Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 74268e64 authored by Enrico Granata's avatar Enrico Granata
Browse files

VehicleHal::set() should not be able to tamper with a property's AVAILABLE status 

Properties being (UN)AVAILABLE is used as a one-way communication mechanism from the hardware
to the operating system, and not viceversa.

Add safety checks in our default HAL implementation to:
  - prevent Android from marking a property as UNAVAILABLE;
  - prevent Android from writing to an UNAVAILABLE property.

The combined effect of these two check is that only AVAILABLE properties are writable,
and they can never be flipped to UNAVAILABLE outside of the HAL implementation itself.

Bug: 74805437
Test: manual
Change-Id: Ib830427d604579015fa142f0fa76f8b73a68a452
parent 31857339

automotive/vehicle/2.0/default/impl/vhal_v2_0/EmulatedVehicleHal.cpp

+17 −0
Original line number Diff line number Diff line
@@ -138,6 +138,7 @@ StatusCode EmulatedVehicleHal::set(const VehiclePropValue& propValue) { 
            return status;

        }

    } else if (mHvacPowerProps.count(propValue.prop)) {

        // TODO(75328113): this should be handled by property status

        auto hvacPowerOn = mPropStore->readValueOrNull(

            toInt(VehicleProperty::HVAC_POWER_ON),

            (VehicleAreaZone::ROW_1_LEFT | VehicleAreaZone::ROW_1_RIGHT));
@@ -165,6 +166,22 @@ StatusCode EmulatedVehicleHal::set(const VehiclePropValue& propValue) { 
        }

    }



    if (propValue.status != VehiclePropertyStatus::AVAILABLE) {

        // Android side cannot set property status - this value is the

        // purview of the HAL implementation to reflect the state of

        // its underlying hardware

        return StatusCode::INVALID_ARG;

    }

    auto currentPropValue = mPropStore->readValueOrNull(propValue);



    if (currentPropValue == nullptr) {

        return StatusCode::INVALID_ARG;

    }

    if (currentPropValue->status != VehiclePropertyStatus::AVAILABLE) {

        // do not allow Android side to set() a disabled/error property

        return StatusCode::NOT_AVAILABLE;

    }



    if (!mPropStore->writeValue(propValue)) {

        return StatusCode::INVALID_ARG;

    }