diff options
| author | 2023-11-10 16:35:13 +0900 | |
|---|---|---|
| committer | 2023-11-27 17:29:19 +0900 | |
| commit | 5c08e30e8cd35a7ddfb2be0cc7f6ade572c2bbc8 (patch) | |
| tree | dfb5c5628fe986a4d1ecb7b48723873726403752 | |
| parent | 04b22dd2210c6d108c4bff4e5708cd3099ba770e (diff) | |
Do not rely on android_is_in_vendor_process
android_is_in_vendor_process is used to check if the function is called
from the system process. However, implementation would not work as
expected once VNDK deprecates. This change is to change logic from using
libvndksupport to directly check if current selinux context can access
to permission service.
Bug: 300366609
Test: aosp cf build succeded
Change-Id: I7cb904fe9910e5325132c68ca584eb964c84a79b
| -rw-r--r-- | libs/gui/Android.bp | 2 | ||||
| -rw-r--r-- | libs/gui/BufferQueueConsumer.cpp | 38 |
2 files changed, 36 insertions, 4 deletions
diff --git a/libs/gui/Android.bp b/libs/gui/Android.bp index d7e7eb8ea1..13fdcd5743 100644 --- a/libs/gui/Android.bp +++ b/libs/gui/Android.bp @@ -385,10 +385,10 @@ cc_defaults { "libhidlbase", "liblog", "libnativewindow", + "libselinux", "libsync", "libui", "libutils", - "libvndksupport", ], static_libs: [ diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp index b6a47fb4e9..744201a5df 100644 --- a/libs/gui/BufferQueueConsumer.cpp +++ b/libs/gui/BufferQueueConsumer.cpp @@ -36,13 +36,45 @@ #include <gui/TraceUtils.h> #include <private/gui/BufferQueueThreadState.h> -#ifndef __ANDROID_VNDK__ +#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) #include <binder/PermissionCache.h> -#include <vndksupport/linker.h> +#include <selinux/android.h> +#include <selinux/selinux.h> #endif #include <system/window.h> +namespace { +#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) +int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT + // DO NOTHING + return 0; +} + +bool hasAccessToPermissionService() { + char* ctx; + + if (getcon(&ctx) == -1) { + // Failed to get current selinux context + return false; + } + + union selinux_callback cb; + + cb.func_log = selinux_log_suppress_callback; + selinux_set_callback(SELINUX_CB_LOG, cb); + + bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0", + "service_manager", "find", NULL) == 0; + freecon(ctx); + cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback; + selinux_set_callback(SELINUX_CB_LOG, cb); + + return hasAccess; +} +#endif +} // namespace + namespace android { // Macros for include BufferQueueCore information in log messages @@ -814,7 +846,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul // the PermissionController. We need to do a runtime check as well, since // the system variant of libgui can be loaded in a vendor process. For eg: // if a HAL uses an llndk library that depends on libgui (libmediandk etc). - if (!android_is_in_vendor_process()) { + if (hasAccessToPermissionService()) { const pid_t pid = BufferQueueThreadState::getCallingPid(); if ((uid != shellUid) && !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { |