DivestOS/Patches/LineageOS-16.0/android_frameworks_base/394882.patch
Tavi 7e6c6ad5e5
16.0: June ASB picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-06-19 16:11:38 -04:00

41 lines
2.1 KiB
Diff

From 538cc6c384985f272dc7ab6c7cc7222a59b4c341 Mon Sep 17 00:00:00 2001
From: Guojing Yuan <guojing@google.com>
Date: Thu, 14 Dec 2023 19:30:04 +0000
Subject: [PATCH] [BACKPORT] Check permissions for CDM shell commands
Override handleShellCommand instead of onShellCommand because
Binder.onShellCommand checks the necessary permissions of the caller.
Backport by mse1969@posteo.de:
In Pie, method handleShellCommand does not exist, only Binder.onShellCommand, in which
the caller uid check isn't yet implemented. Backport: Take over the uid check from A11
and implement it in the method override.
Bug: 313428840
Test: manually tested CDM shell commands
(cherry picked from commit 1761a0fee9c2cd9787bbb7fbdbe30b4c2b03396e)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d008c61451dba86aa9f14c6bcd661db2cea4856)
Merged-In: I5539b3594feb5544c458c0fd1061b51a0a808900
Change-Id: I5539b3594feb5544c458c0fd1061b51a0a808900
---
.../server/companion/CompanionDeviceManagerService.java | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index 087fe8560fc80..8ffb53f8a3b9d 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -345,6 +345,11 @@ private void checkUsesFeature(String pkg, int userId) {
public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
String[] args, ShellCallback callback, ResultReceiver resultReceiver)
throws RemoteException {
+ final int callingUid = Binder.getCallingUid();
+ if (callingUid != Process.ROOT_UID && callingUid != Process.SHELL_UID) {
+ resultReceiver.send(-1, null);
+ throw new RemoteException("Shell commands are only callable by ADB");
+ }
new ShellCmd().exec(this, in, out, err, args, callback, resultReceiver);
}
}