summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArve Hjønnevåg <arve@android.com>2016-08-01 16:05:17 -0700
committergitbuildkicker <android-build@google.com>2016-08-26 16:21:59 -0700
commitdbee7f4650dfb419d12ebaf13e96bc54ae880b99 (patch)
treefa021c0cd7794eb832a347054b7d7c2b276af9de
parent07cd4cdf216f5120a7c593991d54492f8ae29f6f (diff)
downloadframeworks_native-dbee7f4650dfb419d12ebaf13e96bc54ae880b99.zip
frameworks_native-dbee7f4650dfb419d12ebaf13e96bc54ae880b99.tar.gz
frameworks_native-dbee7f4650dfb419d12ebaf13e96bc54ae880b99.tar.bz2
DO NOT MERGE ServiceManager: Restore basic uid check
Prevent apps from registering services without relying on selinux checks. Bug: 29431260 Change-Id: I38c6e8bc7f7cba1cbd3568e8fed1ae7ac2054a9b (cherry picked from commit f03ba2c0d878071603d73b7f8e9a4a468364ac27)
-rw-r--r--cmds/servicemanager/service_manager.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/cmds/servicemanager/service_manager.c b/cmds/servicemanager/service_manager.c
index 7fa9a39..4c993c2 100644
--- a/cmds/servicemanager/service_manager.c
+++ b/cmds/servicemanager/service_manager.c
@@ -107,9 +107,14 @@ static bool check_mac_perms_from_lookup(pid_t spid, const char *perm, const char
return allowed;
}
-static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid)
+static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)
{
const char *perm = "add";
+
+ if (uid >= AID_APP) {
+ return 0; /* Don't allow apps to register services */
+ }
+
return check_mac_perms_from_lookup(spid, perm, str8(name, name_len)) ? 1 : 0;
}
@@ -204,7 +209,7 @@ int do_add_service(struct binder_state *bs,
if (!handle || (len == 0) || (len > 127))
return -1;
- if (!svc_can_register(s, len, spid)) {
+ if (!svc_can_register(s, len, spid, uid)) {
ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n",
str8(s, len), handle, uid);
return -1;