Loading libs/gui/Android.bp +1 −1 Original line number Diff line number Diff line Loading @@ -385,10 +385,10 @@ cc_defaults { "libhidlbase", "liblog", "libnativewindow", "libselinux", "libsync", "libui", "libutils", "libvndksupport", ], static_libs: [ Loading libs/gui/BufferQueueConsumer.cpp +35 −3 Original line number Diff line number Diff line Loading @@ -36,13 +36,45 @@ #include <gui/TraceUtils.h> #include <private/gui/BufferQueueThreadState.h> #ifndef __ANDROID_VNDK__ #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) #include <binder/PermissionCache.h> #include <vndksupport/linker.h> #include <selinux/android.h> #include <selinux/selinux.h> #endif #include <system/window.h> namespace { #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT // DO NOTHING return 0; } bool hasAccessToPermissionService() { char* ctx; if (getcon(&ctx) == -1) { // Failed to get current selinux context return false; } union selinux_callback cb; cb.func_log = selinux_log_suppress_callback; selinux_set_callback(SELINUX_CB_LOG, cb); bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0", "service_manager", "find", NULL) == 0; freecon(ctx); cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback; selinux_set_callback(SELINUX_CB_LOG, cb); return hasAccess; } #endif } // namespace namespace android { // Macros for include BufferQueueCore information in log messages Loading Loading @@ -814,7 +846,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul // the PermissionController. We need to do a runtime check as well, since // the system variant of libgui can be loaded in a vendor process. For eg: // if a HAL uses an llndk library that depends on libgui (libmediandk etc). if (!android_is_in_vendor_process()) { if (hasAccessToPermissionService()) { const pid_t pid = BufferQueueThreadState::getCallingPid(); if ((uid != shellUid) && !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { Loading Loading
libs/gui/Android.bp +1 −1 Original line number Diff line number Diff line Loading @@ -385,10 +385,10 @@ cc_defaults { "libhidlbase", "liblog", "libnativewindow", "libselinux", "libsync", "libui", "libutils", "libvndksupport", ], static_libs: [ Loading
libs/gui/BufferQueueConsumer.cpp +35 −3 Original line number Diff line number Diff line Loading @@ -36,13 +36,45 @@ #include <gui/TraceUtils.h> #include <private/gui/BufferQueueThreadState.h> #ifndef __ANDROID_VNDK__ #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) #include <binder/PermissionCache.h> #include <vndksupport/linker.h> #include <selinux/android.h> #include <selinux/selinux.h> #endif #include <system/window.h> namespace { #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT // DO NOTHING return 0; } bool hasAccessToPermissionService() { char* ctx; if (getcon(&ctx) == -1) { // Failed to get current selinux context return false; } union selinux_callback cb; cb.func_log = selinux_log_suppress_callback; selinux_set_callback(SELINUX_CB_LOG, cb); bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0", "service_manager", "find", NULL) == 0; freecon(ctx); cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback; selinux_set_callback(SELINUX_CB_LOG, cb); return hasAccess; } #endif } // namespace namespace android { // Macros for include BufferQueueCore information in log messages Loading Loading @@ -814,7 +846,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul // the PermissionController. We need to do a runtime check as well, since // the system variant of libgui can be loaded in a vendor process. For eg: // if a HAL uses an llndk library that depends on libgui (libmediandk etc). if (!android_is_in_vendor_process()) { if (hasAccessToPermissionService()) { const pid_t pid = BufferQueueThreadState::getCallingPid(); if ((uid != shellUid) && !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { Loading
