summaryrefslogtreecommitdiff
path: root/libs/gui/BufferQueueConsumer.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'libs/gui/BufferQueueConsumer.cpp')
-rw-r--r--libs/gui/BufferQueueConsumer.cpp38
1 files changed, 35 insertions, 3 deletions
diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp
index b6a47fb4e9..744201a5df 100644
--- a/libs/gui/BufferQueueConsumer.cpp
+++ b/libs/gui/BufferQueueConsumer.cpp
@@ -36,13 +36,45 @@
#include <gui/TraceUtils.h>
#include <private/gui/BufferQueueThreadState.h>
-#ifndef __ANDROID_VNDK__
+#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
#include <binder/PermissionCache.h>
-#include <vndksupport/linker.h>
+#include <selinux/android.h>
+#include <selinux/selinux.h>
#endif
#include <system/window.h>
+namespace {
+#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
+int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT
+ // DO NOTHING
+ return 0;
+}
+
+bool hasAccessToPermissionService() {
+ char* ctx;
+
+ if (getcon(&ctx) == -1) {
+ // Failed to get current selinux context
+ return false;
+ }
+
+ union selinux_callback cb;
+
+ cb.func_log = selinux_log_suppress_callback;
+ selinux_set_callback(SELINUX_CB_LOG, cb);
+
+ bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0",
+ "service_manager", "find", NULL) == 0;
+ freecon(ctx);
+ cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback;
+ selinux_set_callback(SELINUX_CB_LOG, cb);
+
+ return hasAccess;
+}
+#endif
+} // namespace
+
namespace android {
// Macros for include BufferQueueCore information in log messages
@@ -814,7 +846,7 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul
// the PermissionController. We need to do a runtime check as well, since
// the system variant of libgui can be loaded in a vendor process. For eg:
// if a HAL uses an llndk library that depends on libgui (libmediandk etc).
- if (!android_is_in_vendor_process()) {
+ if (hasAccessToPermissionService()) {
const pid_t pid = BufferQueueThreadState::getCallingPid();
if ((uid != shellUid) &&
!PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-14 19:09:55 +0000