Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c5a94538 authored by Winson Chiu's avatar Winson Chiu Committed by Automerger Merge Worker
Browse files

Merge "Block SHELL_UID from overlay fabricate and clear shell overlays on... 

Merge "Block SHELL_UID from overlay fabricate and clear shell overlays on boot" into sc-dev am: 987cfe1b am: 073a98e3

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/16077739

Change-Id: I461fad990f5268deaa29c0e098273d9dd0e943cf
parents fdb01b63 073a98e3

services/core/java/com/android/server/om/OverlayManagerService.java

+17 −1
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ import android.text.TextUtils; 
import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.AtomicFile;

import android.util.EventLog;

import android.util.Slog;

import android.util.SparseArray;
@@ -81,7 +82,6 @@ import com.android.server.FgThread; 
import com.android.server.LocalServices;

import com.android.server.SystemConfig;

import com.android.server.SystemService;



import com.android.server.pm.UserManagerService;

import com.android.server.pm.parsing.pkg.AndroidPackage;
@@ -285,6 +285,12 @@ public final class OverlayManagerService extends SystemService { 


            restoreSettings();



            // Wipe all shell overlays on boot, to recover from a potentially broken device

            String shellPkgName = TextUtils.emptyIfNull(

                    getContext().getString(android.R.string.config_systemShell));

            mSettings.removeIf(overlayInfo -> overlayInfo.isFabricated

                    && shellPkgName.equals(overlayInfo.packageName));



            initIfNeeded();

            onSwitchUser(UserHandle.USER_SYSTEM);
@@ -891,6 +897,16 @@ public final class OverlayManagerService extends SystemService { 
                    throw new IllegalArgumentException(request.typeToString()

                            + " unsupported for user " + request.userId);

                }



                // Normal apps are blocked from accessing OMS via SELinux, so to block non-root,

                // non privileged callers, a simple check against the shell UID is sufficient, since

                // that's the only exception from the other categories. This is enough while OMS

                // is not a public API, but this will have to be changed if it's ever exposed.

                if (callingUid == Process.SHELL_UID) {

                    EventLog.writeEvent(0x534e4554, "202768292", -1, "");

                    throw new IllegalArgumentException("Non-root shell cannot fabricate overlays");

                }



                realUserId = UserHandle.USER_ALL;



                // Enforce that the calling process can only register and unregister fabricated