Merge "drmserver: use getCallingSid" (8109b2ee) · Commits · e / os / android_frameworks_av

drm/drmserver/DrmManagerService.cpp

+16 −9

Original line number	Diff line number	Diff line
		@@ -58,22 +58,26 @@ const char *DrmManagerService::get_perm_label(drm_perm_t perm) {
		return drm_perm_labels[index];
		}

		bool DrmManagerService::selinuxIsProtectedCallAllowed(pid_t spid, drm_perm_t perm) {
		bool DrmManagerService::selinuxIsProtectedCallAllowed(pid_t spid, const char* ssid, drm_perm_t perm) {
		if (selinux_enabled <= 0) {
		return true;
		}

		char *sctx;
		char *sctx = NULL;
		const char *selinux_class = "drmservice";
		const char *str_perm = get_perm_label(perm);

		if (ssid == NULL) {
		android_errorWriteLog(0x534e4554, "121035042");

		if (getpidcon(spid, &sctx) != 0) {
		ALOGE("SELinux: getpidcon(pid=%d) failed.\n", spid);
		return false;
		}
		}

		bool allowed = (selinux_check_access(sctx, drmserver_context, selinux_class,
		str_perm, NULL) == 0);
		bool allowed = (selinux_check_access(ssid ? ssid : sctx, drmserver_context,
		selinux_class, str_perm, NULL) == 0);
		freecon(sctx);

		return allowed;
		@@ -86,10 +90,11 @@ bool DrmManagerService::isProtectedCallAllowed(drm_perm_t perm) {
		IPCThreadState* ipcState = IPCThreadState::self();
		uid_t uid = ipcState->getCallingUid();
		pid_t spid = ipcState->getCallingPid();
		const char* ssid = ipcState->getCallingSid();

		for (unsigned int i = 0; i < trustedUids.size(); ++i) {
		if (trustedUids[i] == uid) {
		return selinuxIsProtectedCallAllowed(spid, perm);
		return selinuxIsProtectedCallAllowed(spid, ssid, perm);
		}
		}
		return false;
		@@ -97,7 +102,9 @@ bool DrmManagerService::isProtectedCallAllowed(drm_perm_t perm) {

		void DrmManagerService::instantiate() {
		ALOGV("instantiate");
		defaultServiceManager()->addService(String16("drm.drmManager"), new DrmManagerService());
		sp<DrmManagerService> service = new DrmManagerService();
		service->setRequestingSid(true);
		defaultServiceManager()->addService(String16("drm.drmManager"), service);

		if (0 >= trustedUids.size()) {
		// TODO

drm/drmserver/DrmManagerService.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -60,7 +60,7 @@ private:

		static const char *get_perm_label(drm_perm_t perm);

		static bool selinuxIsProtectedCallAllowed(pid_t spid, drm_perm_t perm);
		static bool selinuxIsProtectedCallAllowed(pid_t spid, const char* ssid, drm_perm_t perm);

		static bool isProtectedCallAllowed(drm_perm_t perm);