From 3f2638b5b25162dfc73b4a526184694f5f032dd3 Mon Sep 17 00:00:00 2001 From: Kiyoung Kim Date: Wed, 6 Dec 2023 16:22:30 +0900 Subject: Do not check selinux access for PermissionCache Change to check selinux for PermissionCache failed because surfaceflinger did not have access to selinuxfs. Based on the discussion, it would be better to check PermissionCache without any further access check, as its failure would mean the same. This change removes additional access check from dump. Bug: 313804706 Test: com.google.android.selinux.pts.SELinuxTest#scanBugreport passed from cheetah Change-Id: I5f6f882e270d71bc1da37360c6512cac66dd04a9 --- libs/gui/BufferQueueConsumer.cpp | 53 ++++++---------------------------------- 1 file changed, 8 insertions(+), 45 deletions(-) (limited to 'libs/gui/BufferQueueConsumer.cpp') diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp index 744201a5df..11f5174d76 100644 --- a/libs/gui/BufferQueueConsumer.cpp +++ b/libs/gui/BufferQueueConsumer.cpp @@ -38,43 +38,10 @@ #include #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) #include -#include -#include #endif #include -namespace { -#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) -int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT - // DO NOTHING - return 0; -} - -bool hasAccessToPermissionService() { - char* ctx; - - if (getcon(&ctx) == -1) { - // Failed to get current selinux context - return false; - } - - union selinux_callback cb; - - cb.func_log = selinux_log_suppress_callback; - selinux_set_callback(SELINUX_CB_LOG, cb); - - bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0", - "service_manager", "find", NULL) == 0; - freecon(ctx); - cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback; - selinux_set_callback(SELINUX_CB_LOG, cb); - - return hasAccess; -} -#endif -} // namespace - namespace android { // Macros for include BufferQueueCore information in log messages @@ -843,18 +810,14 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul const uid_t uid = BufferQueueThreadState::getCallingUid(); #if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER) // permission check can't be done for vendors as vendors have no access to - // the PermissionController. We need to do a runtime check as well, since - // the system variant of libgui can be loaded in a vendor process. For eg: - // if a HAL uses an llndk library that depends on libgui (libmediandk etc). - if (hasAccessToPermissionService()) { - const pid_t pid = BufferQueueThreadState::getCallingPid(); - if ((uid != shellUid) && - !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { - outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer " - "from pid=%d, uid=%d\n", - pid, uid); - denied = true; - } + // the PermissionController. + const pid_t pid = BufferQueueThreadState::getCallingPid(); + if ((uid != shellUid) && + !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { + outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer " + "from pid=%d, uid=%d\n", + pid, uid); + denied = true; } #else if (uid != shellUid) { -- cgit v1.2.3-59-g8ed1b