aaudio: prevent apps from affecting a stream they do not own (2ac035fd) · Commits · e / os / android_frameworks_av

media/libaaudio/src/binding/AAudioBinderClient.cpp

+0 −4

Original line number	Diff line number	Diff line
		@@ -159,23 +159,19 @@ aaudio_result_t AAudioBinderClient::flushStream(aaudio_handle_t streamHandle) {
		* Manage the specified thread as a low latency audio thread.
		*/
		aaudio_result_t AAudioBinderClient::registerAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId,
		int64_t periodNanoseconds) {
		const sp<IAAudioService> &service = getAAudioService();
		if (service == 0) return AAUDIO_ERROR_NO_SERVICE;
		return service->registerAudioThread(streamHandle,
		clientProcessId,
		clientThreadId,
		periodNanoseconds);
		}

		aaudio_result_t AAudioBinderClient::unregisterAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId) {
		const sp<IAAudioService> &service = getAAudioService();
		if (service == 0) return AAUDIO_ERROR_NO_SERVICE;
		return service->unregisterAudioThread(streamHandle,
		clientProcessId,
		clientThreadId);
		}

media/libaaudio/src/binding/AAudioBinderClient.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -82,12 +82,10 @@ public:
		* TODO Consider passing this information as part of the startStream() call.
		*/
		aaudio_result_t registerAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId,
		int64_t periodNanoseconds) override;

		aaudio_result_t unregisterAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId) override;
		};

media/libaaudio/src/binding/AAudioServiceInterface.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -76,12 +76,10 @@ public:
		* Manage the specified thread as a low latency audio thread.
		*/
		virtual aaudio_result_t registerAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId,
		int64_t periodNanoseconds) = 0;

		virtual aaudio_result_t unregisterAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId) = 0;
		};

media/libaaudio/src/binding/AAudioStreamRequest.cpp

+1 −6

Original line number	Diff line number	Diff line
		@@ -45,8 +45,7 @@ AAudioStreamRequest::~AAudioStreamRequest() {}
		status_t AAudioStreamRequest::writeToParcel(Parcel* parcel) const {
		status_t status = parcel->writeInt32((int32_t) mUserId);
		if (status != NO_ERROR) goto error;
		status = parcel->writeInt32((int32_t) mProcessId);
		if (status != NO_ERROR) goto error;

		status = parcel->writeInt32((int32_t) mDirection);
		if (status != NO_ERROR) goto error;

		@@ -68,10 +67,6 @@ status_t AAudioStreamRequest::readFromParcel(const Parcel* parcel) {
		if (status != NO_ERROR) goto error;
		mUserId = (uid_t) temp;

		status = parcel->readInt32(&temp);
		if (status != NO_ERROR) goto error;
		mProcessId = (pid_t) temp;

		status = parcel->readInt32(&temp);
		if (status != NO_ERROR) goto error;
		mDirection = (aaudio_direction_t) temp;

media/libaaudio/src/binding/IAAudioService.cpp

+9 −14

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		*/

		#include <aaudio/AAudio.h>
		#include <binder/IPCThreadState.h>

		#include "binding/AudioEndpointParcelable.h"
		#include "binding/AAudioStreamRequest.h"
		@@ -185,7 +186,6 @@ public:
		}

		virtual aaudio_result_t registerAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId,
		int64_t periodNanoseconds)
		override {
		@@ -193,7 +193,6 @@ public:
		// send command
		data.writeInterfaceToken(IAAudioService::getInterfaceDescriptor());
		data.writeInt32(streamHandle);
		data.writeInt32((int32_t) clientProcessId);
		data.writeInt32((int32_t) clientThreadId);
		data.writeInt64(periodNanoseconds);
		status_t err = remote()->transact(REGISTER_AUDIO_THREAD, data, &reply);
		@@ -207,14 +206,12 @@ public:
		}

		virtual aaudio_result_t unregisterAudioThread(aaudio_handle_t streamHandle,
		pid_t clientProcessId,
		pid_t clientThreadId)
		override {
		Parcel data, reply;
		// send command
		data.writeInterfaceToken(IAAudioService::getInterfaceDescriptor());
		data.writeInt32(streamHandle);
		data.writeInt32((int32_t) clientProcessId);
		data.writeInt32((int32_t) clientThreadId);
		status_t err = remote()->transact(UNREGISTER_AUDIO_THREAD, data, &reply);
		if (err != NO_ERROR) {
		@@ -239,7 +236,6 @@ status_t BnAAudioService::onTransact(uint32_t code, const Parcel& data,
		aaudio_handle_t stream;
		aaudio::AAudioStreamRequest request;
		aaudio::AAudioStreamConfiguration configuration;
		pid_t pid;
		pid_t tid;
		int64_t nanoseconds;
		aaudio_result_t result;
		@@ -249,12 +245,13 @@ status_t BnAAudioService::onTransact(uint32_t code, const Parcel& data,
		case OPEN_STREAM: {
		CHECK_INTERFACE(IAAudioService, data, reply);
		request.readFromParcel(&data);

		//ALOGD("BnAAudioService::client openStream request dump --------------------");
		//request.dump();

		// Override the uid and pid from the client in case they are incorrect.
		request.setUserId(IPCThreadState::self()->getCallingUid());
		request.setProcessId(IPCThreadState::self()->getCallingPid());
		stream = openStream(request, configuration);
		//ALOGD("BnAAudioService::onTransact OPEN_STREAM server handle = 0x%08X", stream);
		//ALOGD("BnAAudioService::onTransact OPEN_STREAM server handle = 0x%08X ----", stream);
		reply->writeInt32(stream);
		configuration.writeToParcel(reply);
		return NO_ERROR;
		@@ -332,10 +329,9 @@ status_t BnAAudioService::onTransact(uint32_t code, const Parcel& data,
		case REGISTER_AUDIO_THREAD: {
		CHECK_INTERFACE(IAAudioService, data, reply);
		data.readInt32(&stream);
		data.readInt32(&pid);
		data.readInt32(&tid);
		data.readInt64(&nanoseconds);
		result = registerAudioThread(stream, pid, tid, nanoseconds);
		result = registerAudioThread(stream, tid, nanoseconds);
		ALOGV("BnAAudioService::onTransact REGISTER_AUDIO_THREAD 0x%08X, result = %d",
		stream, result);
		reply->writeInt32(result);
		@@ -345,9 +341,8 @@ status_t BnAAudioService::onTransact(uint32_t code, const Parcel& data,
		case UNREGISTER_AUDIO_THREAD: {
		CHECK_INTERFACE(IAAudioService, data, reply);
		data.readInt32(&stream);
		data.readInt32(&pid);
		data.readInt32(&tid);
		result = unregisterAudioThread(stream, pid, tid);
		result = unregisterAudioThread(stream, tid);
		ALOGV("BnAAudioService::onTransact UNREGISTER_AUDIO_THREAD 0x%08X, result = %d",
		stream, result);
		reply->writeInt32(result);