Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e13b89a authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "libbinder: Disable shell commands on non-IPC builds" into main am: 068bb7a2 

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3009331



Change-Id: I3c74408a5385b065a3cc016e2567b20c7b5e017d
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 7d16f3d6 068bb7a2

libs/binder/ndk/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ cc_library { 
    ],



    cflags: [

        "-DBINDER_WITH_KERNEL_IPC",

        "-Wall",

        "-Wextra",

        "-Werror",

libs/binder/ndk/ibinder.cpp

+7 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 
#include <private/android_filesystem_config.h>

#endif



#include "../BuildFlags.h"

#include "ibinder_internal.h"

#include "parcel_internal.h"

#include "status_internal.h"
@@ -211,6 +212,12 @@ status_t ABBinder::onTransact(transaction_code_t code, const Parcel& data, Parce 
        binder_status_t status = getClass()->onTransact(this, code, &in, &out);

        return PruneStatusT(status);

    } else if (code == SHELL_COMMAND_TRANSACTION && getClass()->handleShellCommand != nullptr) {

        if constexpr (!android::kEnableKernelIpc) {

            // Non-IPC builds do not have getCallingUid(),

            // so we have no way of authenticating the caller

            return STATUS_PERMISSION_DENIED;

        }



        int in = data.readFileDescriptor();

        int out = data.readFileDescriptor();

        int err = data.readFileDescriptor();