Loading services/core/java/com/android/server/pdb/PersistentDataBlockService.java +18 −5 Original line number Diff line number Diff line Loading @@ -34,6 +34,7 @@ import android.content.pm.PackageManagerInternal; import android.os.Binder; import android.os.Build; import android.os.IBinder; import android.os.Process; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.ShellCallback; Loading Loading @@ -370,8 +371,13 @@ public class PersistentDataBlockService extends SystemService { } private void enforceUid(int callingUid) { if (callingUid != mAllowedUid && callingUid != UserHandle.AID_ROOT) { throw new SecurityException("uid " + callingUid + " not allowed to access PDB"); enforceUid(callingUid, /* allowShell= */ false); } private void enforceUid(int callingUid, boolean allowShell) { if (callingUid != mAllowedUid && callingUid != UserHandle.AID_ROOT && (callingUid != Process.SHELL_UID || !allowShell)) { throw new SecurityException("Uid " + callingUid + " not allowed to access PDB"); } } Loading Loading @@ -864,7 +870,8 @@ public class PersistentDataBlockService extends SystemService { private final IBinder mService = new IPersistentDataBlockService.Stub() { private int printFrpStatus(PrintWriter pw, boolean printSecrets) { enforceUid(Binder.getCallingUid()); // Only allow SHELL_UID to print the status if printing the secrets is disabled enforceUid(Binder.getCallingUid(), /* allowShell= */ !printSecrets); pw.println("FRP state"); pw.println("========="); Loading @@ -872,8 +879,14 @@ public class PersistentDataBlockService extends SystemService { pw.println("FRP state: " + mFrpActive); printFrpDataFilesContents(pw, printSecrets); printFrpSecret(pw, printSecrets); // Do not print OEM unlock state and flash lock state if the caller is a non-root // shell - it likely won't have permissions anyways. if (Binder.getCallingUid() != Process.SHELL_UID) { pw.println("OEM unlock state: " + getOemUnlockEnabled()); pw.println("Bootloader lock state: " + getFlashLockState()); } pw.println("Verified boot state: " + getVerifiedBootState()); pw.println("Has FRP credential handle: " + hasFrpCredentialHandle()); pw.println("FRP challenge block size: " + getDataBlockSize()); Loading Loading
services/core/java/com/android/server/pdb/PersistentDataBlockService.java +18 −5 Original line number Diff line number Diff line Loading @@ -34,6 +34,7 @@ import android.content.pm.PackageManagerInternal; import android.os.Binder; import android.os.Build; import android.os.IBinder; import android.os.Process; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.ShellCallback; Loading Loading @@ -370,8 +371,13 @@ public class PersistentDataBlockService extends SystemService { } private void enforceUid(int callingUid) { if (callingUid != mAllowedUid && callingUid != UserHandle.AID_ROOT) { throw new SecurityException("uid " + callingUid + " not allowed to access PDB"); enforceUid(callingUid, /* allowShell= */ false); } private void enforceUid(int callingUid, boolean allowShell) { if (callingUid != mAllowedUid && callingUid != UserHandle.AID_ROOT && (callingUid != Process.SHELL_UID || !allowShell)) { throw new SecurityException("Uid " + callingUid + " not allowed to access PDB"); } } Loading Loading @@ -864,7 +870,8 @@ public class PersistentDataBlockService extends SystemService { private final IBinder mService = new IPersistentDataBlockService.Stub() { private int printFrpStatus(PrintWriter pw, boolean printSecrets) { enforceUid(Binder.getCallingUid()); // Only allow SHELL_UID to print the status if printing the secrets is disabled enforceUid(Binder.getCallingUid(), /* allowShell= */ !printSecrets); pw.println("FRP state"); pw.println("========="); Loading @@ -872,8 +879,14 @@ public class PersistentDataBlockService extends SystemService { pw.println("FRP state: " + mFrpActive); printFrpDataFilesContents(pw, printSecrets); printFrpSecret(pw, printSecrets); // Do not print OEM unlock state and flash lock state if the caller is a non-root // shell - it likely won't have permissions anyways. if (Binder.getCallingUid() != Process.SHELL_UID) { pw.println("OEM unlock state: " + getOemUnlockEnabled()); pw.println("Bootloader lock state: " + getFlashLockState()); } pw.println("Verified boot state: " + getVerifiedBootState()); pw.println("Has FRP credential handle: " + hasFrpCredentialHandle()); pw.println("FRP challenge block size: " + getDataBlockSize()); Loading
