From 47f876b74be0a2d6d417f5ff385f85d835a97fe9 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Tue, 17 Apr 2018 13:56:46 +0900 Subject: Hide some headers from libbinder to vendors The headers that are related to system services are now hidden to vendors. Note that this does not break anything because vendors have already been disallowed to talk to system services via sepolicy. Their use of binder is strictly limited within themselves (via /dev/vndbinder). The hidden headers are now guarded with __ANDROID_VNDK__ and including them from vendors (or vendor variants of other VNDK libraries) will trigger a build-time error. Bug: 78113963 Test: m -j Test: devices boots to the UI Change-Id: I19be5ca024fc4081b7861d908d75758c1d956a83 --- libs/gui/BufferQueueConsumer.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'libs/gui/BufferQueueConsumer.cpp') diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp index 17cf677e09..d70e1422b0 100644 --- a/libs/gui/BufferQueueConsumer.cpp +++ b/libs/gui/BufferQueueConsumer.cpp @@ -35,7 +35,9 @@ #include #include +#ifndef __ANDROID_VNDK__ #include +#endif #include @@ -757,12 +759,18 @@ status_t BufferQueueConsumer::dumpState(const String8& prefix, String8* outResul } const IPCThreadState* ipc = IPCThreadState::self(); - const pid_t pid = ipc->getCallingPid(); const uid_t uid = ipc->getCallingUid(); +#ifndef __ANDROID_VNDK__ + // permission check can't be done for vendors as vendors have no access to + // the PermissionController + const pid_t pid = ipc->getCallingPid(); if ((uid != shellUid) && !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) { outResult->appendFormat("Permission Denial: can't dump BufferQueueConsumer " "from pid=%d, uid=%d\n", pid, uid); +#else + if (uid != shellUid) { +#endif android_errorWriteWithInfoLog(0x534e4554, "27046057", static_cast(uid), NULL, 0); return PERMISSION_DENIED; -- cgit v1.2.3-59-g8ed1b