Loading cmds/servicemanager/ServiceManager.cpp +26 −6 Original line number Diff line number Diff line Loading @@ -505,8 +505,9 @@ Status ServiceManager::addService(const std::string& name, const sp<IBinder>& bi return Status::fromExceptionCode(Status::EX_SECURITY, "App UIDs cannot add services."); } if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied."); std::optional<std::string> accessorName; if (auto status = canAddService(ctx, name, &accessorName); !status.isOk()) { return status; } if (binder == nullptr) { Loading Loading @@ -888,8 +889,9 @@ Status ServiceManager::registerClientCallback(const std::string& name, const sp< } auto ctx = mAccess->getCallingContext(); if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied."); std::optional<std::string> accessorName; if (auto status = canAddService(ctx, name, &accessorName); !status.isOk()) { return status; } auto serviceIt = mNameToService.find(name); Loading Loading @@ -1051,8 +1053,9 @@ Status ServiceManager::tryUnregisterService(const std::string& name, const sp<IB } auto ctx = mAccess->getCallingContext(); if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied."); std::optional<std::string> accessorName; if (auto status = canAddService(ctx, name, &accessorName); !status.isOk()) { return status; } auto serviceIt = mNameToService.find(name); Loading Loading @@ -1110,6 +1113,23 @@ Status ServiceManager::tryUnregisterService(const std::string& name, const sp<IB return Status::ok(); } Status ServiceManager::canAddService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor) { if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied for service."); } #ifndef VENDORSERVICEMANAGER *accessor = getVintfAccessorName(name); #endif if (accessor->has_value()) { if (!mAccess->canAdd(ctx, accessor->value())) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied for the accessor of the service."); } } return Status::ok(); } Status ServiceManager::canFindService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor) { if (!mAccess->canFind(ctx, name)) { Loading cmds/servicemanager/ServiceManager.h +2 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,8 @@ private: os::Service tryGetService(const std::string& name, bool startIfNotFound); sp<IBinder> tryGetBinder(const std::string& name, bool startIfNotFound); binder::Status canAddService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor); binder::Status canFindService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor); Loading Loading
cmds/servicemanager/ServiceManager.cpp +26 −6 Original line number Diff line number Diff line Loading @@ -505,8 +505,9 @@ Status ServiceManager::addService(const std::string& name, const sp<IBinder>& bi return Status::fromExceptionCode(Status::EX_SECURITY, "App UIDs cannot add services."); } if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied."); std::optional<std::string> accessorName; if (auto status = canAddService(ctx, name, &accessorName); !status.isOk()) { return status; } if (binder == nullptr) { Loading Loading @@ -888,8 +889,9 @@ Status ServiceManager::registerClientCallback(const std::string& name, const sp< } auto ctx = mAccess->getCallingContext(); if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied."); std::optional<std::string> accessorName; if (auto status = canAddService(ctx, name, &accessorName); !status.isOk()) { return status; } auto serviceIt = mNameToService.find(name); Loading Loading @@ -1051,8 +1053,9 @@ Status ServiceManager::tryUnregisterService(const std::string& name, const sp<IB } auto ctx = mAccess->getCallingContext(); if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied."); std::optional<std::string> accessorName; if (auto status = canAddService(ctx, name, &accessorName); !status.isOk()) { return status; } auto serviceIt = mNameToService.find(name); Loading Loading @@ -1110,6 +1113,23 @@ Status ServiceManager::tryUnregisterService(const std::string& name, const sp<IB return Status::ok(); } Status ServiceManager::canAddService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor) { if (!mAccess->canAdd(ctx, name)) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied for service."); } #ifndef VENDORSERVICEMANAGER *accessor = getVintfAccessorName(name); #endif if (accessor->has_value()) { if (!mAccess->canAdd(ctx, accessor->value())) { return Status::fromExceptionCode(Status::EX_SECURITY, "SELinux denied for the accessor of the service."); } } return Status::ok(); } Status ServiceManager::canFindService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor) { if (!mAccess->canFind(ctx, name)) { Loading
cmds/servicemanager/ServiceManager.h +2 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,8 @@ private: os::Service tryGetService(const std::string& name, bool startIfNotFound); sp<IBinder> tryGetBinder(const std::string& name, bool startIfNotFound); binder::Status canAddService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor); binder::Status canFindService(const Access::CallingContext& ctx, const std::string& name, std::optional<std::string>* accessor); Loading
