diff options
author | dianlujitao <dianlujitao@lineageos.org> | 2019-11-22 20:12:33 +0800 |
---|---|---|
committer | Luca Stefani <luca.stefani.ge1@gmail.com> | 2019-11-28 20:39:50 +0100 |
commit | 235ba69da8b549f001aefa4d40f724ccb89e3677 (patch) | |
tree | 2adda6067771ddb7b2016179cd6e651cdfaa22cc | |
parent | 6fb1a7cd962fdf653952aeb66a11e7a7d0fd3ad6 (diff) | |
download | android_frameworks_base-235ba69da8b549f001aefa4d40f724ccb89e3677.tar.gz android_frameworks_base-235ba69da8b549f001aefa4d40f724ccb89e3677.tar.bz2 android_frameworks_base-235ba69da8b549f001aefa4d40f724ccb89e3677.zip |
ADBRootService: Remove redundant permission check
* First of all, the check is performed in a helper class, one can
easily bypass it by directly issuing the binder API.
* On the other hand, enforceCallingOrSelfPermission allows root and
system UID to do everything, i.e., any process running in system UID
is allowed to pass the check, including Settings app, thus it's
simply a no-op.
Change-Id: I82f58d6165c2ef35c61047d5899de3e8ca6f7f39
-rw-r--r-- | core/java/android/adb/ADBRootService.java | 13 | ||||
-rw-r--r-- | core/res/AndroidManifest.xml | 6 | ||||
-rw-r--r-- | data/etc/com.android.settings.xml | 1 |
3 files changed, 0 insertions, 20 deletions
diff --git a/core/java/android/adb/ADBRootService.java b/core/java/android/adb/ADBRootService.java index 386ad464a12..4f5de081ccf 100644 --- a/core/java/android/adb/ADBRootService.java +++ b/core/java/android/adb/ADBRootService.java @@ -17,7 +17,6 @@ package android.adb; import android.adbroot.IADBRootService; -import android.content.Context; import android.os.IBinder; import android.os.RemoteException; import android.os.ServiceManager; @@ -32,7 +31,6 @@ public class ADBRootService { private static final String ADB_ROOT_SERVICE = "adbroot_service"; private IADBRootService mService; - private Context mContext; private final IBinder.DeathRecipient mDeathRecipient = new IBinder.DeathRecipient() { @Override @@ -44,13 +42,6 @@ public class ADBRootService { } }; - /** - * Creates a new instance. - */ - public ADBRootService(Context context) { - mContext = context; - } - private synchronized IADBRootService getService() throws RemoteException { if (mService != null) { @@ -72,8 +63,6 @@ public class ADBRootService { * @hide */ public void setEnabled(boolean enable) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.ADBROOT, "adbroot"); try { final IADBRootService svc = getService(); if (svc != null) { @@ -88,8 +77,6 @@ public class ADBRootService { * @hide */ public boolean getEnabled() { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.ADBROOT, "adbroot"); try { final IADBRootService svc = getService(); if (svc != null) { diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index c1005aec7b4..0c3b7a137b9 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -4609,12 +4609,6 @@ <permission android:name="android.permission.PREVENT_POWER_KEY" android:protectionLevel="signature|privileged" /> - <!-- Allows an application to manage ADB Root - @hide <p>Not for use by third-party applications. - --> - <permission android:name="android.permission.ADBROOT" - android:protectionLevel="signature|privileged" /> - <application android:process="system" android:persistent="true" android:hasCode="false" diff --git a/data/etc/com.android.settings.xml b/data/etc/com.android.settings.xml index d70810d09a0..3e53a383854 100644 --- a/data/etc/com.android.settings.xml +++ b/data/etc/com.android.settings.xml @@ -50,6 +50,5 @@ <permission name="android.permission.WRITE_MEDIA_STORAGE"/> <permission name="android.permission.WRITE_SECURE_SETTINGS"/> <permission name="android.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS" /> - <permission name="android.permission.ADBROOT" /> </privapp-permissions> </permissions> |