Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f6aaf56 authored by Jackal Guo's avatar Jackal Guo
Browse files

Enforce the owner rights of dumpProfiles 

Move the ownership check to the beginning of the method to secure
the validity.

Bug: 185125569
Test: manually using the PoC in the buganizer to ensure the symptom
      no longer exists.
Test: manually using shell command to dump profiles.
Change-Id: I785d261b20fe15cb526b93acc40d2a875d38a94e
parent 8257b7b3

services/core/java/com/android/server/pm/PackageManagerService.java

+9 −7
Original line number Diff line number Diff line
@@ -12888,6 +12888,15 @@ public class PackageManagerService extends IPackageManager.Stub 














    @Override















    public void dumpProfiles(String packageName) {













        /* Only the shell, root, or the app user should be able to dump profiles. */













        final int callingUid = Binder.getCallingUid();













        final String[] callerPackageNames = getPackagesForUid(callingUid);













        if (callingUid != Process.SHELL_UID













                && callingUid != Process.ROOT_UID













                && !ArrayUtils.contains(callerPackageNames, packageName)) {













            throw new SecurityException("dumpProfiles");













        }



























        AndroidPackage pkg;















        synchronized (mLock) {















            pkg = mPackages.get(packageName);









@@ -12895,13 +12904,6 @@ public class PackageManagerService extends IPackageManager.Stub













                throw new IllegalArgumentException("Unknown package: " + packageName);















            }















        }













        /* Only the shell, root, or the app user should be able to dump profiles. */













        int callingUid = Binder.getCallingUid();













        if (callingUid != Process.SHELL_UID &&













            callingUid != Process.ROOT_UID &&













            callingUid != pkg.getUid()) {













            throw new SecurityException("dumpProfiles");













        }





























        synchronized (mInstallLock) {















            Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "dump profiles");