Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f411077 authored by Feng Yu's avatar Feng Yu Committed by Gerrit Code Review
Browse files

Merge changes I1b74d58b,I38c6e8bc 

* changes:
  ServiceManager: Allow system services running as secondary users to add services
  ServiceManager: Restore basic uid check
parents 5e703a6a 6b9c6d23

cmds/servicemanager/Android.bp

+1 −1
Original line number Original line Diff line number Diff line
@@ -31,6 +31,6 @@ cc_binary { 
        "service_manager.c",

        "service_manager.c",

        "binder.c",

        "binder.c",

    ],

    ],

    shared_libs: ["libselinux"],

    shared_libs: ["libcutils", "libselinux"],

    init_rc: ["servicemanager.rc"],

    init_rc: ["servicemanager.rc"],

}
 
}

cmds/servicemanager/service_manager.c

+7 −0
Original line number Original line Diff line number Diff line
@@ -8,6 +8,8 @@ 
#include <stdlib.h>

#include <stdlib.h>

#include <string.h>

#include <string.h>





#include <cutils/multiuser.h>



#include <private/android_filesystem_config.h>

#include <private/android_filesystem_config.h>





#include <selinux/android.h>

#include <selinux/android.h>
@@ -121,6 +123,11 @@ static bool check_mac_perms_from_lookup(pid_t spid, uid_t uid, const char *perm, 
static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)

static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)

{

{

    const char *perm = "add";

    const char *perm = "add";



    if (multiuser_get_app_id(uid) >= AID_APP) {

        return 0; /* Don't allow apps to register services */

    }



    return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;

    return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;

}

}