2023-12-07 00:16:40 -05:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
2023-12-07 00:07:00 -05:00
|
|
|
From: Kunal Malhotra <malhk@google.com>
|
|
|
|
Date: Thu, 2 Feb 2023 23:48:27 +0000
|
|
|
|
Subject: [PATCH] Adding in verification of calling UID in onShellCommand
|
|
|
|
|
|
|
|
Test: manual testing on device
|
|
|
|
Bug: b/261709193
|
|
|
|
(cherry picked from commit b651d295b44eb82d664861b77f33dbde1bce9453)
|
|
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3ef3f18ba3094c4cc4f954ba23d1da421f9ca8b0)
|
|
|
|
Merged-In: I68903ebd6d3d85f4bc820b745e3233a448b62273
|
|
|
|
Change-Id: I68903ebd6d3d85f4bc820b745e3233a448b62273
|
|
|
|
---
|
|
|
|
.../java/com/android/server/am/ActivityManagerService.java | 7 +++++++
|
|
|
|
1 file changed, 7 insertions(+)
|
|
|
|
|
|
|
|
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
|
2023-12-07 00:16:40 -05:00
|
|
|
index a96ad5e24399..c682ba2f7572 100644
|
2023-12-07 00:07:00 -05:00
|
|
|
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
|
|
|
|
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
|
2023-12-07 00:16:40 -05:00
|
|
|
@@ -14402,6 +14402,13 @@ public final class ActivityManagerService extends ActivityManagerNative
|
2023-12-07 00:07:00 -05:00
|
|
|
@Override
|
|
|
|
public void onShellCommand(FileDescriptor in, FileDescriptor out,
|
|
|
|
FileDescriptor err, String[] args, ResultReceiver resultReceiver) {
|
|
|
|
+ final int callingUid = Binder.getCallingUid();
|
|
|
|
+ if (callingUid != Process.ROOT_UID && callingUid != Process.SHELL_UID) {
|
|
|
|
+ if (resultReceiver != null) {
|
|
|
|
+ resultReceiver.send(-1, null);
|
|
|
|
+ }
|
|
|
|
+ throw new SecurityException("Shell commands are only callable by root or shell");
|
|
|
|
+ }
|
|
|
|
(new ActivityManagerShellCommand(this, false)).exec(
|
|
|
|
this, in, out, err, args, resultReceiver);
|
|
|
|
}
|