MidiService: check UID in getDeviceStatus() If a MIDI device is marked private then make sure the status can only be obtained by the owner. Bug: 203549963 Test: see bug for repro steps Test: atest CtsMidiTestCases Test: https://source.android.com/devices/audio/midi_test.html Change-Id: Ibe92f1ca58c7971855453f1794564e95bfb9380d

commit: 5438955940a90d3aa3daf48a13740b3e0b59fd6a [log] [tgz]
author: Phil Burk <philburk@google.com> Thu Dec 16 21:54:21 2021 +0000
committer: Phil Burk <philburk@google.com> Sat Jan 22 00:20:12 2022 +0000
tree: c98e47174b5255d98356dd16909a230e2ac6b1bc
parent: 9dff8fca5c375833968cb8a5ae6e42ff3dfedf80 [diff]
diff --git a/services/midi/java/com/android/server/midi/MidiService.java b/services/midi/java/com/android/server/midi/MidiService.java
index 6e72479..d562786 100644
--- a/services/midi/java/com/android/server/midi/MidiService.java
+++ b/services/midi/java/com/android/server/midi/MidiService.java

@@ -864,7 +864,15 @@
         if (device == null) {
             throw new IllegalArgumentException("no such device for " + deviceInfo);
         }
-        return device.getDeviceStatus();
+        int uid = Binder.getCallingUid();
+        if (device.isUidAllowed(uid)) {
+            return device.getDeviceStatus();
+        } else {
+            Log.e(TAG, "getDeviceStatus() invalid UID = " + uid);
+            EventLog.writeEvent(0x534e4554, "203549963",
+                    uid, "getDeviceStatus: invalid uid");
+            return null;
+        }
     }
 
     @Override
commit	5438955940a90d3aa3daf48a13740b3e0b59fd6a	[log] [tgz]
author	Phil Burk <philburk@google.com>	Thu Dec 16 21:54:21 2021 +0000
committer	Phil Burk <philburk@google.com>	Sat Jan 22 00:20:12 2022 +0000
tree	c98e47174b5255d98356dd16909a230e2ac6b1bc
parent	9dff8fca5c375833968cb8a5ae6e42ff3dfedf80 [diff]