Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3be41a9f authored by shafik's avatar shafik
Browse files

Make sure only SYSTEM can call notifyStaged(Apk)Session 

This is sufficient to prevent malicious callers from enabling
rollback for a session that they otherwise wouldn't be allowed
to enable rollback for.

Fixes: 128669197
Test: atest StagedRollbackTest
Change-Id: I9fa8527fadbbfd58cdee0479cae97ca11a0efd9d
parent 1c3ef21a

services/core/java/com/android/server/rollback/RollbackManagerServiceImpl.java

+6 −0
Original line number Diff line number Diff line
@@ -1015,6 +1015,9 @@ class RollbackManagerServiceImpl extends IRollbackManager.Stub { 


    @Override

    public boolean notifyStagedSession(int sessionId) {

        if (Binder.getCallingUid() != Process.SYSTEM_UID) {

            throw new SecurityException("notifyStagedSession may only be called by the system.");

        }

        final LinkedBlockingQueue<Boolean> result = new LinkedBlockingQueue<>();



        // NOTE: We post this runnable on the RollbackManager's binder thread because we'd prefer
@@ -1066,6 +1069,9 @@ class RollbackManagerServiceImpl extends IRollbackManager.Stub { 


    @Override

    public void notifyStagedApkSession(int originalSessionId, int apkSessionId) {

        if (Binder.getCallingUid() != Process.SYSTEM_UID) {

            throw new SecurityException("notifyStagedApkSession may only be called by the system.");

        }

        getHandler().post(() -> {

            RollbackData rd = null;

            synchronized (mLock) {