diff options
| author | 2021-11-04 04:37:41 +0000 | |
|---|---|---|
| committer | 2021-11-04 04:37:41 +0000 | |
| commit | 872a1ba1e3c161a277acf4f95ddba3eee9eb687c (patch) | |
| tree | 051b68279c5ebf67052c6edecc824eee1ae9337c | |
| parent | 11dc02ce22af4e41cad08857ca87b244ee295995 (diff) | |
| parent | 987cfe1bff6a042f70c0b521943cbc1db3646d96 (diff) | |
Merge "Block SHELL_UID from overlay fabricate and clear shell overlays on boot" into sc-dev am: 987cfe1bff
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/16077739
Change-Id: I63f3c60cc1f0faa14ff4a8d9c45f8f4a28e2db9d
| -rw-r--r-- | services/core/java/com/android/server/om/OverlayManagerService.java | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/om/OverlayManagerService.java b/services/core/java/com/android/server/om/OverlayManagerService.java index 27b164830572..ee0b3d52eb3d 100644 --- a/services/core/java/com/android/server/om/OverlayManagerService.java +++ b/services/core/java/com/android/server/om/OverlayManagerService.java @@ -71,6 +71,7 @@ import android.text.TextUtils; import android.util.ArrayMap; import android.util.ArraySet; import android.util.AtomicFile; +import android.util.EventLog; import android.util.Slog; import android.util.SparseArray; @@ -81,7 +82,6 @@ import com.android.server.FgThread; import com.android.server.LocalServices; import com.android.server.SystemConfig; import com.android.server.SystemService; - import com.android.server.pm.UserManagerService; import com.android.server.pm.parsing.pkg.AndroidPackage; @@ -285,6 +285,12 @@ public final class OverlayManagerService extends SystemService { restoreSettings(); + // Wipe all shell overlays on boot, to recover from a potentially broken device + String shellPkgName = TextUtils.emptyIfNull( + getContext().getString(android.R.string.config_systemShell)); + mSettings.removeIf(overlayInfo -> overlayInfo.isFabricated + && shellPkgName.equals(overlayInfo.packageName)); + initIfNeeded(); onSwitchUser(UserHandle.USER_SYSTEM); @@ -891,6 +897,16 @@ public final class OverlayManagerService extends SystemService { throw new IllegalArgumentException(request.typeToString() + " unsupported for user " + request.userId); } + + // Normal apps are blocked from accessing OMS via SELinux, so to block non-root, + // non privileged callers, a simple check against the shell UID is sufficient, since + // that's the only exception from the other categories. This is enough while OMS + // is not a public API, but this will have to be changed if it's ever exposed. + if (callingUid == Process.SHELL_UID) { + EventLog.writeEvent(0x534e4554, "202768292", -1, ""); + throw new IllegalArgumentException("Non-root shell cannot fabricate overlays"); + } + realUserId = UserHandle.USER_ALL; // Enforce that the calling process can only register and unregister fabricated |