From 1244edcb85811e9e58d9d40fd05f10dd22e497ca Mon Sep 17 00:00:00 2001 From: Riley Spahn Date: Wed, 25 Jun 2014 15:15:21 -0700 Subject: [PATCH] Remove inline access control in service_manager. Remove the hardcoded tuples of UIDs and the services that each is allowed to register. We will rely only on permissions from SELinux. Change-Id: I1c44555a6e274814282398865b30ee938f40dabb --- cmds/servicemanager/service_manager.c | 43 +-------------------------- 1 file changed, 1 insertion(+), 42 deletions(-) diff --git a/cmds/servicemanager/service_manager.c b/cmds/servicemanager/service_manager.c index 939920a31..f142093da 100644 --- a/cmds/servicemanager/service_manager.c +++ b/cmds/servicemanager/service_manager.c @@ -20,38 +20,6 @@ #include #endif -/* TODO: - * These should come from a config file or perhaps be - * based on some namespace rules of some sort (media - * uid can register media.*, etc) - */ -static struct { - uid_t uid; - const char *name; -} allowed[] = { - { AID_MEDIA, "media.audio_flinger" }, - { AID_MEDIA, "media.log" }, - { AID_MEDIA, "media.player" }, - { AID_MEDIA, "media.camera" }, - { AID_MEDIA, "media.audio_policy" }, - { AID_DRM, "drm.drmManager" }, - { AID_NFC, "nfc" }, - { AID_BLUETOOTH, "bluetooth" }, - { AID_RADIO, "radio.phone" }, - { AID_RADIO, "radio.sms" }, - { AID_RADIO, "radio.phonesubinfo" }, - { AID_RADIO, "radio.simphonebook" }, -/* TODO: remove after phone services are updated: */ - { AID_RADIO, "phone" }, - { AID_RADIO, "sip" }, - { AID_RADIO, "isms" }, - { AID_RADIO, "iphonesubinfo" }, - { AID_RADIO, "simphonebook" }, - { AID_MEDIA, "common_time.clock" }, - { AID_MEDIA, "common_time.config" }, - { AID_KEYSTORE, "android.security.keystore" }, -}; - uint32_t svcmgr_handle; const char *str8(const uint16_t *x) @@ -131,16 +99,7 @@ static bool check_mac_perms(const char *name, pid_t spid) static int svc_can_register(uid_t uid, const uint16_t *name, pid_t spid) { - size_t n; - - if ((uid == 0) || (uid == AID_SYSTEM)) - return check_mac_perms(str8(name), spid) ? 1 : 0; - - for (n = 0; n < sizeof(allowed) / sizeof(allowed[0]); n++) - if ((uid == allowed[n].uid) && str16eq(name, allowed[n].name)) - return check_mac_perms(str8(name), spid) ? 1 : 0; - - return 0; + return check_mac_perms(str8(name), spid) ? 1 : 0; } struct svcinfo