aflags: only permit enable/disable with root access.
Bug: 324436145
Test: adb unroot && adb shell aflags enable com.android.window.flags.sync_window_config_update_flag # Fails
Test: adb root && adb shell aflags enable com.android.window.flags.sync_window_config_update_flag # Succeeds
Change-Id: I88db174b51462199a234eeb3b6fb70c4da538700
diff --git a/tools/aconfig/aflags/src/main.rs b/tools/aconfig/aflags/src/main.rs
index ef0195f..037bbd0 100644
--- a/tools/aconfig/aflags/src/main.rs
+++ b/tools/aconfig/aflags/src/main.rs
@@ -16,13 +16,13 @@
//! `aflags` is a device binary to read and write aconfig flags.
-use anyhow::{anyhow, Result};
+use anyhow::{anyhow, ensure, Result};
use clap::Parser;
mod device_config_source;
use device_config_source::DeviceConfigSource;
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
enum FlagPermission {
ReadOnly,
ReadWrite,
@@ -145,16 +145,15 @@
}
fn set_flag(qualified_name: &str, value: &str) -> Result<()> {
+ ensure!(nix::unistd::Uid::current().is_root(), "must be root to mutate flags");
+
let flags_binding = DeviceConfigSource::list_flags()?;
let flag = flags_binding.iter().find(|f| f.qualified_name() == qualified_name).ok_or(
anyhow!("no aconfig flag '{qualified_name}'. Does the flag have an .aconfig definition?"),
)?;
- if let FlagPermission::ReadOnly = flag.permission {
- return Err(anyhow!(
- "could not write flag '{qualified_name}', it is read-only for the current release configuration.",
- ));
- }
+ ensure!(flag.permission == FlagPermission::ReadWrite,
+ format!("could not write flag '{qualified_name}', it is read-only for the current release configuration."));
DeviceConfigSource::override_flag(&flag.namespace, qualified_name, value)?;