Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 54e961f5 authored by Carmen Jackson's avatar Carmen Jackson Committed by Android Build Coastguard Worker
Browse files

Add Binder.clearCallingIdentity to TracingServiceProxy 

The TracingServiceProxy is called by traced, which runs as UID 9999 and
therefore doesn't have the required permissions to start a foreground service.

So, clear that calling identity so that the identity checked for this
permission is system_server, which does have the correct permissions.

We'll ensure that no other processes can utilize this path via selinux
rules.

Bug: 191391382
Test: Manually tested that before this change, I saw an
'ActivityManager: startForegroundService() not allowed' error when
taking a bugreport while a trace is running, while after this change the
bugreport was taken successfully with no errors, and the trace was
included in the bugreport.

Change-Id: I4ae68047d588dfc87225ddf41288dc4093a71313
Merged-In: I472fe8acc2e59e93afd8475f51b5f347cd3ccc5d
(cherry picked from commit 1a856d55)
parent 9dd561f2

services/core/java/com/android/server/tracing/TracingServiceProxy.java

+7 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ import android.content.Intent; 
import android.content.pm.PackageInfo;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager.NameNotFoundException;

import android.os.Binder;

import android.os.UserHandle;

import android.tracing.ITracingServiceProxy;

import android.util.Log;
@@ -30,6 +31,8 @@ import com.android.server.SystemService; 
 * TracingServiceProxy is the system_server intermediary between the Perfetto tracing daemon and the

 * system tracing app Traceur.

 *

 * Access to this service is restricted via SELinux. Normal apps do not have access.

 *

 * @hide

 */

public class TracingServiceProxy extends SystemService {
@@ -87,11 +90,15 @@ public class TracingServiceProxy extends SystemService { 
                intent.setAction(INTENT_ACTION_NOTIFY_SESSION_STOPPED);

            }



            final long identity = Binder.clearCallingIdentity();

            try {

                mContext.startForegroundServiceAsUser(intent, UserHandle.SYSTEM);

            } catch (RuntimeException e) {

                Log.e(TAG, "Failed to notifyTraceSessionEnded", e);

            } finally {

                Binder.restoreCallingIdentity(identity);

            }



        } catch (NameNotFoundException e) {

            Log.e(TAG, "Failed to locate Traceur", e);

        }