servicemanager: more restrictions for isolated app Can never be too careful. Bug: 267381133 Test: servicemanager_test Change-Id: I56a5143978a25a5acf2116652dfd0b53be5c97ab

commit: b9e1cbe595b9c8d212e37e223eea0b66a2b642b0 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Wed Feb 01 22:44:45 2023 +0000
committer: Steven Moreland <smoreland@google.com> Wed Feb 01 22:54:40 2023 +0000
tree: c1c5ca680c93ddded326b7d5f12a865c40feaab4
parent: 64e5571e62a0b7ad4c346cf785af94638e7f6776 [diff] [blame]
diff --git a/cmds/servicemanager/test_sm.cpp b/cmds/servicemanager/test_sm.cpp
index 0fd8d8e..cae32e3 100644
--- a/cmds/servicemanager/test_sm.cpp
+++ b/cmds/servicemanager/test_sm.cpp

@@ -383,6 +383,22 @@
 
     sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
 
+    EXPECT_EQ(sm->registerForNotifications("foofoo", cb).exceptionCode(), Status::EX_SECURITY);
+}
+
+TEST(GetService, IsolatedCantRegister) {
+    std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
+
+    EXPECT_CALL(*access, getCallingContext())
+            .WillOnce(Return(Access::CallingContext{
+                    .uid = AID_ISOLATED_START,
+            }));
+    EXPECT_CALL(*access, canFind(_, _)).WillOnce(Return(true));
+
+    sp<ServiceManager> sm = sp<ServiceManager>::make(std::move(access));
+
+    sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
+
     EXPECT_EQ(sm->registerForNotifications("foofoo", cb).exceptionCode(),
         Status::EX_SECURITY);
 }
commit	b9e1cbe595b9c8d212e37e223eea0b66a2b642b0	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed Feb 01 22:44:45 2023 +0000
committer	Steven Moreland <smoreland@google.com>	Wed Feb 01 22:54:40 2023 +0000
tree	c1c5ca680c93ddded326b7d5f12a865c40feaab4
parent	64e5571e62a0b7ad4c346cf785af94638e7f6776 [diff] [blame]