diff options
Diffstat (limited to 'cmds/installd/InstalldNativeService.cpp')
| -rw-r--r-- | cmds/installd/InstalldNativeService.cpp | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp index cad77874fd..71a87403d5 100644 --- a/cmds/installd/InstalldNativeService.cpp +++ b/cmds/installd/InstalldNativeService.cpp @@ -234,12 +234,12 @@ binder::Status checkArgumentFileName(const std::string& path) { return ok(); } -binder::Status checkUidInAppRange(int32_t appUid) { - if (FIRST_APPLICATION_UID <= appUid && appUid <= LAST_APPLICATION_UID) { +binder::Status checkArgumentAppId(int32_t appId) { + if (FIRST_APPLICATION_UID <= appId && appId <= LAST_APPLICATION_UID) { return ok(); } return exception(binder::Status::EX_ILLEGAL_ARGUMENT, - StringPrintf("UID %d is outside of the range", appUid)); + StringPrintf("appId %d is outside of the range", appId)); } #define ENFORCE_UID(uid) { \ @@ -302,12 +302,12 @@ binder::Status checkUidInAppRange(int32_t appUid) { } \ } -#define CHECK_ARGUMENT_UID_IN_APP_RANGE(uid) \ - { \ - binder::Status status = checkUidInAppRange((uid)); \ - if (!status.isOk()) { \ - return status; \ - } \ +#define CHECK_ARGUMENT_APP_ID(appId) \ + { \ + binder::Status status = checkArgumentAppId((appId)); \ + if (!status.isOk()) { \ + return status; \ + } \ } #ifdef GRANULAR_LOCKS @@ -411,7 +411,7 @@ using PackageLockGuard = std::lock_guard<PackageLock>; } // namespace binder::Status InstalldNativeService::FsveritySetupAuthToken::authenticate( - const ParcelFileDescriptor& authFd, int32_t appUid, int32_t userId) { + const ParcelFileDescriptor& authFd, int32_t uid) { int open_flags = fcntl(authFd.get(), F_GETFL); if (open_flags < 0) { return exception(binder::Status::EX_SERVICE_SPECIFIC, "fcntl failed"); @@ -426,9 +426,8 @@ binder::Status InstalldNativeService::FsveritySetupAuthToken::authenticate( return exception(binder::Status::EX_SECURITY, "Not a regular file"); } // Don't accept a file owned by a different app. - uid_t uid = multiuser_get_uid(userId, appUid); - if (this->mStatFromAuthFd.st_uid != uid) { - return exception(binder::Status::EX_SERVICE_SPECIFIC, "File not owned by appUid"); + if (this->mStatFromAuthFd.st_uid != (uid_t)uid) { + return exception(binder::Status::EX_SERVICE_SPECIFIC, "File not owned by uid"); } return ok(); } @@ -3986,7 +3985,7 @@ binder::Status InstalldNativeService::getOdexVisibility( // attacker-in-the-middle cannot enable fs-verity on arbitrary app files. If the FD is not writable, // return null. // -// appUid and userId are passed for additional ownership check, such that one app can not be +// app process uid is passed for additional ownership check, such that one app can not be // authenticated for another app's file. These parameters are assumed trusted for this purpose of // consistency check. // @@ -3994,13 +3993,13 @@ binder::Status InstalldNativeService::getOdexVisibility( // Since enabling fs-verity to a file requires no outstanding writable FD, passing the authFd to the // server allows the server to hold the only reference (as long as the client app doesn't). binder::Status InstalldNativeService::createFsveritySetupAuthToken( - const ParcelFileDescriptor& authFd, int32_t appUid, int32_t userId, + const ParcelFileDescriptor& authFd, int32_t uid, sp<IFsveritySetupAuthToken>* _aidl_return) { - CHECK_ARGUMENT_UID_IN_APP_RANGE(appUid); - ENFORCE_VALID_USER(userId); + CHECK_ARGUMENT_APP_ID(multiuser_get_app_id(uid)); + ENFORCE_VALID_USER(multiuser_get_user_id(uid)); auto token = sp<FsveritySetupAuthToken>::make(); - binder::Status status = token->authenticate(authFd, appUid, userId); + binder::Status status = token->authenticate(authFd, uid); if (!status.isOk()) { return status; } |