Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b04725f authored by Jeff Brown's avatar Jeff Brown Committed by Dan Stoza
Browse files

Bypass surface flinger permission check for calls from system. 

Early during the boot, before activity manager is ready to handle
permission checks, the system needs to be able to change the display
state.  Added a hardcoded exemption for AID_SYSTEM (which already
has permission to talk to surface flinger anyhow).

Bug: 19029490
Change-Id: I6222edcab8e394e5fb6adf7a982be446e4505a1e
(cherry picked from commit 3bfe51d7)
parent ae569747

services/surfaceflinger/Client.cpp

+1 −1
Original line number Diff line number Diff line
@@ -93,7 +93,7 @@ status_t Client::onTransact( 
     const int pid = ipc->getCallingPid();

     const int uid = ipc->getCallingUid();

     const int self_pid = getpid();

     if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != 0)) {

     if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0)) {

         // we're called from a different process, do the real check

         if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger))

         {

services/surfaceflinger/SurfaceFlinger.cpp

+1 −1
Original line number Diff line number Diff line
@@ -2807,7 +2807,7 @@ status_t SurfaceFlinger::onTransact( 
            IPCThreadState* ipc = IPCThreadState::self();

            const int pid = ipc->getCallingPid();

            const int uid = ipc->getCallingUid();

            if ((uid != AID_GRAPHICS) &&

            if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&

                    !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {

                ALOGE("Permission Denial: "

                        "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);