From 38ffbde17ee75e212f09ea5ac66859250b862a01 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Wed, 14 Jul 2021 14:35:12 -0600
Subject: Root UID can synthesize AttributionSource values.

We trust any incoming value from the system UID, so we should also
trust values coming from the root UID, which includes many shell
commands such as "svc".

Bug: 193659633
Test: atest BluetoothInstrumentationTests:com.android.bluetooth.btservice.AdapterServiceTest --rerun-until-failure 100
Change-Id: Ied07731345f08fc3c4df465a3773e35c8df7c59a
---
 core/java/android/content/AttributionSource.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'core/java/android')

diff --git a/core/java/android/content/AttributionSource.java b/core/java/android/content/AttributionSource.java
index 0e22705146af..bdb7900b5bb9 100644
--- a/core/java/android/content/AttributionSource.java
+++ b/core/java/android/content/AttributionSource.java
@@ -252,7 +252,8 @@ public final class AttributionSource implements Parcelable {
      */
     public boolean checkCallingUid() {
         final int callingUid = Binder.getCallingUid();
-        if (callingUid != Process.SYSTEM_UID
+        if (callingUid != Process.ROOT_UID
+                && callingUid != Process.SYSTEM_UID
                 && callingUid != mAttributionSourceState.uid) {
             return false;
         }
-- 
cgit v1.2.3