From d50746529c3582c5d425c2d9b721415700d233dd Mon Sep 17 00:00:00 2001
From: Amy Zhang <amyjojo@google.com>
Date: Wed, 12 Aug 2020 13:54:32 -0700
Subject: Use a randomly generated UUID as the TvInputSessionId

The current implementation uses uid, pid and the resolvedUser to create
the sessionId. But it's not unique when the same app uses the same
TvInputService to create multiple input sessions.

Also this leaks pid/uid information.

Fix this by using a randomly generated UUID instead.

Test: make
Bug: 163855754
Change-Id: I4369e2645b50d44803f2d393798fa5ea6d1c22bd
Merged-In: I4369e2645b50d44803f2d393798fa5ea6d1c22bd
---
 .../java/com/android/server/tv/TvInputManagerService.java     | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/services/core/java/com/android/server/tv/TvInputManagerService.java b/services/core/java/com/android/server/tv/TvInputManagerService.java
index bedcf9c45139..6cd02581ee67 100755
--- a/services/core/java/com/android/server/tv/TvInputManagerService.java
+++ b/services/core/java/com/android/server/tv/TvInputManagerService.java
@@ -97,6 +97,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -1176,7 +1177,8 @@ public final class TvInputManagerService extends SystemService {
             final int resolvedUserId = resolveCallingUserId(callingPid, callingUid,
                     userId, "createSession");
             final long identity = Binder.clearCallingIdentity();
-            StringBuilder sessionId = new StringBuilder();
+            // Generate a unique session id with a random UUID.
+            String uniqueSessionId = UUID.randomUUID().toString();
             try {
                 synchronized (mLock) {
                     if (userId != mCurrentUserId && !isRecordingSession) {
@@ -1205,20 +1207,17 @@ public final class TvInputManagerService extends SystemService {
                         return;
                     }
 
-                    // Create a unique session id with pid, uid and resolved user id
-                    sessionId.append(callingUid).append(callingPid).append(resolvedUserId);
-
                     // Create a new session token and a session state.
                     IBinder sessionToken = new Binder();
                     SessionState sessionState = new SessionState(sessionToken, info.getId(),
                             info.getComponent(), isRecordingSession, client, seq, callingUid,
-                            callingPid, resolvedUserId, sessionId.toString());
+                            callingPid, resolvedUserId, uniqueSessionId);
 
                     // Add them to the global session state map of the current user.
                     userState.sessionStateMap.put(sessionToken, sessionState);
 
                     // Map the session id to the sessionStateMap in the user state
-                    mSessionIdToSessionStateMap.put(sessionId.toString(), sessionState);
+                    mSessionIdToSessionStateMap.put(uniqueSessionId, sessionState);
 
                     // Also, add them to the session state map of the current service.
                     serviceState.sessionTokens.add(sessionToken);
-- 
cgit v1.2.3-59-g8ed1b