Merge "audioflinger: Pass pid of process creating track or opening record" into nyc-dev (a0e10ff0) · Commits · e / os / android_frameworks_av

include/media/IAudioFlinger.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,7 @@ public:
		// reference and will release it when the track is destroyed.
		// However on failure, the client is responsible for release.
		audio_io_handle_t output,
		pid_t pid,
		pid_t tid, // -1 means unused, otherwise must be valid non-0
		audio_session_t *sessionId,
		int clientUid,
		@@ -89,6 +90,7 @@ public:
		const String16& callingPackage,
		size_t *pFrameCount,
		track_flags_t *flags,
		pid_t pid,
		pid_t tid, // -1 means unused, otherwise must be valid non-0
		int clientUid,
		audio_session_t *sessionId,

media/libmedia/AudioRecord.cpp

+1 −0

Original line number	Diff line number	Diff line
		@@ -615,6 +615,7 @@ status_t AudioRecord::openRecord_l(const Modulo<uint32_t> &epoch, const String16
		opPackageName,
		&temp,
		&trackFlags,
		mClientPid,
		tid,
		mClientUid,
		&mSessionId,

media/libmedia/AudioTrack.cpp

+1 −0

Original line number	Diff line number	Diff line
		@@ -1401,6 +1401,7 @@ status_t AudioTrack::createTrack_l()
		&trackFlags,
		mSharedBuffer,
		output,
		mClientPid,
		tid,
		&mSessionId,
		mClientUid,

media/libmedia/IAudioFlinger.cpp

+10 −3

Original line number	Diff line number	Diff line
		@@ -104,6 +104,7 @@ public:
		track_flags_t *flags,
		const sp<IMemory>& sharedBuffer,
		audio_io_handle_t output,
		pid_t pid,
		pid_t tid,
		audio_session_t *sessionId,
		int clientUid,
		@@ -128,6 +129,7 @@ public:
		data.writeInt32(false);
		}
		data.writeInt32((int32_t) output);
		data.writeInt32((int32_t) pid);
		data.writeInt32((int32_t) tid);
		audio_session_t lSessionId = AUDIO_SESSION_ALLOCATE;
		if (sessionId != NULL) {
		@@ -179,6 +181,7 @@ public:
		const String16& opPackageName,
		size_t *pFrameCount,
		track_flags_t *flags,
		pid_t pid,
		pid_t tid,
		int clientUid,
		audio_session_t *sessionId,
		@@ -199,6 +202,7 @@ public:
		data.writeInt64(frameCount);
		track_flags_t lFlags = flags != NULL ? *flags : (track_flags_t) TRACK_DEFAULT;
		data.writeInt32(lFlags);
		data.writeInt32((int32_t) pid);
		data.writeInt32((int32_t) tid);
		data.writeInt32((int32_t) clientUid);
		audio_session_t lSessionId = AUDIO_SESSION_ALLOCATE;
		@@ -950,6 +954,7 @@ status_t BnAudioFlinger::onTransact(
		buffer = interface_cast<IMemory>(data.readStrongBinder());
		}
		audio_io_handle_t output = (audio_io_handle_t) data.readInt32();
		pid_t pid = (pid_t) data.readInt32();
		pid_t tid = (pid_t) data.readInt32();
		audio_session_t sessionId = (audio_session_t) data.readInt32();
		int clientUid = data.readInt32();
		@@ -962,7 +967,7 @@ status_t BnAudioFlinger::onTransact(
		} else {
		track = createTrack(
		(audio_stream_type_t) streamType, sampleRate, format,
		channelMask, &frameCount, &flags, buffer, output, tid,
		channelMask, &frameCount, &flags, buffer, output, pid, tid,
		&sessionId, clientUid, &status);
		LOG_ALWAYS_FATAL_IF((track != 0) != (status == NO_ERROR));
		}
		@@ -982,6 +987,7 @@ status_t BnAudioFlinger::onTransact(
		const String16& opPackageName = data.readString16();
		size_t frameCount = data.readInt64();
		track_flags_t flags = (track_flags_t) data.readInt32();
		pid_t pid = (pid_t) data.readInt32();
		pid_t tid = (pid_t) data.readInt32();
		int clientUid = data.readInt32();
		audio_session_t sessionId = (audio_session_t) data.readInt32();
		@@ -990,8 +996,9 @@ status_t BnAudioFlinger::onTransact(
		sp<IMemory> buffers;
		status_t status = NO_ERROR;
		sp<IAudioRecord> record = openRecord(input,
		sampleRate, format, channelMask, opPackageName, &frameCount, &flags, tid,
		clientUid, &sessionId, &notificationFrames, cblk, buffers, &status);
		sampleRate, format, channelMask, opPackageName, &frameCount, &flags,
		pid, tid, clientUid, &sessionId, &notificationFrames, cblk, buffers,
		&status);
		LOG_ALWAYS_FATAL_IF((record != 0) != (status == NO_ERROR));
		reply->writeInt64(frameCount);
		reply->writeInt32(flags);

