commit | 566213148cc58a1a42e6dcc7638ffbe65d12c32d | [log] [tgz] |
---|---|---|
author | Will Burr <wgb@google.com> | Mon Apr 04 15:00:40 2022 +0000 |
committer | Will Burr <wgb@google.com> | Mon Apr 04 15:00:40 2022 +0000 |
tree | d17378d7543b4200dc49d5a5d262b9cbd73d4dc6 | |
parent | 32ed85f90a41f4ad2814ca21362f85e85e7a10c5 [diff] |
SdkSandboxShellCommand: Allow ROOT_UID and SHELL_UID Allows process with ROOT_UID or SHELL_UID to run the shell command for sdk_sandbox. Updates SdkSandboxShellHostTest to enable adb root. Bug: 227981627 Test: atest SdkSandboxShellHostTest Change-Id: Ibb96a0b949903dd6db1bd08d7581f5fe7dd47dc6
diff --git a/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java b/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java index a9093a5..64fd96f 100644 --- a/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java +++ b/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxShellCommand.java
@@ -43,8 +43,9 @@ @Override public int onCommand(String cmd) { - if (Binder.getCallingUid() != Process.SHELL_UID) { - throw new SecurityException("Only shell process can call sdk_sandbox command"); + int callingUid = Binder.getCallingUid(); + if (callingUid != Process.ROOT_UID && callingUid != Process.SHELL_UID) { + throw new SecurityException("sdk_sandbox shell command is only callable by ADB"); } final long token = Binder.clearCallingIdentity();
diff --git a/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java b/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java index b449b5d..601767a 100644 --- a/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java +++ b/sdksandbox/tests/hostsidetests/src/com/android/tests/sdksandbox/host/SdkSandboxShellHostTest.java
@@ -54,6 +54,8 @@ } mOriginalUsers = new HashSet<>(getDevice().listUsers()); + + assertThat(getDevice().enableAdbRoot()).isTrue(); } @After @@ -63,6 +65,7 @@ getDevice().removeUser(userId); } } + getDevice().disableAdbRoot(); } @Test