Don't wait on permission check.
SELinux makes sure only system services can call installd.
Bug: 244657173
Fixes: 244657173
Test: presubmit
Test: adb bugreport, check that it has installd section
Change-Id: I27a77a12b025cfb27e774c2334e08facdcb4c77e
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
index 2c8adc7..faf67fd 100644
--- a/cmds/installd/InstalldNativeService.cpp
+++ b/cmds/installd/InstalldNativeService.cpp
@@ -125,8 +125,6 @@
namespace {
-constexpr const char* kDump = "android.permission.DUMP";
-
static binder::Status ok() {
return binder::Status::ok();
}
@@ -150,19 +148,6 @@
return binder::Status::fromServiceSpecificError(code, String8(msg.c_str()));
}
-binder::Status checkPermission(const char* permission) {
- pid_t pid;
- uid_t uid;
-
- if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
- reinterpret_cast<int32_t*>(&uid))) {
- return ok();
- } else {
- return exception(binder::Status::EX_SECURITY,
- StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
- }
-}
-
binder::Status checkUid(uid_t expectedUid) {
uid_t uid = IPCThreadState::self()->getCallingUid();
if (uid == expectedUid || uid == AID_ROOT) {
@@ -400,13 +385,7 @@
return android::OK;
}
-status_t InstalldNativeService::dump(int fd, const Vector<String16> & /* args */) {
- const binder::Status dump_permission = checkPermission(kDump);
- if (!dump_permission.isOk()) {
- dprintf(fd, "%s\n", dump_permission.toString8().c_str());
- return PERMISSION_DENIED;
- }
-
+status_t InstalldNativeService::dump(int fd, const Vector<String16>& /* args */) {
{
std::lock_guard<std::recursive_mutex> lock(mMountsLock);
dprintf(fd, "Storage mounts:\n");