Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be06f0f2 authored by Hai Zhang's avatar Hai Zhang
Browse files

Fix --user parameter when setting app op for shell with shell command. 

ag/13692058 added "com.android.shell" into resolveUid(), which is also
used by appops shell command. However unlike the other special UID
names (e.g. root, shell, media, audioserver), "com.android.shell" is a
regular package name, so this broke the assumption that the UIDs
returned from resolveUid() are all special UIDs that only runs in the
primary user, and made the shell command always set the package mode
for the com.android.shell package in primary user despite being given
an explicit --user parameter (see parserUserPackageOp()
implementation).

So the fix should be keeping the resolveUid()'s semantics and make it
only handle the special UID names instead of package names. For the
special case for shell in verifyAndGetBypass(), it can be done in that
method locally.

Bug: 187329570
Test: adb shell appops set --user 10 com.android.shell
      MANAGE_IPSEC_TUNNELS allow
Test: adb shell dumpsys appops | grep -5 shell
Change-Id: Ia3157d6fd45dad085fa672e385287817fa20e90b
parent 80b02a06

services/core/java/com/android/server/appop/AppOpsService.java

+7 −3
Original line number Diff line number Diff line
@@ -4515,10 +4515,15 @@ public class AppOpsService extends IAppOpsService.Stub { 
        int callingUid = Binder.getCallingUid();



        // Allow any attribution tag for resolvable uids

        int pkgUid = resolveUid(packageName);

        if (pkgUid != Process.INVALID_UID) {

        int pkgUid;

        if (Objects.equals(packageName, "com.android.shell")) {

            // Special case for the shell which is a package but should be able

            // to bypass app attribution tag restrictions.

            pkgUid = Process.SHELL_UID;

        } else {

            pkgUid = resolveUid(packageName);

        }

        if (pkgUid != Process.INVALID_UID) {

            if (pkgUid != UserHandle.getAppId(uid)) {

                String otherUidMessage = DEBUG ? " but it is really " + pkgUid : " but it is not";

                throw new SecurityException("Specified package " + packageName + " under uid "
@@ -6955,7 +6960,6 @@ public class AppOpsService extends IAppOpsService.Stub { 
                return Process.ROOT_UID;

            case "shell":

            case "dumpstate":

            case "com.android.shell":

                return Process.SHELL_UID;

            case "media":

                return Process.MEDIA_UID;