Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8379eb7f authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Do not rely on android_is_in_vendor_process" into main am: aa627355... 

Merge "Do not rely on android_is_in_vendor_process" into main am: aa627355 am: feecbd27 am: 9eac1585

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2825852



Change-Id: Ic1d4161e2e4d04b4b0f9a2cf4aecdfa44dcc35b9
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents e4f3be74 9eac1585

libs/gui/Android.bp

+1 −1
Original line number Diff line number Diff line
@@ -423,10 +423,10 @@ cc_defaults { 
        "libhidlbase",

        "liblog",

        "libnativewindow",

        "libselinux",

        "libsync",

        "libui",

        "libutils",

        "libvndksupport",

    ],



    static_libs: [

libs/gui/BufferQueueConsumer.cpp

+35 −3
Original line number Diff line number Diff line
@@ -36,13 +36,45 @@ 
#include <gui/TraceUtils.h>



#include <private/gui/BufferQueueThreadState.h>

#ifndef __ANDROID_VNDK__

#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)

#include <binder/PermissionCache.h>

#include <vndksupport/linker.h>

#include <selinux/android.h>

#include <selinux/selinux.h>

#endif



#include <system/window.h>



namespace {

#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)

int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT

    // DO NOTHING

    return 0;

}



bool hasAccessToPermissionService() {

    char* ctx;



    if (getcon(&ctx) == -1) {

        // Failed to get current selinux context

        return false;

    }



    union selinux_callback cb;



    cb.func_log = selinux_log_suppress_callback;

    selinux_set_callback(SELINUX_CB_LOG, cb);



    bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0",

                                          "service_manager", "find", NULL) == 0;

    freecon(ctx);

    cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback;

    selinux_set_callback(SELINUX_CB_LOG, cb);



    return hasAccess;

}

#endif

} // namespace



namespace android {



// Macros for include BufferQueueCore information in log messages
@@ -814,7 +846,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul 
    // the PermissionController. We need to do a runtime check as well, since

    // the system variant of libgui can be loaded in a vendor process. For eg:

    // if a HAL uses an llndk library that depends on libgui (libmediandk etc).

    if (!android_is_in_vendor_process()) {

    if (hasAccessToPermissionService()) {

        const pid_t pid = BufferQueueThreadState::getCallingPid();

        if ((uid != shellUid) &&

            !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {