Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4bf8807c authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Do not check selinux access for PermissionCache" into main

parents 84145b2e 3f2638b5
Loading
Loading
Loading
Loading
+0 −1
Original line number Original line Diff line number Diff line
@@ -387,7 +387,6 @@ cc_defaults {
        "libhidlbase",
        "libhidlbase",
        "liblog",
        "liblog",
        "libnativewindow",
        "libnativewindow",
        "libselinux",
        "libsync",
        "libsync",
        "libui",
        "libui",
        "libutils",
        "libutils",
+8 −45
Original line number Original line Diff line number Diff line
@@ -38,43 +38,10 @@
#include <private/gui/BufferQueueThreadState.h>
#include <private/gui/BufferQueueThreadState.h>
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
#include <binder/PermissionCache.h>
#include <binder/PermissionCache.h>
#include <selinux/android.h>
#include <selinux/selinux.h>
#endif
#endif


#include <system/window.h>
#include <system/window.h>


namespace {
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT
    // DO NOTHING
    return 0;
}

bool hasAccessToPermissionService() {
    char* ctx;

    if (getcon(&ctx) == -1) {
        // Failed to get current selinux context
        return false;
    }

    union selinux_callback cb;

    cb.func_log = selinux_log_suppress_callback;
    selinux_set_callback(SELINUX_CB_LOG, cb);

    bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0",
                                          "service_manager", "find", NULL) == 0;
    freecon(ctx);
    cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback;
    selinux_set_callback(SELINUX_CB_LOG, cb);

    return hasAccess;
}
#endif
} // namespace

namespace android {
namespace android {


// Macros for include BufferQueueCore information in log messages
// Macros for include BufferQueueCore information in log messages
@@ -843,10 +810,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul
    const uid_t uid = BufferQueueThreadState::getCallingUid();
    const uid_t uid = BufferQueueThreadState::getCallingUid();
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
    // permission check can't be done for vendors as vendors have no access to
    // permission check can't be done for vendors as vendors have no access to
    // the PermissionController. We need to do a runtime check as well, since
    // the PermissionController.
    // the system variant of libgui can be loaded in a vendor process. For eg:
    // if a HAL uses an llndk library that depends on libgui (libmediandk etc).
    if (hasAccessToPermissionService()) {
    const pid_t pid = BufferQueueThreadState::getCallingPid();
    const pid_t pid = BufferQueueThreadState::getCallingPid();
    if ((uid != shellUid) &&
    if ((uid != shellUid) &&
        !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
        !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
@@ -855,7 +819,6 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul
                                pid, uid);
                                pid, uid);
        denied = true;
        denied = true;
    }
    }
    }
#else
#else
    if (uid != shellUid) {
    if (uid != shellUid) {
        denied = true;
        denied = true;