Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f411077 authored by Feng Yu's avatar Feng Yu Committed by Gerrit Code Review
Browse files

Merge changes I1b74d58b,I38c6e8bc

* changes:
  ServiceManager: Allow system services running as secondary users to add services
  ServiceManager: Restore basic uid check
parents 5e703a6a 6b9c6d23
Loading
Loading
Loading
Loading
+1 −1
Original line number Original line Diff line number Diff line
@@ -31,6 +31,6 @@ cc_binary {
        "service_manager.c",
        "service_manager.c",
        "binder.c",
        "binder.c",
    ],
    ],
    shared_libs: ["libselinux"],
    shared_libs: ["libcutils", "libselinux"],
    init_rc: ["servicemanager.rc"],
    init_rc: ["servicemanager.rc"],
}
}
+7 −0
Original line number Original line Diff line number Diff line
@@ -8,6 +8,8 @@
#include <stdlib.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>


#include <cutils/multiuser.h>

#include <private/android_filesystem_config.h>
#include <private/android_filesystem_config.h>


#include <selinux/android.h>
#include <selinux/android.h>
@@ -121,6 +123,11 @@ static bool check_mac_perms_from_lookup(pid_t spid, uid_t uid, const char *perm,
static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)
static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)
{
{
    const char *perm = "add";
    const char *perm = "add";

    if (multiuser_get_app_id(uid) >= AID_APP) {
        return 0; /* Don't allow apps to register services */
    }

    return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;
    return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;
}
}