Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 55c2b484 authored by Svet Ganov's avatar Svet Ganov
Browse files

Clear binder identity when checking shell proxy permissions 

We have an API to perform privileged ops only the shell can
do from a test. These were not wroking for instant tests as
we have rules based on calling UID whether an instant app,
in this case the caller, can see other apps, in this case the
shell.

bug:123086496

Test: cts-tradefed run cts-dev --enable-parameterized-modules --module-parameter instant_app -m CtsAppOpsTestCases

Change-Id: Ia3f9e8d9fe9c5e0dfad413222fd006c365778c5a
parent 47bfb774

services/core/java/com/android/server/am/ActivityManagerService.java

+12 −2
Original line number Diff line number Diff line
@@ -18475,7 +18475,12 @@ public class ActivityManagerService extends IActivityManager.Stub 
        public int checkPermission(String permName, String pkgName, int userId,

                TriFunction<String, String, Integer, Integer> superImpl) {

            if (mTargetPackageName.equals(pkgName) && isTargetPermission(permName)) {

                final long identity = Binder.clearCallingIdentity();

                try {

                    return superImpl.apply(permName, "com.android.shell", userId);

                } finally {

                    Binder.restoreCallingIdentity(identity);

                }

            }

            return superImpl.apply(permName, pkgName, userId);

        }
@@ -18484,7 +18489,12 @@ public class ActivityManagerService extends IActivityManager.Stub 
        public int checkUidPermission(String permName, int uid,

                BiFunction<String, Integer, Integer> superImpl) {

            if (uid == mTargetUid  && isTargetPermission(permName)) {

                final long identity = Binder.clearCallingIdentity();

                try {

                    return superImpl.apply(permName, Process.SHELL_UID);

                } finally {

                    Binder.restoreCallingIdentity(identity);

                }

            }

            return superImpl.apply(permName, uid);

        }