MidiService: check UID in getDeviceStatus()

If a MIDI device is marked private then make sure the status can only be obtained by the owner. Bug: 203549963 Test: see bug for repro steps Test: atest CtsMidiTestCases Test: https://source.android.com/devices/audio/midi_test.html Change-Id: Ibe92f1ca58c7971855453f1794564e95bfb9380d
author: Phil Burk <philburk@google.com> 2021-12-16 21:54:21 +0000
committer: Phil Burk <philburk@google.com> 2022-01-22 00:20:12 +0000
commit: 5438955940a90d3aa3daf48a13740b3e0b59fd6a (patch)
tree: c98e47174b5255d98356dd16909a230e2ac6b1bc
parent: 9dff8fca5c375833968cb8a5ae6e42ff3dfedf80 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/services/midi/java/com/android/server/midi/MidiService.java b/services/midi/java/com/android/server/midi/MidiService.java
index 6e724792b6e9..d56278629bf2 100644
--- a/services/midi/java/com/android/server/midi/MidiService.java
+++ b/services/midi/java/com/android/server/midi/MidiService.java
@@ -864,7 +864,15 @@ public class MidiService extends IMidiManager.Stub {
         if (device == null) {
             throw new IllegalArgumentException("no such device for " + deviceInfo);
         }
-        return device.getDeviceStatus();
+        int uid = Binder.getCallingUid();
+        if (device.isUidAllowed(uid)) {
+            return device.getDeviceStatus();
+        } else {
+            Log.e(TAG, "getDeviceStatus() invalid UID = " + uid);
+            EventLog.writeEvent(0x534e4554, "203549963",
+                    uid, "getDeviceStatus: invalid uid");
+            return null;
+        }
     }
 
     @Override
author	Phil Burk <philburk@google.com>	2021-12-16 21:54:21 +0000
committer	Phil Burk <philburk@google.com>	2022-01-22 00:20:12 +0000
commit	5438955940a90d3aa3daf48a13740b3e0b59fd6a (patch)
tree	c98e47174b5255d98356dd16909a230e2ac6b1bc
parent	9dff8fca5c375833968cb8a5ae6e42ff3dfedf80 (diff)