diff options
| -rw-r--r-- | libs/binder/include/binder/IPCThreadState.h | 5 | ||||
| -rw-r--r-- | libs/binder/ndk/include_ndk/android/binder_ibinder.h | 3 | ||||
| -rw-r--r-- | libs/binder/rust/src/state.rs | 5 |
3 files changed, 11 insertions, 2 deletions
diff --git a/libs/binder/include/binder/IPCThreadState.h b/libs/binder/include/binder/IPCThreadState.h index 9ef4e694dd..f7465e2c1a 100644 --- a/libs/binder/include/binder/IPCThreadState.h +++ b/libs/binder/include/binder/IPCThreadState.h @@ -64,7 +64,10 @@ public: * Returns the PID of the process which has made the current binder * call. If not in a binder call, this will return getpid. * - * Warning: oneway transactions do not receive PID. Even if you expect + * Warning do not use this as a security identifier! PID is unreliable + * as it may be re-used. This should mostly be used for debugging. + * + * oneway transactions do not receive PID. Even if you expect * a transaction to be synchronous, a misbehaving client could send it * as an asynchronous call and result in a 0 PID here. Additionally, if * there is a race and the calling process dies, the PID may still be diff --git a/libs/binder/ndk/include_ndk/android/binder_ibinder.h b/libs/binder/ndk/include_ndk/android/binder_ibinder.h index bd46c473b4..d69d318a28 100644 --- a/libs/binder/ndk/include_ndk/android/binder_ibinder.h +++ b/libs/binder/ndk/include_ndk/android/binder_ibinder.h @@ -419,6 +419,9 @@ binder_status_t AIBinder_unlinkToDeath(AIBinder* binder, AIBinder_DeathRecipient * This can be used with higher-level system services to determine the caller's identity and check * permissions. * + * Warning do not use this as a security identifier! PID is unreliable as it may be re-used. This + * should mostly be used for debugging. + * * Available since API level 29. * * \return calling uid or the current process's UID if this thread isn't processing a transaction. diff --git a/libs/binder/rust/src/state.rs b/libs/binder/rust/src/state.rs index 8a06274e9c..c0cac830d7 100644 --- a/libs/binder/rust/src/state.rs +++ b/libs/binder/rust/src/state.rs @@ -101,7 +101,10 @@ impl ThreadState { /// dies and is replaced with another process with elevated permissions and /// the same PID. /// - /// Warning: oneway transactions do not receive PID. Even if you expect + /// Warning: do not use this as a security identifier! PID is unreliable + /// as it may be re-used. This should mostly be used for debugging. + /// + /// oneway transactions do not receive PID. Even if you expect /// a transaction to be synchronous, a misbehaving client could send it /// as a synchronous call and result in a 0 PID here. Additionally, if /// there is a race and the calling process dies, the PID may still be |