Add dump permission check in the MediaExtractorFactory::dump(int fd, const... (8bf5518c) · Commits · e / os / android_frameworks_av

media/libstagefright/MediaExtractorFactory.cpp

+23 −10

Original line number	Diff line number	Diff line
		@@ -18,6 +18,8 @@
		#define LOG_TAG "MediaExtractorFactory"
		#include <utils/Log.h>

		#include <binder/IPCThreadState.h>
		#include <binder/PermissionCache.h>
		#include <binder/IServiceManager.h>
		#include <media/DataSource.h>
		#include <media/MediaAnalyticsItem.h>
		@@ -320,6 +322,16 @@ void MediaExtractorFactory::UpdateExtractors(const char *newUpdateApkPath) {
		status_t MediaExtractorFactory::dump(int fd, const Vector<String16>&) {
		Mutex::Autolock autoLock(gPluginMutex);
		String8 out;

		const IPCThreadState* ipc = IPCThreadState::self();
		const int pid = ipc->getCallingPid();
		const int uid = ipc->getCallingUid();
		if (!PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
		// dumpExtractors() will append the following string.
		// out.appendFormat("Permission Denial: "
		// "can't dump MediaExtractor from pid=%d, uid=%d\n", pid, uid);
		ALOGE("Permission Denial: can't dump MediaExtractor from pid=%d, uid=%d", pid, uid);
		} else {
		out.append("Available extractors:\n");
		if (gPluginsRegistered) {
		for (auto it = gPlugins->begin(); it != gPlugins->end(); ++it) {
		@@ -332,6 +344,7 @@ status_t MediaExtractorFactory::dump(int fd, const Vector<String16>&) {
		} else {
		out.append(" (no plugins registered)\n");
		}
		}
		write(fd, out.string(), out.size());
		return OK;
		}