commit 38eafb7efd9e59222688192df948428f73759f3a
author Andrei Homescu <ahomescu@google.com> Fri Mar 22 22:38:08 2024 +0000
committer Andrei Homescu <ahomescu@google.com> Thu Apr 04 03:52:31 2024 +0000
tree 50b94caaabd997f120e3fdaf97a3ae56bdc341be
parent 8c540c77956b11f42a8ad2a4defa4d6edce4d639

libbinder: Disable shell commands on non-IPC builds

libbinder builds with kernel IPC disabled to not have
getCallingUid(). Disable shell commands on those builds
altogether to avoid permissions issues.

Bug: 242243245
Test: Presubmit
Change-Id: I41e21c3b0b8dd88a3e0a9ad30e1d25bcb07c9915

libs/binder/ndk/ibinder.cpp

diff --git a/libs/binder/ndk/ibinder.cpp b/libs/binder/ndk/ibinder.cpp
index bf7a0ba..e6d4f46 100644
--- a/libs/binder/ndk/ibinder.cpp
+++ b/libs/binder/ndk/ibinder.cpp
@@ -24,6 +24,7 @@
 #include <private/android_filesystem_config.h>
 #endif
 
+#include "../BuildFlags.h"
 #include "ibinder_internal.h"
 #include "parcel_internal.h"
 #include "status_internal.h"
@@ -211,6 +212,12 @@
         binder_status_t status = getClass()->onTransact(this, code, &in, &out);
         return PruneStatusT(status);
     } else if (code == SHELL_COMMAND_TRANSACTION && getClass()->handleShellCommand != nullptr) {
+        if constexpr (!android::kEnableKernelIpc) {
+            // Non-IPC builds do not have getCallingUid(),
+            // so we have no way of authenticating the caller
+            return STATUS_PERMISSION_DENIED;
+        }
+
         int in = data.readFileDescriptor();
         int out = data.readFileDescriptor();
         int err = data.readFileDescriptor();