Google Git
Sign in
android / platform / packages / modules / AdServices / 566213148^! / .
commit566213148cc58a1a42e6dcc7638ffbe65d12c32d[log] [tgz]
authorWill Burr <wgb@google.com>Mon Apr 04 15:00:40 2022 +0000
committerWill Burr <wgb@google.com>Mon Apr 04 15:00:40 2022 +0000
treed17378d7543b4200dc49d5a5d262b9cbd73d4dc6
parent32ed85f90a41f4ad2814ca21362f85e85e7a10c5 [diff]
SdkSandboxShellCommand: Allow ROOT_UID and SHELL_UID

Allows process with ROOT_UID or SHELL_UID to run the shell command for
sdk_sandbox. Updates SdkSandboxShellHostTest to enable adb root.

Bug: 227981627
Test: atest SdkSandboxShellHostTest
Change-Id: Ibb96a0b949903dd6db1bd08d7581f5fe7dd47dc6

diff --git a/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java b/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java
index a9093a5..64fd96f 100644
--- a/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java
+++ b/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java

@@ -43,8 +43,9 @@
 
     @Override
     public int onCommand(String cmd) {
-        if (Binder.getCallingUid() != Process.SHELL_UID) {
-            throw new SecurityException("Only shell process can call sdk_sandbox command");
+        int callingUid = Binder.getCallingUid();
+        if (callingUid != Process.ROOT_UID && callingUid != Process.SHELL_UID) {
+            throw new SecurityException("sdk_sandbox shell command is only callable by ADB");
         }
         final long token = Binder.clearCallingIdentity();
 

diff --git a/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java b/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java
index b449b5d..601767a 100644
--- a/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java
+++ b/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java

@@ -54,6 +54,8 @@
         }
 
         mOriginalUsers = new HashSet<>(getDevice().listUsers());
+
+        assertThat(getDevice().enableAdbRoot()).isTrue();
     }
 
     @After
@@ -63,6 +65,7 @@
                 getDevice().removeUser(userId);
             }
         }
+        getDevice().disableAdbRoot();
     }
 
     @Test