diff options
author | Riley Spahn <rileyspahn@google.com> | 2014-06-25 15:15:21 -0700 |
---|---|---|
committer | Riley Spahn <rileyspahn@google.com> | 2014-06-26 15:48:21 -0700 |
commit | 1244edcb85811e9e58d9d40fd05f10dd22e497ca (patch) | |
tree | 4c8b98d980ff99bc5b0810c43c9c4c8b11dc8773 /cmds/servicemanager | |
parent | 357df19b14b8387a480ed68dd6ea92eeb1aa4edc (diff) | |
download | frameworks_native-1244edcb85811e9e58d9d40fd05f10dd22e497ca.tar.gz frameworks_native-1244edcb85811e9e58d9d40fd05f10dd22e497ca.tar.bz2 frameworks_native-1244edcb85811e9e58d9d40fd05f10dd22e497ca.zip |
Remove inline access control in service_manager.
Remove the hardcoded tuples of UIDs and the services that
each is allowed to register. We will rely only on permissions
from SELinux.
Change-Id: I1c44555a6e274814282398865b30ee938f40dabb
Diffstat (limited to 'cmds/servicemanager')
-rw-r--r-- | cmds/servicemanager/service_manager.c | 43 |
1 files changed, 1 insertions, 42 deletions
diff --git a/cmds/servicemanager/service_manager.c b/cmds/servicemanager/service_manager.c index 939920a31..f142093da 100644 --- a/cmds/servicemanager/service_manager.c +++ b/cmds/servicemanager/service_manager.c @@ -20,38 +20,6 @@ #include <cutils/log.h> #endif -/* TODO: - * These should come from a config file or perhaps be - * based on some namespace rules of some sort (media - * uid can register media.*, etc) - */ -static struct { - uid_t uid; - const char *name; -} allowed[] = { - { AID_MEDIA, "media.audio_flinger" }, - { AID_MEDIA, "media.log" }, - { AID_MEDIA, "media.player" }, - { AID_MEDIA, "media.camera" }, - { AID_MEDIA, "media.audio_policy" }, - { AID_DRM, "drm.drmManager" }, - { AID_NFC, "nfc" }, - { AID_BLUETOOTH, "bluetooth" }, - { AID_RADIO, "radio.phone" }, - { AID_RADIO, "radio.sms" }, - { AID_RADIO, "radio.phonesubinfo" }, - { AID_RADIO, "radio.simphonebook" }, -/* TODO: remove after phone services are updated: */ - { AID_RADIO, "phone" }, - { AID_RADIO, "sip" }, - { AID_RADIO, "isms" }, - { AID_RADIO, "iphonesubinfo" }, - { AID_RADIO, "simphonebook" }, - { AID_MEDIA, "common_time.clock" }, - { AID_MEDIA, "common_time.config" }, - { AID_KEYSTORE, "android.security.keystore" }, -}; - uint32_t svcmgr_handle; const char *str8(const uint16_t *x) @@ -131,16 +99,7 @@ static bool check_mac_perms(const char *name, pid_t spid) static int svc_can_register(uid_t uid, const uint16_t *name, pid_t spid) { - size_t n; - - if ((uid == 0) || (uid == AID_SYSTEM)) - return check_mac_perms(str8(name), spid) ? 1 : 0; - - for (n = 0; n < sizeof(allowed) / sizeof(allowed[0]); n++) - if ((uid == allowed[n].uid) && str16eq(name, allowed[n].name)) - return check_mac_perms(str8(name), spid) ? 1 : 0; - - return 0; + return check_mac_perms(str8(name), spid) ? 1 : 0; } struct svcinfo |