Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3f2638b5 authored by Kiyoung Kim's avatar Kiyoung Kim
Browse files

Do not check selinux access for PermissionCache 

Change to check selinux for PermissionCache failed because
surfaceflinger did not have access to selinuxfs. Based on the
discussion, it would be better to check PermissionCache without any
further access check, as its failure would mean the same. This change
removes additional access check from dump.

Bug: 313804706
Test: com.google.android.selinux.pts.SELinuxTest#scanBugreport passed
from cheetah

Change-Id: I5f6f882e270d71bc1da37360c6512cac66dd04a9
parent ab3bf02f

libs/gui/Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -385,7 +385,6 @@ cc_defaults { 
        "libhidlbase",

        "liblog",

        "libnativewindow",

        "libselinux",

        "libsync",

        "libui",

        "libutils",

libs/gui/BufferQueueConsumer.cpp

+8 −45
Original line number Diff line number Diff line
@@ -38,43 +38,10 @@ 
#include <private/gui/BufferQueueThreadState.h>

#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)

#include <binder/PermissionCache.h>

#include <selinux/android.h>

#include <selinux/selinux.h>

#endif



#include <system/window.h>



namespace {

#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)

int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT

    // DO NOTHING

    return 0;

}



bool hasAccessToPermissionService() {

    char* ctx;



    if (getcon(&ctx) == -1) {

        // Failed to get current selinux context

        return false;

    }



    union selinux_callback cb;



    cb.func_log = selinux_log_suppress_callback;

    selinux_set_callback(SELINUX_CB_LOG, cb);



    bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0",

                                          "service_manager", "find", NULL) == 0;

    freecon(ctx);

    cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback;

    selinux_set_callback(SELINUX_CB_LOG, cb);



    return hasAccess;

}

#endif

} // namespace



namespace android {



// Macros for include BufferQueueCore information in log messages
@@ -843,10 +810,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul 
    const uid_t uid = BufferQueueThreadState::getCallingUid();

#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)

    // permission check can't be done for vendors as vendors have no access to

    // the PermissionController. We need to do a runtime check as well, since

    // the system variant of libgui can be loaded in a vendor process. For eg:

    // if a HAL uses an llndk library that depends on libgui (libmediandk etc).

    if (hasAccessToPermissionService()) {

    // the PermissionController.

    const pid_t pid = BufferQueueThreadState::getCallingPid();

    if ((uid != shellUid) &&

        !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
@@ -855,7 +819,6 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul 
                                pid, uid);

        denied = true;

    }

    }

#else

    if (uid != shellUid) {

        denied = true;