From d1387983a11a83ffd8fc79531125b9714f62c55c Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Wed, 24 Jul 2019 00:12:19 +0000
Subject: Revert "libbinder: require shell/root UID for shell"

This reverts commit f0f97d362a7ca644ac41542a12cc674e090135d3.

Reason for revert: as requested by frameworks team: implementations of
    shell command should check permissions and calls to binder
    interfaces are already guarded by SELinux.

Bug: N/A
Test: N/A
Change-Id: I0f4181bb7f9fdb252644cbbcbcd099696ce150be
---
 libs/binder/Binder.cpp | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

(limited to 'libs/binder/Binder.cpp')

diff --git a/libs/binder/Binder.cpp b/libs/binder/Binder.cpp
index 7324cf5bea..96ee29556c 100644
--- a/libs/binder/Binder.cpp
+++ b/libs/binder/Binder.cpp
@@ -17,15 +17,12 @@
 #include <binder/Binder.h>
 
 #include <atomic>
+#include <utils/misc.h>
 #include <binder/BpBinder.h>
 #include <binder/IInterface.h>
-#include <binder/IPCThreadState.h>
 #include <binder/IResultReceiver.h>
 #include <binder/IShellCallback.h>
 #include <binder/Parcel.h>
-#include <cutils/android_filesystem_config.h>
-#include <cutils/compiler.h>
-#include <utils/misc.h>
 
 #include <stdio.h>
 
@@ -128,19 +125,6 @@ status_t BBinder::transact(
 {
     data.setDataPosition(0);
 
-    // Shell command transaction is conventionally implemented by
-    // overriding onTransact by copy/pasting the parceling code from
-    // this file. So, we must check permissions for it before we call
-    // onTransact. This check is here because shell APIs aren't
-    // guaranteed to be stable, and so they should only be used by
-    // developers.
-    if (CC_UNLIKELY(code == SHELL_COMMAND_TRANSACTION)) {
-        uid_t uid = IPCThreadState::self()->getCallingUid();
-        if (uid != AID_SHELL && uid != AID_ROOT) {
-            return PERMISSION_DENIED;
-        }
-    }
-
     status_t err = NO_ERROR;
     switch (code) {
         case PING_TRANSACTION:
-- 
cgit v1.2.3-59-g8ed1b