Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 12b09424 authored by Vlad Marica's avatar Vlad Marica
Browse files

Allow SHELL_UID to print FRP status when secrets are excluded 

Bugreports taken by the `adb bugreport` command seem to
be executed by SHELL_UID (2000). Before this change, this meant
that the PersistentDataBlockService's dump would not include
the FRP status because SHELL_UID was not allowed.

Additionally, the OEM Unlock state and the Flash Lock state are
excluded when the caller is SHELL_UID because it seems to lack
the required permissions and throws an exception.

Bug: 349170452
Flag: EXEMPT bugfix
Test: Manually tested by running `adb shell dumpsys
persistent_data_block`
while not root
Ignore-AOSP-First: Depends on internal changes that can't go into AOSP
yet.

Change-Id: Icda8348c730ec869196839439ce1620d56a9339e
parent fdd6b883

services/core/java/com/android/server/pdb/PersistentDataBlockService.java

+18 −5
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ import android.content.pm.PackageManagerInternal; 
import android.os.Binder;

import android.os.Build;

import android.os.IBinder;

import android.os.Process;

import android.os.RemoteException;

import android.os.ResultReceiver;

import android.os.ShellCallback;
@@ -370,8 +371,13 @@ public class PersistentDataBlockService extends SystemService { 
    }



    private void enforceUid(int callingUid) {

        if (callingUid != mAllowedUid && callingUid != UserHandle.AID_ROOT) {

            throw new SecurityException("uid " + callingUid + " not allowed to access PDB");

        enforceUid(callingUid, /* allowShell= */ false);

    }



    private void enforceUid(int callingUid, boolean allowShell) {

        if (callingUid != mAllowedUid && callingUid != UserHandle.AID_ROOT

                && (callingUid != Process.SHELL_UID || !allowShell)) {

            throw new SecurityException("Uid " + callingUid + " not allowed to access PDB");

        }

    }
@@ -864,7 +870,8 @@ public class PersistentDataBlockService extends SystemService { 


    private final IBinder mService = new IPersistentDataBlockService.Stub() {

        private int printFrpStatus(PrintWriter pw, boolean printSecrets) {

            enforceUid(Binder.getCallingUid());

            // Only allow SHELL_UID to print the status if printing the secrets is disabled

            enforceUid(Binder.getCallingUid(), /* allowShell= */ !printSecrets);



            pw.println("FRP state");

            pw.println("=========");
@@ -872,8 +879,14 @@ public class PersistentDataBlockService extends SystemService { 
            pw.println("FRP state: " + mFrpActive);

            printFrpDataFilesContents(pw, printSecrets);

            printFrpSecret(pw, printSecrets);



            // Do not print OEM unlock state and flash lock state if the caller is a non-root

            // shell - it likely won't have permissions anyways.

            if (Binder.getCallingUid() != Process.SHELL_UID) {

                pw.println("OEM unlock state: " + getOemUnlockEnabled());

                pw.println("Bootloader lock state: " + getFlashLockState());

            }



            pw.println("Verified boot state: " + getVerifiedBootState());

            pw.println("Has FRP credential handle: " + hasFrpCredentialHandle());

            pw.println("FRP challenge block size: " + getDataBlockSize());