diff options
author | Arve Hjnnevg <arve@android.com> | 2016-08-09 20:52:18 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-08-09 20:52:18 +0000 |
commit | cac59eae3bfa847c5896032f62c078ec45b4865c (patch) | |
tree | 434324630d908dde2e365938f85cfa8558e9cc30 | |
parent | 0e85f4d48da5a7d5bf9ce6fe2c0463b38efac512 (diff) | |
parent | a9963dcfb72a36c58bf5fc119deb3ffa28025bab (diff) | |
download | native-cac59eae3bfa847c5896032f62c078ec45b4865c.tar.gz |
DO NOT MERGE ServiceManager: Restore basic uid check am: f03ba2c0d8
am: a9963dcfb7
Change-Id: Id42cd61ca837cc5e9da644feaae10f8f7d0e6c11
-rw-r--r-- | cmds/servicemanager/service_manager.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/cmds/servicemanager/service_manager.c b/cmds/servicemanager/service_manager.c index 7fa9a39f79..4c993c2361 100644 --- a/cmds/servicemanager/service_manager.c +++ b/cmds/servicemanager/service_manager.c @@ -107,9 +107,14 @@ static bool check_mac_perms_from_lookup(pid_t spid, const char *perm, const char return allowed; } -static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid) +static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid) { const char *perm = "add"; + + if (uid >= AID_APP) { + return 0; /* Don't allow apps to register services */ + } + return check_mac_perms_from_lookup(spid, perm, str8(name, name_len)) ? 1 : 0; } @@ -204,7 +209,7 @@ int do_add_service(struct binder_state *bs, if (!handle || (len == 0) || (len > 127)) return -1; - if (!svc_can_register(s, len, spid)) { + if (!svc_can_register(s, len, spid, uid)) { ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n", str8(s, len), handle, uid); return -1; |