diff options
| author | 2022-05-24 12:09:40 -0700 | |
|---|---|---|
| committer | 2022-05-24 17:37:48 -0700 | |
| commit | 6db81c15dfda116e845fdc975ed0d2d045dec342 (patch) | |
| tree | d74f9532c64970d5fb012be1344ed76ff2fdfa13 | |
| parent | 2a3709618b5540065e76b9968df2c9a307752d0d (diff) | |
Allow shell uid without checking the package name.
Bug: 230779051
Test: manual
Change-Id: I2867a15840a0987c948179e2f8069e652c4a0c1f
| -rw-r--r-- | services/core/java/com/android/server/media/MediaSessionService.java | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/media/MediaSessionService.java b/services/core/java/com/android/server/media/MediaSessionService.java index 9e5da450c8a5..d536a463f7b4 100644 --- a/services/core/java/com/android/server/media/MediaSessionService.java +++ b/services/core/java/com/android/server/media/MediaSessionService.java @@ -40,6 +40,7 @@ import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.content.pm.PackageManager; +import android.content.pm.PackageManagerInternal; import android.media.AudioManager; import android.media.AudioPlaybackConfiguration; import android.media.AudioSystem; @@ -85,6 +86,7 @@ import android.view.ViewConfiguration; import com.android.internal.R; import com.android.internal.annotations.GuardedBy; import com.android.server.LocalManagerRegistry; +import com.android.server.LocalServices; import com.android.server.SystemService; import com.android.server.Watchdog; import com.android.server.Watchdog.Monitor; @@ -540,14 +542,19 @@ public class MediaSessionService extends SystemService implements Monitor { if (TextUtils.isEmpty(packageName)) { throw new IllegalArgumentException("packageName may not be empty"); } - String[] packages = mContext.getPackageManager().getPackagesForUid(uid); - final int packageCount = packages.length; - for (int i = 0; i < packageCount; i++) { - if (packageName.equals(packages[i])) { - return; - } + if (uid == Process.ROOT_UID || uid == Process.SHELL_UID) { + // If the caller is shell, then trust the packageName given and allow it + // to proceed. + return; + } + final PackageManagerInternal packageManagerInternal = + LocalServices.getService(PackageManagerInternal.class); + final int actualUid = packageManagerInternal.getPackageUid( + packageName, 0 /* flags */, UserHandle.getUserId(uid)); + if (!UserHandle.isSameApp(uid, actualUid)) { + throw new IllegalArgumentException("packageName does not belong to the calling uid; " + + "pkg=" + packageName + ", uid=" + uid); } - throw new IllegalArgumentException("packageName is not owned by the calling process"); } void tempAllowlistTargetPkgIfPossible(int targetUid, String targetPackage, |