ServiceManager: Restore basic uid check
Prevent apps from registering services without relying on selinux checks.
Bug: 29431260
Change-Id: I38c6e8bc7f7cba1cbd3568e8fed1ae7ac2054a9b
diff --git a/cmds/servicemanager/service_manager.c b/cmds/servicemanager/service_manager.c
index 21fdff0..8a8e688 100644
--- a/cmds/servicemanager/service_manager.c
+++ b/cmds/servicemanager/service_manager.c
@@ -121,6 +121,11 @@
static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)
{
const char *perm = "add";
+
+ if (uid >= AID_APP) {
+ return 0; /* Don't allow apps to register services */
+ }
+
return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;
}