diff options
| author | Jing Ji <jji@google.com> | 2022-08-04 11:36:26 -0700 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-14 18:17:10 +0000 |
| commit | 7a04beeda00aff327afee9436fd7aed954ee4127 (patch) | |
| tree | 48b08289b75f15bfafd39e96518fedcd8f00c1ae | |
| parent | eec689f2668bdcb7c820d153de8fc82e72b93409 (diff) | |
| download | base-7a04beeda00aff327afee9436fd7aed954ee4127.tar.gz | |
DO NOT MERGE: Context#startInstrumentation could be started from SHELL only now.
Or, if an instrumentation starts another instrumentation and so on,
and the original instrumentation is started from SHELL, allow all
Context#startInstrumentation calls in this chain.
Otherwise, it'll throw a SecurityException.
Bug: 237766679
Test: atest CtsAppTestCases:InstrumentationTest
Merged-In: Ia08f225c21a3933067d066a578ea4af9c23e7d4c
Merged-In: I1b76f61c5fd6c9f7e738978592260945a606f40c
Merged-In: I3ea7aa27bd776fec546908a37f667f680da9c892
Change-Id: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
(cherry picked from commit a3e618a77be56e87224814c0706774fe52a6741f)
Merged-In: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 5d4dc39341a1..1428fa853f2a 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -14655,6 +14655,17 @@ public class ActivityManagerService extends IActivityManager.Stub throw new SecurityException(msg); } } + if (!Build.IS_DEBUGGABLE && callingUid != ROOT_UID && callingUid != SHELL_UID + && callingUid != SYSTEM_UID && !hasActiveInstrumentationLocked(callingPid)) { + // If it's not debug build and not called from root/shell/system uid, reject it. + final String msg = "Permission Denial: instrumentation test " + + className + " from pid=" + callingPid + ", uid=" + callingUid + + ", pkgName=" + getPackageNameByPid(callingPid) + + " not allowed because it's not started from SHELL"; + Slog.wtfQuiet(TAG, msg); + reportStartInstrumentationFailureLocked(watcher, className, msg); + throw new SecurityException(msg); + } boolean disableHiddenApiChecks = ai.usesNonSdkApi() || (flags & INSTR_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0; @@ -14877,6 +14888,29 @@ public class ActivityManagerService extends IActivityManager.Stub } } + @GuardedBy("this") + private boolean hasActiveInstrumentationLocked(int pid) { + if (pid == 0) { + return false; + } + synchronized (mPidsSelfLocked) { + ProcessRecord process = mPidsSelfLocked.get(pid); + return process != null && process.getActiveInstrumentation() != null; + } + } + + private String getPackageNameByPid(int pid) { + synchronized (mPidsSelfLocked) { + final ProcessRecord app = mPidsSelfLocked.get(pid); + + if (app != null && app.info != null) { + return app.info.packageName; + } + + return null; + } + } + private boolean isCallerShell() { final int callingUid = Binder.getCallingUid(); return callingUid == SHELL_UID || callingUid == ROOT_UID; |