summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Kiyoung Kim <kiyoungkim@google.com> 2023-12-06 16:22:30 +0900
committer Kiyoung Kim <kiyoungkim@google.com> 2023-12-06 16:38:33 +0900
commit3f2638b5b25162dfc73b4a526184694f5f032dd3 (patch)
tree1fe5a0b5f70524a050b58321085295aa920f275e
parentab3bf02fe0646c056024b306ab475614adeaab28 (diff)
Do not check selinux access for PermissionCache
Change to check selinux for PermissionCache failed because surfaceflinger did not have access to selinuxfs. Based on the discussion, it would be better to check PermissionCache without any further access check, as its failure would mean the same. This change removes additional access check from dump. Bug: 313804706 Test: com.google.android.selinux.pts.SELinuxTest#scanBugreport passed from cheetah Change-Id: I5f6f882e270d71bc1da37360c6512cac66dd04a9
Diffstat
-rw-r--r--libs/gui/Android.bp1
-rw-r--r--libs/gui/BufferQueueConsumer.cpp53
2 files changed, 8 insertions, 46 deletions
diff --git a/libs/gui/Android.bp b/libs/gui/Android.bp
index 13fdcd5743..80bf90b3a0 100644
--- a/libs/gui/Android.bp
+++ b/libs/gui/Android.bp
@@ -385,7 +385,6 @@ cc_defaults {
"libhidlbase",
"liblog",
"libnativewindow",
- "libselinux",
"libsync",
"libui",
"libutils",
diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp
index 744201a5df..11f5174d76 100644
--- a/libs/gui/BufferQueueConsumer.cpp
+++ b/libs/gui/BufferQueueConsumer.cpp
@@ -38,43 +38,10 @@
#include <private/gui/BufferQueueThreadState.h>
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
#include <binder/PermissionCache.h>
-#include <selinux/android.h>
-#include <selinux/selinux.h>
#endif
#include <system/window.h>
-namespace {
-#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
-int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT
- // DO NOTHING
- return 0;
-}
-
-bool hasAccessToPermissionService() {
- char* ctx;
-
- if (getcon(&ctx) == -1) {
- // Failed to get current selinux context
- return false;
- }
-
- union selinux_callback cb;
-
- cb.func_log = selinux_log_suppress_callback;
- selinux_set_callback(SELINUX_CB_LOG, cb);
-
- bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0",
- "service_manager", "find", NULL) == 0;
- freecon(ctx);
- cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback;
- selinux_set_callback(SELINUX_CB_LOG, cb);
-
- return hasAccess;
-}
-#endif
-} // namespace
-
namespace android {
// Macros for include BufferQueueCore information in log messages
@@ -843,18 +810,14 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul
const uid_t uid = BufferQueueThreadState::getCallingUid();
#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
// permission check can't be done for vendors as vendors have no access to
- // the PermissionController. We need to do a runtime check as well, since
- // the system variant of libgui can be loaded in a vendor process. For eg:
- // if a HAL uses an llndk library that depends on libgui (libmediandk etc).
- if (hasAccessToPermissionService()) {
- const pid_t pid = BufferQueueThreadState::getCallingPid();
- if ((uid != shellUid) &&
- !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
- outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer "
- "from pid=%d, uid=%d\n",
- pid, uid);
- denied = true;
- }
+ // the PermissionController.
+ const pid_t pid = BufferQueueThreadState::getCallingPid();
+ if ((uid != shellUid) &&
+ !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
+ outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer "
+ "from pid=%d, uid=%d\n",
+ pid, uid);
+ denied = true;
}
#else
if (uid != shellUid) {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 04:32:36 +0000