transcoding: trust MediaProvider to set uid for jobs
bug: 154733526
test: manually check that MediaProvider uid is obtained
successfully, and isTrustedCallingUid() is true
Change-Id: I5577adcfc1acdac343ec3d98a1e33a9fc2fe36d6
diff --git a/media/libmediatranscoding/TranscodingClientManager.cpp b/media/libmediatranscoding/TranscodingClientManager.cpp
index 3f79705..82a6dde 100644
--- a/media/libmediatranscoding/TranscodingClientManager.cpp
+++ b/media/libmediatranscoding/TranscodingClientManager.cpp
@@ -23,12 +23,16 @@
#include <inttypes.h>
#include <media/TranscodingClientManager.h>
#include <media/TranscodingRequest.h>
+#include <media/TranscodingUidPolicy.h>
#include <private/android_filesystem_config.h>
#include <utils/Log.h>
+#include <utils/String16.h>
namespace android {
static_assert(sizeof(ClientIdType) == sizeof(void*), "ClientIdType should be pointer-sized");
+static constexpr const char* MEDIA_PROVIDER_PKG_NAME = "com.google.android.providers.media.module";
+
using ::aidl::android::media::BnTranscodingClient;
using ::aidl::android::media::IMediaTranscodingService; // For service error codes
using ::aidl::android::media::TranscodingJobParcel;
@@ -51,20 +55,6 @@
errorCode, \
String8::format("%s:%d: " errorString, __FUNCTION__, __LINE__, ##__VA_ARGS__))
-// Can MediaTranscoding service trust the caller based on the calling UID?
-// TODO(hkuang): Add MediaProvider's UID.
-static bool isTrustedCallingUid(uid_t uid) {
- switch (uid) {
- case AID_ROOT: // root user
- case AID_SYSTEM:
- case AID_SHELL:
- case AID_MEDIA: // mediaserver
- return true;
- default:
- return false;
- }
-}
-
/**
* ClientImpl implements a single client and contains all its information.
*/
@@ -143,7 +133,7 @@
in_clientUid = callingUid;
} else if (in_clientUid < 0) {
return Status::ok();
- } else if (in_clientUid != callingUid && !isTrustedCallingUid(callingUid)) {
+ } else if (in_clientUid != callingUid && !owner->isTrustedCallingUid(callingUid)) {
ALOGE("MediaTranscodingService::registerClient rejected (clientPid %d, clientUid %d) "
"(don't trust callingUid %d)",
in_clientPid, in_clientUid, callingUid);
@@ -160,7 +150,7 @@
in_clientPid = callingPid;
} else if (in_clientPid < 0) {
return Status::ok();
- } else if (in_clientPid != callingPid && !isTrustedCallingUid(callingUid)) {
+ } else if (in_clientPid != callingPid && !owner->isTrustedCallingUid(callingUid)) {
ALOGE("MediaTranscodingService::registerClient rejected (clientPid %d, clientUid %d) "
"(don't trust callingUid %d)",
in_clientPid, in_clientUid, callingUid);
@@ -267,8 +257,18 @@
TranscodingClientManager::TranscodingClientManager(
const std::shared_ptr<SchedulerClientInterface>& scheduler)
- : mDeathRecipient(AIBinder_DeathRecipient_new(BinderDiedCallback)), mJobScheduler(scheduler) {
+ : mDeathRecipient(AIBinder_DeathRecipient_new(BinderDiedCallback)),
+ mJobScheduler(scheduler),
+ mMediaProviderUid(-1) {
ALOGD("TranscodingClientManager started");
+ uid_t mpuid;
+ if (TranscodingUidPolicy::getUidForPackage(String16(MEDIA_PROVIDER_PKG_NAME), mpuid) ==
+ NO_ERROR) {
+ ALOGI("Found MediaProvider uid: %d", mpuid);
+ mMediaProviderUid = mpuid;
+ } else {
+ ALOGW("Couldn't get uid for MediaProvider.");
+ }
}
TranscodingClientManager::~TranscodingClientManager() {
@@ -299,6 +299,22 @@
write(fd, result.string(), result.size());
}
+bool TranscodingClientManager::isTrustedCallingUid(uid_t uid) {
+ if (uid > 0 && uid == mMediaProviderUid) {
+ return true;
+ }
+
+ switch (uid) {
+ case AID_ROOT: // root user
+ case AID_SYSTEM:
+ case AID_SHELL:
+ case AID_MEDIA: // mediaserver
+ return true;
+ default:
+ return false;
+ }
+}
+
status_t TranscodingClientManager::addClient(
const std::shared_ptr<ITranscodingClientCallback>& callback, const std::string& clientName,
const std::string& opPackageName, std::shared_ptr<ITranscodingClient>* outClient) {