Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2d20bee7 authored by Jing Ji's avatar Jing Ji
Browse files

DO NOT MERGE: Context#startInstrumentation could be started from SHELL only now. 

Or, if an instrumentation starts another instrumentation and so on,
and the original instrumentation is started from SHELL, allow all
Context#startInstrumentation calls in this chain.

Otherwise, it'll throw a SecurityException.

Bug: 237766679
Test: atest CtsAppTestCases:InstrumentationTest
Merged-In: Ia08f225c21a3933067d066a578ea4af9c23e7d4c
Merged-In: I1b76f61c5fd6c9f7e738978592260945a606f40c
Merged-In: I3ea7aa27bd776fec546908a37f667f680da9c892
Change-Id: I7ca7345b064e8e74f7037b8fa3ed45bb6423e406
parent f661f5e6

services/core/java/com/android/server/am/ActivityManagerService.java

+34 −0
Original line number Diff line number Diff line
@@ -15776,6 +15776,17 @@ public class ActivityManagerService extends IActivityManager.Stub 
                reportStartInstrumentationFailureLocked(watcher, className, msg);

                throw new SecurityException(msg);

            }

            if (!Build.IS_DEBUGGABLE && callingUid != ROOT_UID && callingUid != SHELL_UID

                    && callingUid != SYSTEM_UID && !hasActiveInstrumentationLocked(callingPid)) {

                // If it's not debug build and not called from root/shell/system uid, reject it.

                final String msg = "Permission Denial: instrumentation test "

                        + className + " from pid=" + callingPid + ", uid=" + callingUid

                        + ", pkgName=" + getPackageNameByPid(callingPid)

                        + " not allowed because it's not started from SHELL";

                Slog.wtfQuiet(TAG, msg);

                reportStartInstrumentationFailureLocked(watcher, className, msg);

                throw new SecurityException(msg);

            }















            ActiveInstrumentation activeInstr = new ActiveInstrumentation(this);















            activeInstr.mClass = className;










@@ -15831,6 +15842,29 @@ public class ActivityManagerService extends IActivityManager.Stub













        return true;















    }



























    @GuardedBy("this")













    private boolean hasActiveInstrumentationLocked(int pid) {













        if (pid == 0) {













            return false;













        }













        synchronized (mPidsSelfLocked) {













            ProcessRecord process = mPidsSelfLocked.get(pid);













            return process != null && process.getActiveInstrumentation() != null;













        }













    }

























    private String getPackageNameByPid(int pid) {













        synchronized (mPidsSelfLocked) {













            final ProcessRecord app = mPidsSelfLocked.get(pid);

























            if (app != null && app.info != null) {













                return app.info.packageName;













            }

























            return null;













        }













    }



























    private boolean isCallerShell() {















        final int callingUid = Binder.getCallingUid();















        return callingUid == SHELL_UID || callingUid == ROOT_UID;