ public class ActivityManagerService extends IActivityManager.Stub`
			`public void onShellCommand(FileDescriptor in, FileDescriptor out,`
			`FileDescriptor err, String[] args, ShellCallback callback,`
			`ResultReceiver resultReceiver) {`
			`+ final int callingUid = Binder.getCallingUid();`
			`+ if (callingUid != ROOT_UID && callingUid != Process.SHELL_UID) {`
			`+ if (resultReceiver != null) {`
			`+ resultReceiver.send(-1, null);`
			`+ }`
			`+ throw new SecurityException("Shell commands are only callable by root or shell");`
			`+ }`
			`(new ActivityManagerShellCommand(this, false)).exec(`
			`this, in, out, err, args, callback, resultReceiver);`
			`}`