diff options
| author | 2020-10-05 21:23:33 +0000 | |
|---|---|---|
| committer | 2020-10-05 21:27:44 +0000 | |
| commit | 8824a9a006d2acf89c77b044f0906434591595ef (patch) | |
| tree | e72a41cd4857b56cf069bd155d9f49589cb540f7 /cmds/servicemanager/ServiceManager.cpp | |
| parent | 00633648701baed9d13ab47c676ad0eccb021a7c (diff) | |
servicemanager: remove TODO to combine sid checks
getDeclaredInstances in servicemanager does multiple security checks.
This is because someone may be asking about 'IFoo', and a client may
only have permissions to see 'IFoo/default' even though 'IFoo/other' may
be registered.
The idea to combine these security checks would mean granting permission
to "IFoo/*". However, using regex for service contents would be quite a
bit of additional complexity, and using prefix matches would make all
other service contexts messy.
Bug: 169275998
Test: N/A
Change-Id: I8c00ecbb75e7b2f5ce50828b54d6e0a4ee9ff29f
Diffstat (limited to 'cmds/servicemanager/ServiceManager.cpp')
| -rw-r--r-- | cmds/servicemanager/ServiceManager.cpp | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/cmds/servicemanager/ServiceManager.cpp b/cmds/servicemanager/ServiceManager.cpp index c8355e2b6b..7aac7daf49 100644 --- a/cmds/servicemanager/ServiceManager.cpp +++ b/cmds/servicemanager/ServiceManager.cpp @@ -373,7 +373,6 @@ binder::Status ServiceManager::getDeclaredInstances(const std::string& interface outReturn->clear(); for (const std::string& instance : allInstances) { - // TODO(b/169275998): allow checking policy only once for the interface if (mAccess->canFind(ctx, interface + "/" + instance)) { outReturn->push_back(instance); } |