Loading services/gpuservice/Android.bp +18 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,13 @@ package { default_applicable_licenses: ["frameworks_native_license"], } aconfig_declarations { name: "gpuservice_flags", package: "com.android.frameworks.gpuservice.flags", container: "system", srcs: ["gpuservice_flags.aconfig"], } cc_defaults { name: "gpuservice_defaults", cflags: [ Loading @@ -19,6 +26,11 @@ cc_defaults { ], } cc_aconfig_library { name: "gpuservice_multiuser_flags_c_lib", aconfig_declarations: "gpuservice_flags", } cc_aconfig_library { name: "gpuservice_flags_c_lib", aconfig_declarations: "graphicsenv_flags", Loading Loading @@ -92,6 +104,9 @@ cc_library_static { srcs: [ ":libgpuservice_sources", ], shared_libs: [ "gpuservice_multiuser_flags_c_lib", ], } cc_defaults { Loading Loading @@ -126,4 +141,7 @@ cc_binary { static_libs: [ "libgpuservice", ], shared_libs: [ "gpuservice_multiuser_flags_c_lib", ], } services/gpuservice/GpuService.cpp +19 −4 Original line number Diff line number Diff line Loading @@ -24,7 +24,9 @@ #include <binder/IResultReceiver.h> #include <binder/Parcel.h> #include <binder/PermissionCache.h> #include <com_android_frameworks_gpuservice_flags.h> #include <cutils/properties.h> #include <cutils/multiuser.h> #include <gpumem/GpuMem.h> #include <gpuwork/GpuWork.h> #include <gpustats/GpuStats.h> Loading @@ -38,6 +40,8 @@ #include <thread> #include <memory> namespace gpuservice_flags = com::android::frameworks::gpuservice::flags; namespace android { using base::StringAppendF; Loading Loading @@ -113,12 +117,23 @@ void GpuService::toggleAngleAsSystemDriver(bool enabled) { // only system_server with the ACCESS_GPU_SERVICE permission is allowed to set // persist.graphics.egl if (gpuservice_flags::multiuser_permission_check()) { // retrieve the appid of Settings app on multiuser builds const int multiuserappid = multiuser_get_app_id(uid); if (multiuserappid != AID_SYSTEM || !PermissionCache::checkPermission(sAccessGpuServicePermission, pid, uid)) { ALOGE("Permission Denial: can't set persist.graphics.egl from setAngleAsSystemDriver() " "pid=%d, uid=%d\n, multiuserappid=%d", pid, uid, multiuserappid); return; } } else { if (uid != AID_SYSTEM || !PermissionCache::checkPermission(sAccessGpuServicePermission, pid, uid)) { ALOGE("Permission Denial: can't set persist.graphics.egl from setAngleAsSystemDriver() " "pid=%d, uid=%d\n", pid, uid); return; } } std::lock_guard<std::mutex> lock(mLock); if (enabled) { Loading services/gpuservice/gpuservice_flags.aconfig 0 → 100644 +12 −0 Original line number Diff line number Diff line package: "com.android.frameworks.gpuservice.flags" container: "system" flag { name: "multiuser_permission_check" namespace: "gpu" description: "Whether to consider headless system user mode/multiuser when checking toggleAngleAsSystemDriver permission." bug: "389867658" metadata { purpose: PURPOSE_BUGFIX } } services/gpuservice/tests/fuzzers/Android.bp +3 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,9 @@ cc_fuzz { "libgpuservice", "liblog", ], shared_libs: [ "gpuservice_multiuser_flags_c_lib", ], fuzz_config: { cc: [ "paulthomson@google.com", Loading services/gpuservice/tests/unittests/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -89,6 +89,7 @@ cc_test { ], header_libs: ["bpf_headers"], shared_libs: [ "gpuservice_multiuser_flags_c_lib", "libbase", "libbinder", "libbpf_bcc", Loading Loading