services/audioflinger/AudioFlinger.cpp

+21 −2

Original line number	Diff line number	Diff line
		@@ -571,6 +571,7 @@ sp<IAudioTrack> AudioFlinger::createTrack(
		IAudioFlinger::track_flags_t *flags,
		const sp<IMemory>& sharedBuffer,
		audio_io_handle_t output,
		pid_t pid,
		pid_t tid,
		audio_session_t *sessionId,
		int clientUid,
		@@ -582,6 +583,15 @@ sp<IAudioTrack> AudioFlinger::createTrack(
		status_t lStatus;
		audio_session_t lSessionId;

		const uid_t callingUid = IPCThreadState::self()->getCallingUid();
		if (pid == -1 \|\| !isTrustedCallingUid(callingUid)) {
		const pid_t callingPid = IPCThreadState::self()->getCallingPid();
		ALOGW_IF(pid != -1 && pid != callingPid,
		"%s uid %d pid %d tried to pass itself off as pid %d",
		__func__, callingUid, callingPid, pid);
		pid = callingPid;
		}

		// client AudioTrack::set already implements AUDIO_STREAM_DEFAULT => AUDIO_STREAM_MUSIC,
		// but if someone uses binder directly they could bypass that and cause us to crash
		if (uint32_t(streamType) >= AUDIO_STREAM_CNT) {
		@@ -626,7 +636,6 @@ sp<IAudioTrack> AudioFlinger::createTrack(
		goto Exit;
		}

		pid_t pid = IPCThreadState::self()->getCallingPid();
		client = registerPid(pid);

		PlaybackThread *effectThread = NULL;
		@@ -1447,6 +1456,7 @@ sp<IAudioRecord> AudioFlinger::openRecord(
		const String16& opPackageName,
		size_t *frameCount,
		IAudioFlinger::track_flags_t *flags,
		pid_t pid,
		pid_t tid,
		int clientUid,
		audio_session_t *sessionId,
		@@ -1464,11 +1474,21 @@ sp<IAudioRecord> AudioFlinger::openRecord(
		cblk.clear();
		buffers.clear();

		bool updatePid = (pid == -1);
		const uid_t callingUid = IPCThreadState::self()->getCallingUid();
		if (!isTrustedCallingUid(callingUid)) {
		ALOGW_IF((uid_t)clientUid != callingUid,
		"%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, clientUid);
		clientUid = callingUid;
		updatePid = true;
		}

		if (updatePid) {
		const pid_t callingPid = IPCThreadState::self()->getCallingPid();
		ALOGW_IF(pid != -1 && pid != callingPid,
		"%s uid %d pid %d tried to pass itself off as pid %d",
		__func__, callingUid, callingPid, pid);
		pid = callingPid;
		}

		// check calling permissions
		@@ -1508,7 +1528,6 @@ sp<IAudioRecord> AudioFlinger::openRecord(
		goto Exit;
		}

		pid_t pid = IPCThreadState::self()->getCallingPid();
		client = registerPid(pid);

		if (sessionId != NULL && *sessionId != AUDIO_SESSION_ALLOCATE) {