Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8824a9a0 authored by Steven Moreland's avatar Steven Moreland
Browse files

servicemanager: remove TODO to combine sid checks 

getDeclaredInstances in servicemanager does multiple security checks.
This is because someone may be asking about 'IFoo', and a client may
only have permissions to see 'IFoo/default' even though 'IFoo/other' may
be registered.

The idea to combine these security checks would mean granting permission
to "IFoo/*". However, using regex for service contents would be quite a
bit of additional complexity, and using prefix matches would make all
other service contexts messy.

Bug: 169275998
Test: N/A
Change-Id: I8c00ecbb75e7b2f5ce50828b54d6e0a4ee9ff29f
parent 00633648

cmds/servicemanager/ServiceManager.cpp

+0 −1
Original line number Diff line number Diff line
@@ -373,7 +373,6 @@ binder::Status ServiceManager::getDeclaredInstances(const std::string& interface 
    outReturn->clear();



    for (const std::string& instance : allInstances) {

        // TODO(b/169275998): allow checking policy only once for the interface

        if (mAccess->canFind(ctx, interface + "/" + instance)) {

            outReturn->push_back(instance);

        }