services/gpuservice/Android.bp +18 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,13 @@ package { default_applicable_licenses: ["frameworks_native_license"], } aconfig_declarations { name: "gpuservice_flags", package: "com.android.frameworks.gpuservice.flags", container: "system", srcs: ["gpuservice_flags.aconfig"], } cc_defaults { name: "gpuservice_defaults", cflags: [ Loading @@ -19,6 +26,11 @@ cc_defaults { ], } cc_aconfig_library { name: "gpuservice_multiuser_flags_c_lib", aconfig_declarations: "gpuservice_flags", } cc_aconfig_library { name: "gpuservice_flags_c_lib", aconfig_declarations: "graphicsenv_flags", Loading Loading @@ -92,6 +104,9 @@ cc_library_static { srcs: [ ":libgpuservice_sources", ], shared_libs: [ "gpuservice_multiuser_flags_c_lib", ], } cc_defaults { Loading Loading @@ -126,4 +141,7 @@ cc_binary { static_libs: [ "libgpuservice", ], shared_libs: [ "gpuservice_multiuser_flags_c_lib", ], }
services/gpuservice/GpuService.cpp +19 −4 Original line number Diff line number Diff line Loading @@ -24,7 +24,9 @@ #include <binder/IResultReceiver.h> #include <binder/Parcel.h> #include <binder/PermissionCache.h> #include <com_android_frameworks_gpuservice_flags.h> #include <cutils/properties.h> #include <cutils/multiuser.h> #include <gpumem/GpuMem.h> #include <gpuwork/GpuWork.h> #include <gpustats/GpuStats.h> Loading @@ -38,6 +40,8 @@ #include <thread> #include <memory> namespace gpuservice_flags = com::android::frameworks::gpuservice::flags; namespace android { using base::StringAppendF; Loading Loading @@ -113,12 +117,23 @@ void GpuService::toggleAngleAsSystemDriver(bool enabled) { // only system_server with the ACCESS_GPU_SERVICE permission is allowed to set // persist.graphics.egl if (gpuservice_flags::multiuser_permission_check()) { // retrieve the appid of Settings app on multiuser builds const int multiuserappid = multiuser_get_app_id(uid); if (multiuserappid != AID_SYSTEM || !PermissionCache::checkPermission(sAccessGpuServicePermission, pid, uid)) { ALOGE("Permission Denial: can't set persist.graphics.egl from setAngleAsSystemDriver() " "pid=%d, uid=%d\n, multiuserappid=%d", pid, uid, multiuserappid); return; } } else { if (uid != AID_SYSTEM || !PermissionCache::checkPermission(sAccessGpuServicePermission, pid, uid)) { ALOGE("Permission Denial: can't set persist.graphics.egl from setAngleAsSystemDriver() " "pid=%d, uid=%d\n", pid, uid); return; } } std::lock_guard<std::mutex> lock(mLock); if (enabled) { Loading
services/gpuservice/gpuservice_flags.aconfig 0 → 100644 +12 −0 Original line number Diff line number Diff line package: "com.android.frameworks.gpuservice.flags" container: "system" flag { name: "multiuser_permission_check" namespace: "gpu" description: "Whether to consider headless system user mode/multiuser when checking toggleAngleAsSystemDriver permission." bug: "389867658" metadata { purpose: PURPOSE_BUGFIX } }
services/gpuservice/tests/fuzzers/Android.bp +3 −0 Original line number Diff line number Diff line Loading @@ -13,6 +13,9 @@ cc_fuzz { "libgpuservice", "liblog", ], shared_libs: [ "gpuservice_multiuser_flags_c_lib", ], fuzz_config: { cc: [ "paulthomson@google.com", Loading
services/gpuservice/tests/unittests/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -89,6 +89,7 @@ cc_test { ], header_libs: ["bpf_headers"], shared_libs: [ "gpuservice_multiuser_flags_c_lib", "libbase", "libbinder", "libbpf_bcc", Loading
