platform_system_vold/VoldNativeServiceValidation.cpp
Alex Buynytskyy 605a44fe93 Additional operation check when enabling read logs.
Vold now does not check caller's permission, but only accepts
transactions from system_server. And it's up to system server to do the
right thing and check permissions/appops.

Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest
Test: adb shell appops set 1000 GET_USAGE_STATS deny
Change-Id: Id56c1673b135b72b3ec86e572aa4bcca3afc19ab
2020-04-03 18:42:04 -07:00

108 lines
3.5 KiB
C++

/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "VoldNativeServiceValidation.h"
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
#include <private/android_filesystem_config.h>
#include <cctype>
#include <string_view>
using android::base::StringPrintf;
using namespace std::literals;
namespace android::vold {
binder::Status Ok() {
return binder::Status::ok();
}
binder::Status Exception(uint32_t code, const std::string& msg) {
return binder::Status::fromExceptionCode(code, String8(msg.c_str()));
}
binder::Status CheckPermission(const char* permission) {
int32_t pid;
int32_t uid;
if (checkCallingPermission(String16(permission), &pid, &uid)) {
return Ok();
} else {
return Exception(binder::Status::EX_SECURITY,
StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
}
}
binder::Status CheckUidOrRoot(uid_t expectedUid) {
uid_t uid = IPCThreadState::self()->getCallingUid();
if (uid == expectedUid || uid == AID_ROOT) {
return Ok();
} else {
return Exception(binder::Status::EX_SECURITY,
StringPrintf("UID %d is not expected UID %d", uid, expectedUid));
}
}
binder::Status CheckArgumentId(const std::string& id) {
if (id.empty()) {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing ID");
}
for (const char& c : id) {
if (!std::isalnum(c) && c != ':' && c != ',' && c != ';') {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT,
StringPrintf("ID %s is malformed", id.c_str()));
}
}
return Ok();
}
binder::Status CheckArgumentPath(const std::string& path) {
if (path.empty()) {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing path");
}
if (path[0] != '/') {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT,
StringPrintf("Path %s is relative", path.c_str()));
}
if (path.find("/../"sv) != path.npos || android::base::EndsWith(path, "/.."sv)) {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT,
StringPrintf("Path %s is shady", path.c_str()));
}
for (const char& c : path) {
if (c == '\0' || c == '\n') {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT,
StringPrintf("Path %s is malformed", path.c_str()));
}
}
return Ok();
}
binder::Status CheckArgumentHex(const std::string& hex) {
// Empty hex strings are allowed
for (const char& c : hex) {
if (!std::isxdigit(c) && c != ':' && c != '-') {
return Exception(binder::Status::EX_ILLEGAL_ARGUMENT,
StringPrintf("Hex %s is malformed", hex.c_str()));
}
}
return Ok();
}
} // namespace android::vold