adb_root: Enforce caller UID

#include <android-base/file.h>

#include <android-base/logging.h>

#include <android-base/strings.h>

#include <private/android_filesystem_config.h>

#include "adbroot_service.h"

namespace {

const std::string kStoragePath = "/data/adbroot/";

const std::string kEnabled = "enabled";

static android::binder::Status SecurityException(const std::string& msg) {

    LOG(ERROR) << msg;

    return android::binder::Status::fromExceptionCode(android::binder::Status::EX_SECURITY,

            android::String8(msg.c_str()));

}

}  // anonymous namespace

namespace android {

namespace adbroot {

using ::android::base::ReadFileToString;

using ::android::base::Trim;

using ::android::base::WriteStringToFile;

using base::ReadFileToString;

using base::Trim;

using base::WriteStringToFile;

ADBRootService::ADBRootService() : enabled_(false) {

    std::string buf;

}

void ADBRootService::Register() {

    auto ret = android::BinderService<ADBRootService>::publish();

    if (ret != android::OK) {

    auto ret = BinderService<ADBRootService>::publish();

    if (ret != OK) {

        LOG(FATAL) << "Could not register adbroot service: " << ret;

    }

}

binder::Status ADBRootService::setEnabled(bool enabled) {

    uid_t uid = IPCThreadState::self()->getCallingUid();

    if (uid != AID_SYSTEM) {

        return SecurityException("Caller must be system");

    }

    enabled_ = enabled;

    WriteStringToFile(std::to_string(enabled), kStoragePath + kEnabled);

    return binder::Status::ok();

}

binder::Status ADBRootService::getEnabled(bool* _aidl_return) {

    uid_t uid = IPCThreadState::self()->getCallingUid();

    if (uid != AID_SYSTEM && uid != AID_SHELL) {

        return SecurityException("Caller must be system or shell");

    }

    *_aidl_return = enabled_;

    return binder::Status::ok();

}

    }

    android::IPCThreadState::self()->joinThreadPool();

    exit(0);

    return 0;

}