Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f2a4bd80 authored by Daniel Nicoara's avatar Daniel Nicoara Committed by Android (Google) Code Review
Browse files

Merge changes from topic 'allow-vrcore' into oc-dev 

* changes:
  Check for caller permissions in virtual touchpad service
  Restrict VR HWC access to services with RESTRICTED_VR_ACCESS permission
parents 07b920e0 cc41f506

services/vr/hardware_composer/vr_composer.cpp

+21 −0
Original line number Diff line number Diff line 
#include "vr_composer.h"



#include <binder/IPCThreadState.h>

#include <binder/PermissionCache.h>



namespace android {

namespace dvr {

namespace {



bool CheckPermission() {

  const android::IPCThreadState* ipc = android::IPCThreadState::self();

  const pid_t pid = ipc->getCallingPid();

  const uid_t uid = ipc->getCallingUid();

  const bool permission = PermissionCache::checkPermission(

      String16("android.permission.RESTRICTED_VR_ACCESS"), pid, uid);

  if (!permission)

    ALOGE("permission denied to pid=%d uid=%u", pid, uid);



  return permission;

}



}  // namespace



VrComposer::VrComposer() {}
@@ -11,6 +29,9 @@ binder::Status VrComposer::registerObserver( 
    const sp<IVrComposerCallback>& callback) {

  std::lock_guard<std::mutex> guard(mutex_);



  if (!CheckPermission())

    return binder::Status::fromStatusT(PERMISSION_DENIED);



  if (callback_.get()) {

    ALOGE("Failed to register callback, already registered");

    return binder::Status::fromStatusT(ALREADY_EXISTS);

services/vr/virtual_touchpad/Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -80,7 +80,6 @@ cc_binary { 
    cppflags: ["-std=c++11"],

    cflags: [

        "-DLOG_TAG=\"VrVirtualTouchpad\"",

        "-DSELINUX_ACCESS_CONTROL",

    ],

    host_ldlibs: ["-llog"],

    name: "virtual_touchpad",

services/vr/virtual_touchpad/VirtualTouchpadService.cpp

+0 −4
Original line number Diff line number Diff line
@@ -122,9 +122,6 @@ bool VirtualTouchpadService::CheckPermissions() { 
bool VirtualTouchpadService::CheckTouchPermission(pid_t* out_pid) {

  const android::IPCThreadState* ipc = android::IPCThreadState::self();

  *out_pid = ipc->getCallingPid();

#ifdef SELINUX_ACCESS_CONTROL

  return true;

#else

  const uid_t uid = ipc->getCallingUid();

  const bool permission = PermissionCache::checkPermission(kTouchPermission, *out_pid, uid);

  if (!permission) {
@@ -132,7 +129,6 @@ bool VirtualTouchpadService::CheckTouchPermission(pid_t* out_pid) { 
          static_cast<long>(uid));

  }

  return permission;

#endif

}



}  // namespace dvr