Merge "Only allow access to the dexopt commands from root or shell." into udc-dev

author: Martin Stjernholm <mast@google.com> 2023-02-27 20:44:36 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-02-27 20:44:36 +0000
commit: 71498b565e66190bb5ce48bed7618c63b3f80c91 (patch)
tree: b7357690648034415ffb8607ee0e08aacc2b961d
parent: 48df60223c1e2ad0ecb62b2a88c5e72f01cf87bc (diff)
parent: 8b7f36afec76be469b02a00d0e245208e7be7a8a (diff)
2 files changed, 5 insertions, 8 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 6557ec565343..de5f0c4d523f 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -6675,15 +6675,7 @@ public class PackageManagerService implements PackageSender, TestUtilityService
         @Deprecated
         public void legacyDumpProfiles(String packageName, boolean dumpClassesAndMethods)
                 throws LegacyDexoptDisabledException {
-            /* Only the shell, root, or the app user should be able to dump profiles. */
-            final int callingUid = Binder.getCallingUid();
             final Computer snapshot = snapshotComputer();
-            final String[] callerPackageNames = snapshot.getPackagesForUid(callingUid);
-            if (!PackageManagerServiceUtils.isRootOrShell(callingUid)
-                    && !ArrayUtils.contains(callerPackageNames, packageName)) {
-                throw new SecurityException("dumpProfiles");
-            }
-
             AndroidPackage pkg = snapshot.getPackage(packageName);
             if (pkg == null) {
                 throw new IllegalArgumentException("Unknown package: " + packageName);
diff --git a/services/core/java/com/android/server/pm/PackageManagerShellCommand.java b/services/core/java/com/android/server/pm/PackageManagerShellCommand.java
index 41592bd3b7be..586e1123fdc4 100644
--- a/services/core/java/com/android/server/pm/PackageManagerShellCommand.java
+++ b/services/core/java/com/android/server/pm/PackageManagerShellCommand.java
@@ -391,6 +391,11 @@ class PackageManagerShellCommand extends ShellCommand {
     private int runLegacyDexoptCommand(@NonNull String cmd)
             throws RemoteException, LegacyDexoptDisabledException {
         Installer.checkLegacyDexoptDisabled();
+
+        if (!PackageManagerServiceUtils.isRootOrShell(Binder.getCallingUid())) {
+            throw new SecurityException("Dexopt shell commands need root or shell access");
+        }
+
         switch (cmd) {
             case "compile":
                 return runCompile();
author	Martin Stjernholm <mast@google.com>	2023-02-27 20:44:36 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-02-27 20:44:36 +0000
commit	71498b565e66190bb5ce48bed7618c63b3f80c91 (patch)
tree	b7357690648034415ffb8607ee0e08aacc2b961d
parent	48df60223c1e2ad0ecb62b2a88c5e72f01cf87bc (diff)
parent	8b7f36afec76be469b02a00d0e245208e7be7a8a (diff)