Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0b4c80ac authored by Daniel Nicoara's avatar Daniel Nicoara
Browse files

Restrict VR HWC access to services with RESTRICTED_VR_ACCESS permission 

Bug: 37542947
Test: Compiled
Change-Id: I0880e6a2caaf32f111ae70ba1d54f59960796287
parent e937eb86

services/vr/hardware_composer/vr_composer.cpp

+21 −0
Original line number Diff line number Diff line 
#include "vr_composer.h"



#include <binder/IPCThreadState.h>

#include <binder/PermissionCache.h>



namespace android {

namespace dvr {

namespace {



bool CheckPermission() {

  const android::IPCThreadState* ipc = android::IPCThreadState::self();

  const pid_t pid = ipc->getCallingPid();

  const uid_t uid = ipc->getCallingUid();

  const bool permission = PermissionCache::checkPermission(

      String16("android.permission.RESTRICTED_VR_ACCESS"), pid, uid);

  if (!permission)

    ALOGE("permission denied to pid=%d uid=%u", pid, uid);



  return permission;

}



}  // namespace



VrComposer::VrComposer() {}
@@ -11,6 +29,9 @@ binder::Status VrComposer::registerObserver( 
    const sp<IVrComposerCallback>& callback) {

  std::lock_guard<std::mutex> guard(mutex_);



  if (!CheckPermission())

    return binder::Status::fromStatusT(PERMISSION_DENIED);



  if (callback_.get()) {

    ALOGE("Failed to register callback, already registered");

    return binder::Status::fromStatusT(ALREADY_EXISTS);