diff options
| author | 2023-12-18 07:43:50 +0000 | |
|---|---|---|
| committer | 2023-12-18 07:43:50 +0000 | |
| commit | dfcc32175d4d2ad131f29fcf0dbcc74764d67c13 (patch) | |
| tree | 9266585f246e14faa36d86b13458214d706b0f88 /libs/gui | |
| parent | ab46bbf13db41df921ad884a4bcf65e4a102f759 (diff) | |
| parent | 4bf8807c382d9f0b00c9c55197820f9d7728a578 (diff) | |
Merge "Do not check selinux access for PermissionCache" into main am: 4bf8807c38
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2861766
Change-Id: Ie1d9e0a777bd7c4d8ee6278082d9e7cac37a8cb2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat (limited to 'libs/gui')
| -rw-r--r-- | libs/gui/Android.bp | 1 | ||||
| -rw-r--r-- | libs/gui/BufferQueueConsumer.cpp | 53 |
2 files changed, 8 insertions, 46 deletions
diff --git a/libs/gui/Android.bp b/libs/gui/Android.bp index ca493d7a5a..661a017f66 100644 --- a/libs/gui/Android.bp +++ b/libs/gui/Android.bp @@ -387,7 +387,6 @@ cc_defaults { "libhidlbase", "liblog", "libnativewindow", - "libselinux", "libsync", "libui", "libutils", diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp index 744201a5df..11f5174d76 100644 --- a/libs/gui/BufferQueueConsumer.cpp +++ b/libs/gui/BufferQueueConsumer.cpp @@ -38,43 +38,10 @@ #include <private/gui/BufferQueueThreadState.h> #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) #include <binder/PermissionCache.h> -#include <selinux/android.h> -#include <selinux/selinux.h> #endif #include <system/window.h> -namespace { -#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) -int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT - // DO NOTHING - return 0; -} - -bool hasAccessToPermissionService() { - char* ctx; - - if (getcon(&ctx) == -1) { - // Failed to get current selinux context - return false; - } - - union selinux_callback cb; - - cb.func_log = selinux_log_suppress_callback; - selinux_set_callback(SELINUX_CB_LOG, cb); - - bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0", - "service_manager", "find", NULL) == 0; - freecon(ctx); - cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback; - selinux_set_callback(SELINUX_CB_LOG, cb); - - return hasAccess; -} -#endif -} // namespace - namespace android { // Macros for include BufferQueueCore information in log messages @@ -843,18 +810,14 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul const uid_t uid = BufferQueueThreadState::getCallingUid(); #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) // permission check can't be done for vendors as vendors have no access to - // the PermissionController. We need to do a runtime check as well, since - // the system variant of libgui can be loaded in a vendor process. For eg: - // if a HAL uses an llndk library that depends on libgui (libmediandk etc). - if (hasAccessToPermissionService()) { - const pid_t pid = BufferQueueThreadState::getCallingPid(); - if ((uid != shellUid) && - !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { - outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer " - "from pid=%d, uid=%d\n", - pid, uid); - denied = true; - } + // the PermissionController. + const pid_t pid = BufferQueueThreadState::getCallingPid(); + if ((uid != shellUid) && + !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { + outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer " + "from pid=%d, uid=%d\n", + pid, uid); + denied = true; } #else if (uid != shellUid) { |