diff options
| -rw-r--r-- | libs/android_runtime_lazy/Android.bp | 1 | ||||
| -rw-r--r-- | libs/binder/Binder.cpp | 18 | ||||
| -rw-r--r-- | libs/dumputils/Android.bp | 1 | ||||
| -rw-r--r-- | libs/ui/Android.bp | 1 |
4 files changed, 18 insertions, 3 deletions
diff --git a/libs/android_runtime_lazy/Android.bp b/libs/android_runtime_lazy/Android.bp index 84a4f3afd1..9284acbff3 100644 --- a/libs/android_runtime_lazy/Android.bp +++ b/libs/android_runtime_lazy/Android.bp @@ -48,6 +48,7 @@ cc_library { shared_libs: [ "liblog", + "libutils", ], required: [ diff --git a/libs/binder/Binder.cpp b/libs/binder/Binder.cpp index 96ee29556c..7324cf5bea 100644 --- a/libs/binder/Binder.cpp +++ b/libs/binder/Binder.cpp @@ -17,12 +17,15 @@ #include <binder/Binder.h> #include <atomic> -#include <utils/misc.h> #include <binder/BpBinder.h> #include <binder/IInterface.h> +#include <binder/IPCThreadState.h> #include <binder/IResultReceiver.h> #include <binder/IShellCallback.h> #include <binder/Parcel.h> +#include <cutils/android_filesystem_config.h> +#include <cutils/compiler.h> +#include <utils/misc.h> #include <stdio.h> @@ -125,6 +128,19 @@ status_t BBinder::transact( { data.setDataPosition(0); + // Shell command transaction is conventionally implemented by + // overriding onTransact by copy/pasting the parceling code from + // this file. So, we must check permissions for it before we call + // onTransact. This check is here because shell APIs aren't + // guaranteed to be stable, and so they should only be used by + // developers. + if (CC_UNLIKELY(code == SHELL_COMMAND_TRANSACTION)) { + uid_t uid = IPCThreadState::self()->getCallingUid(); + if (uid != AID_SHELL && uid != AID_ROOT) { + return PERMISSION_DENIED; + } + } + status_t err = NO_ERROR; switch (code) { case PING_TRANSACTION: diff --git a/libs/dumputils/Android.bp b/libs/dumputils/Android.bp index 3412e14f17..e23de8e389 100644 --- a/libs/dumputils/Android.bp +++ b/libs/dumputils/Android.bp @@ -17,7 +17,6 @@ cc_library { shared_libs: [ "libbase", - "libbinder", "libhidlbase", "libhidltransport", "liblog", diff --git a/libs/ui/Android.bp b/libs/ui/Android.bp index ec7f9275e2..6f570afe4d 100644 --- a/libs/ui/Android.bp +++ b/libs/ui/Android.bp @@ -84,7 +84,6 @@ cc_library_shared { "android.hardware.configstore-utils", "libbase", "libcutils", - "libhardware", "libhidlbase", "libhidltransport", "libhwbinder", |