Merge "Moved libdumpstate.default back to Android.mk"
diff --git a/cmds/installd/commands.cpp b/cmds/installd/commands.cpp
index 2df48aa..078db26 100644
--- a/cmds/installd/commands.cpp
+++ b/cmds/installd/commands.cpp
@@ -104,7 +104,7 @@
* if the label of that top-level file actually changed. This can save us
* significant time by avoiding no-op traversals of large filesystem trees.
*/
-static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t uid) {
+static int restorecon_app_data_lazy(const std::string& path, const char* seinfo, uid_t uid) {
int res = 0;
char* before = nullptr;
char* after = nullptr;
@@ -112,15 +112,15 @@
// Note that SELINUX_ANDROID_RESTORECON_DATADATA flag is set by
// libselinux. Not needed here.
- if (lgetfilecon(path, &before) < 0) {
+ if (lgetfilecon(path.c_str(), &before) < 0) {
PLOG(ERROR) << "Failed before getfilecon for " << path;
goto fail;
}
- if (selinux_android_restorecon_pkgdir(path, seinfo, uid, 0) < 0) {
+ if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, 0) < 0) {
PLOG(ERROR) << "Failed top-level restorecon for " << path;
goto fail;
}
- if (lgetfilecon(path, &after) < 0) {
+ if (lgetfilecon(path.c_str(), &after) < 0) {
PLOG(ERROR) << "Failed after getfilecon for " << path;
goto fail;
}
@@ -130,7 +130,7 @@
if (strcmp(before, after)) {
LOG(DEBUG) << "Detected label change from " << before << " to " << after << " at " << path
<< "; running recursive restorecon";
- if (selinux_android_restorecon_pkgdir(path, seinfo, uid,
+ if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid,
SELINUX_ANDROID_RESTORECON_RECURSE) < 0) {
PLOG(ERROR) << "Failed recursive restorecon for " << path;
goto fail;
@@ -146,6 +146,11 @@
return res;
}
+static int restorecon_app_data_lazy(const std::string& parent, const char* name, const char* seinfo,
+ uid_t uid) {
+ return restorecon_app_data_lazy(StringPrintf("%s/%s", parent.c_str(), name), seinfo, uid);
+}
+
static int prepare_app_dir(const std::string& path, mode_t target_mode, uid_t uid) {
if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) {
PLOG(ERROR) << "Failed to prepare " << path;
@@ -172,7 +177,9 @@
}
// Consider restorecon over contents if label changed
- if (restorecon_app_data_lazy(path.c_str(), seinfo, uid)) {
+ if (restorecon_app_data_lazy(path, seinfo, uid) ||
+ restorecon_app_data_lazy(path, "cache", seinfo, uid) ||
+ restorecon_app_data_lazy(path, "code_cache", seinfo, uid)) {
return -1;
}
@@ -191,7 +198,7 @@
}
// Consider restorecon over contents if label changed
- if (restorecon_app_data_lazy(path.c_str(), seinfo, uid)) {
+ if (restorecon_app_data_lazy(path, seinfo, uid)) {
return -1;
}
diff --git a/include/binder/Parcel.h b/include/binder/Parcel.h
index 954b976..39deb64 100644
--- a/include/binder/Parcel.h
+++ b/include/binder/Parcel.h
@@ -479,6 +479,8 @@
#pragma clang diagnostic ignored "-Wweak-vtables"
#endif
+ // FlattenableHelperInterface and FlattenableHelper avoid generating a vtable entry in objects
+ // following Flattenable template/protocol.
class FlattenableHelperInterface {
protected:
~FlattenableHelperInterface() { }
@@ -493,6 +495,9 @@
#pragma clang diagnostic pop
#endif
+ // Concrete implementation of FlattenableHelperInterface that delegates virtual calls to the
+ // specified class T implementing the Flattenable protocol. It "virtualizes" a compile-time
+ // protocol.
template<typename T>
class FlattenableHelper : public FlattenableHelperInterface {
friend class Parcel;
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 601df46..470fc59 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -2094,11 +2094,15 @@
status_t err = NO_ERROR;
for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) {
- fds[i] = dup(this->readFileDescriptor());
- if (fds[i] < 0) {
+ int fd = this->readFileDescriptor();
+ if (fd < 0 || ((fds[i] = dup(fd)) < 0)) {
err = BAD_VALUE;
ALOGE("dup() failed in Parcel::read, i is %zu, fds[i] is %d, fd_count is %zu, error: %s",
- i, fds[i], fd_count, strerror(errno));
+ i, fds[i], fd_count, strerror(fd < 0 ? -fd : errno));
+ // Close all the file descriptors that were dup-ed.
+ for (size_t j=0; j<i ;j++) {
+ close(fds[j]);
+ }
}
}
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index a0e040b..99a9265 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -3215,9 +3215,7 @@
return true;
}
-status_t SurfaceFlinger::onTransact(
- uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
-{
+status_t SurfaceFlinger::CheckTransactCodeCredentials(uint32_t code) {
switch (code) {
case CREATE_CONNECTION:
case CREATE_DISPLAY:
@@ -3234,8 +3232,7 @@
const int uid = ipc->getCallingUid();
if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
!PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
- ALOGE("Permission Denial: "
- "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
+ ALOGE("Permission Denial: can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
return PERMISSION_DENIED;
}
break;
@@ -3248,13 +3245,22 @@
const int uid = ipc->getCallingUid();
if ((uid != AID_GRAPHICS) &&
!PermissionCache::checkPermission(sReadFramebuffer, pid, uid)) {
- ALOGE("Permission Denial: "
- "can't read framebuffer pid=%d, uid=%d", pid, uid);
+ ALOGE("Permission Denial: can't read framebuffer pid=%d, uid=%d", pid, uid);
return PERMISSION_DENIED;
}
break;
}
}
+ return OK;
+}
+
+status_t SurfaceFlinger::onTransact(
+ uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
+{
+ status_t credentialCheck = CheckTransactCodeCredentials(code);
+ if (credentialCheck != OK) {
+ return credentialCheck;
+ }
status_t err = BnSurfaceComposer::onTransact(code, data, reply, flags);
if (err == UNKNOWN_TRANSACTION || err == PERMISSION_DENIED) {
diff --git a/services/surfaceflinger/SurfaceFlinger.h b/services/surfaceflinger/SurfaceFlinger.h
index 6449e57..3af1754 100644
--- a/services/surfaceflinger/SurfaceFlinger.h
+++ b/services/surfaceflinger/SurfaceFlinger.h
@@ -582,7 +582,11 @@
};
mutable Mutex mBufferingStatsMutex;
std::unordered_map<std::string, BufferingStats> mBufferingStats;
-};
+
+ // Verify that transaction is being called by an approved process:
+ // either AID_GRAPHICS or AID_SYSTEM.
+ status_t CheckTransactCodeCredentials(uint32_t code);
+ };
}; // namespace android