Add missing isShellUser check Bug: 160390416 Test: verified command still works from shell Change-Id: I23bb06e00f1623e4f27c02d7eb2c0d273b40771b (cherry picked from commit 03542611973e4ce3ddca522ee12bcc85e59ce901) Merged-In: I23bb06e00f1623e4f27c02d7eb2c0d273b40771b (cherry picked from commit 3a5cd5bbe3418f79970f5c37f45583a0323b0d41)

commit: 740370a434072aee6349b76bab2bd5d66123d171 [log] [tgz]
author: John Reck <jreck@google.com> Mon Jul 06 16:10:49 2020 -0700
committer: Anis Assi <anisassi@google.com> Thu Aug 06 17:12:34 2020 -0700
tree: 51e93ae385588a8aa2c654ea71703600b6c042f5
parent: 620bc73945707d73c101049bc15a47e1811736bf [diff]
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index cf48dd6..2a1e3e6 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java

@@ -4260,9 +4260,18 @@
         return procState;
     }
 
+    private boolean isCallerShell() {
+        final int callingUid = Binder.getCallingUid();
+        return callingUid == SHELL_UID || callingUid == ROOT_UID;
+    }
+
     @Override
     public boolean setProcessMemoryTrimLevel(String process, int userId, int level)
             throws RemoteException {
+        if (!isCallerShell()) {
+            EventLog.writeEvent(0x534e4554, 160390416, Binder.getCallingUid(), "");
+            throw new SecurityException("Only shell can call it");
+        }
         synchronized (this) {
             final ProcessRecord app = findProcessLocked(process, userId, "setProcessMemoryTrimLevel");
             if (app == null) {
commit	740370a434072aee6349b76bab2bd5d66123d171	[log] [tgz]
author	John Reck <jreck@google.com>	Mon Jul 06 16:10:49 2020 -0700
committer	Anis Assi <anisassi@google.com>	Thu Aug 06 17:12:34 2020 -0700
tree	51e93ae385588a8aa2c654ea71703600b6c042f5
parent	620bc73945707d73c101049bc15a47e1811736bf [diff]