Loading libs/binder/include/binder/IPCThreadState.h +1 −1 Original line number Diff line number Diff line Loading @@ -50,7 +50,7 @@ public: * Returns the SELinux security identifier of the process which has * made the current binder call. If not in a binder call this will * return nullptr. If this isn't requested with * IBinder::setRequestingSid, it will also return nullptr. * Binder::setRequestingSid, it will also return nullptr. * * This can't be restored once it's cleared, and it does not return the * context of the current process when not in a binder call. Loading libs/binder/ndk/ibinder.cpp +16 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ */ #include <android/binder_ibinder.h> #include <android/binder_ibinder_platform.h> #include "ibinder_internal.h" #include <android/binder_stability.h> Loading Loading @@ -682,3 +683,18 @@ binder_status_t AIBinder_setExtension(AIBinder* binder, AIBinder* ext) { rawBinder->setExtension(ext->getBinder()); return STATUS_OK; } // platform methods follow void AIBinder_setRequestingSid(AIBinder* binder, bool requestingSid) { ABBinder* localBinder = binder->asABBinder(); if (localBinder == nullptr) { LOG(FATAL) << "AIBinder_setRequestingSid must be called on a local binder"; } localBinder->setRequestingSid(requestingSid); } const char* AIBinder_getCallingSid() { return ::android::IPCThreadState::self()->getCallingSid(); } libs/binder/ndk/include_platform/android/binder_ibinder_platform.h 0 → 100644 +46 −0 Original line number Diff line number Diff line /* * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include <android/binder_ibinder.h> __BEGIN_DECLS /** * Makes calls to AIBinder_getCallingSid work if the kernel supports it. This * must be called on a local binder server before it is sent out to any othe * process. If this is a remote binder, it will abort. If the kernel doesn't * support this feature, you'll always get null from AIBinder_getCallingSid. * * \param binder local server binder to request security contexts on */ void AIBinder_setRequestingSid(AIBinder* binder, bool requestingSid) __INTRODUCED_IN(31); /** * Returns the selinux context of the callee. * * In order for this to work, the following conditions must be met: * - The kernel must be new enough to support this feature. * - The server must have called AIBinder_setRequestingSid. * - The callee must be a remote process. * * \return security context or null if unavailable. The lifetime of this context * is the lifetime of the transaction. */ __attribute__((warn_unused_result)) const char* AIBinder_getCallingSid() __INTRODUCED_IN(31); __END_DECLS libs/binder/ndk/libbinder_ndk.map.txt +8 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,14 @@ LIBBINDER_NDK30 { # introduced=30 *; }; LIBBINDER_NDK31 { # introduced=31 global: AIBinder_getCallingSid; # apex AIBinder_setRequestingSid; # apex local: *; }; LIBBINDER_NDK_PLATFORM { global: AParcel_getAllowFds; Loading libs/binder/ndk/tests/IBinderNdkUnitTest.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -24,4 +24,6 @@ import IEmpty; interface IBinderNdkUnitTest { void takeInterface(IEmpty test); void forceFlushCommands(); boolean getsRequestedSid(); } Loading
libs/binder/include/binder/IPCThreadState.h +1 −1 Original line number Diff line number Diff line Loading @@ -50,7 +50,7 @@ public: * Returns the SELinux security identifier of the process which has * made the current binder call. If not in a binder call this will * return nullptr. If this isn't requested with * IBinder::setRequestingSid, it will also return nullptr. * Binder::setRequestingSid, it will also return nullptr. * * This can't be restored once it's cleared, and it does not return the * context of the current process when not in a binder call. Loading
libs/binder/ndk/ibinder.cpp +16 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ */ #include <android/binder_ibinder.h> #include <android/binder_ibinder_platform.h> #include "ibinder_internal.h" #include <android/binder_stability.h> Loading Loading @@ -682,3 +683,18 @@ binder_status_t AIBinder_setExtension(AIBinder* binder, AIBinder* ext) { rawBinder->setExtension(ext->getBinder()); return STATUS_OK; } // platform methods follow void AIBinder_setRequestingSid(AIBinder* binder, bool requestingSid) { ABBinder* localBinder = binder->asABBinder(); if (localBinder == nullptr) { LOG(FATAL) << "AIBinder_setRequestingSid must be called on a local binder"; } localBinder->setRequestingSid(requestingSid); } const char* AIBinder_getCallingSid() { return ::android::IPCThreadState::self()->getCallingSid(); }
libs/binder/ndk/include_platform/android/binder_ibinder_platform.h 0 → 100644 +46 −0 Original line number Diff line number Diff line /* * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include <android/binder_ibinder.h> __BEGIN_DECLS /** * Makes calls to AIBinder_getCallingSid work if the kernel supports it. This * must be called on a local binder server before it is sent out to any othe * process. If this is a remote binder, it will abort. If the kernel doesn't * support this feature, you'll always get null from AIBinder_getCallingSid. * * \param binder local server binder to request security contexts on */ void AIBinder_setRequestingSid(AIBinder* binder, bool requestingSid) __INTRODUCED_IN(31); /** * Returns the selinux context of the callee. * * In order for this to work, the following conditions must be met: * - The kernel must be new enough to support this feature. * - The server must have called AIBinder_setRequestingSid. * - The callee must be a remote process. * * \return security context or null if unavailable. The lifetime of this context * is the lifetime of the transaction. */ __attribute__((warn_unused_result)) const char* AIBinder_getCallingSid() __INTRODUCED_IN(31); __END_DECLS
libs/binder/ndk/libbinder_ndk.map.txt +8 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,14 @@ LIBBINDER_NDK30 { # introduced=30 *; }; LIBBINDER_NDK31 { # introduced=31 global: AIBinder_getCallingSid; # apex AIBinder_setRequestingSid; # apex local: *; }; LIBBINDER_NDK_PLATFORM { global: AParcel_getAllowFds; Loading
libs/binder/ndk/tests/IBinderNdkUnitTest.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -24,4 +24,6 @@ import IEmpty; interface IBinderNdkUnitTest { void takeInterface(IEmpty test); void forceFlushCommands(); boolean getsRequestedSid(); }