From cb732dc9fdb47cda1a94b844fc6d4f5c4a703127 Mon Sep 17 00:00:00 2001
From: Alan Stokes <alanstokes@google.com>
Date: Tue, 16 Nov 2021 15:18:13 +0000
Subject: [PATCH] Check calling user in composd.

Access to our service is already restricted by selinux, so this is
really just an extra safety check.

Test: Run composd
Bug: 186126194
Change-Id: Ib997c4bb282ac1c3d654d57bb84845a455893f2c
---
 compos/composd/Android.bp     |  1 +
 compos/composd/src/service.rs | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/compos/composd/Android.bp b/compos/composd/Android.bp
index ecfea613..8391ed61 100644
--- a/compos/composd/Android.bp
+++ b/compos/composd/Android.bp
@@ -19,6 +19,7 @@ rust_binary {
         "libcomposd_native_rust",
         "libnum_traits",
         "liblog_rust",
+        "librustutils",
         "libshared_child",
     ],
     proc_macros: ["libnum_derive"],
diff --git a/compos/composd/src/service.rs b/compos/composd/src/service.rs
index 351eae92..4d9dc583 100644
--- a/compos/composd/src/service.rs
+++ b/compos/composd/src/service.rs
@@ -25,12 +25,15 @@ use android_system_composd::aidl::android::system::composd::{
     ICompilationTaskCallback::ICompilationTaskCallback,
     IIsolatedCompilationService::{BnIsolatedCompilationService, IIsolatedCompilationService},
 };
-use android_system_composd::binder::{self, BinderFeatures, Interface, Strong};
+use android_system_composd::binder::{
+    self, BinderFeatures, ExceptionCode, Interface, Status, Strong, ThreadState,
+};
 use anyhow::{Context, Result};
 use binder_common::new_binder_service_specific_error;
 use compos_aidl_interface::aidl::com::android::compos::{
     CompilationResult::CompilationResult, FdAnnotation::FdAnnotation,
 };
+use rustutils::users::{AID_ROOT, AID_SYSTEM};
 
 pub struct IsolatedCompilationService {
     instance_manager: InstanceManager,
@@ -48,7 +51,11 @@ impl IIsolatedCompilationService for IsolatedCompilationService {
         &self,
         callback: &Strong<dyn ICompilationTaskCallback>,
     ) -> binder::Result<Strong<dyn ICompilationTask>> {
-        // TODO - check caller is system or shell/root?
+        let calling_uid = ThreadState::get_calling_uid();
+        // This should only be called by system server, or root while testing
+        if calling_uid != AID_SYSTEM && calling_uid != AID_ROOT {
+            return Err(Status::new_exception(ExceptionCode::SECURITY, None));
+        }
         to_binder_result(self.do_start_test_compile(callback))
     }
 
@@ -57,7 +64,11 @@ impl IIsolatedCompilationService for IsolatedCompilationService {
         args: &[String],
         fd_annotation: &FdAnnotation,
     ) -> binder::Result<CompilationResult> {
-        // TODO - check caller is odrefresh
+        let calling_uid = ThreadState::get_calling_uid();
+        // This should only be called by odrefresh, which runs as root
+        if calling_uid != AID_ROOT {
+            return Err(Status::new_exception(ExceptionCode::SECURITY, None));
+        }
         to_binder_result(self.do_compile_cmd(args, fd_annotation))
     }