libbinder_ndk: AIBinder_{setRequesting,getCalling}Sid
This adds the following two methods for APEX:
- AIBinder_setRequestingSid
- AIBinder_getCallingSid
This is not made as an SDK API because security contexts are a platform
detail, and the platform header is shared for APEX and platform use
(different from parcel for now).
Fixes: 159135973
Test: libbinder_ndk_unit_test
Change-Id: Iec64577ebbb7a8cc6550d1d211fe5f562337cf0b
diff --git a/libs/binder/ndk/tests/IBinderNdkUnitTest.aidl b/libs/binder/ndk/tests/IBinderNdkUnitTest.aidl
index 6e8e463..4bba9e4 100644
--- a/libs/binder/ndk/tests/IBinderNdkUnitTest.aidl
+++ b/libs/binder/ndk/tests/IBinderNdkUnitTest.aidl
@@ -24,4 +24,6 @@
interface IBinderNdkUnitTest {
void takeInterface(IEmpty test);
void forceFlushCommands();
+
+ boolean getsRequestedSid();
}
diff --git a/libs/binder/ndk/tests/libbinder_ndk_unit_test.cpp b/libs/binder/ndk/tests/libbinder_ndk_unit_test.cpp
index fd30d87..6869220 100644
--- a/libs/binder/ndk/tests/libbinder_ndk_unit_test.cpp
+++ b/libs/binder/ndk/tests/libbinder_ndk_unit_test.cpp
@@ -19,6 +19,7 @@
#include <aidl/BnEmpty.h>
#include <android-base/logging.h>
#include <android/binder_ibinder_jni.h>
+#include <android/binder_ibinder_platform.h>
#include <android/binder_manager.h>
#include <android/binder_process.h>
#include <gtest/gtest.h>
@@ -34,6 +35,7 @@
#include <sys/prctl.h>
#include <chrono>
#include <condition_variable>
+#include <iostream>
#include <mutex>
using namespace android;
@@ -52,6 +54,12 @@
android::IPCThreadState::self()->flushCommands();
return ndk::ScopedAStatus::ok();
}
+ ndk::ScopedAStatus getsRequestedSid(bool* out) {
+ const char* sid = AIBinder_getCallingSid();
+ std::cout << "Got security context: " << (sid ?: "null") << std::endl;
+ *out = sid != nullptr;
+ return ndk::ScopedAStatus::ok();
+ }
binder_status_t handleShellCommand(int /*in*/, int out, int /*err*/, const char** args,
uint32_t numArgs) override {
for (uint32_t i = 0; i < numArgs; i++) {
@@ -66,8 +74,11 @@
ABinderProcess_setThreadPoolMaxThreadCount(0);
auto service = ndk::SharedRefBase::make<MyBinderNdkUnitTest>();
- binder_status_t status =
- AServiceManager_addService(service->asBinder().get(), kBinderNdkUnitTestService);
+ auto binder = service->asBinder();
+
+ AIBinder_setRequestingSid(binder.get(), true);
+
+ binder_status_t status = AServiceManager_addService(binder.get(), kBinderNdkUnitTestService);
if (status != STATUS_OK) {
LOG(FATAL) << "Could not register: " << status << " " << kBinderNdkUnitTestService;
@@ -274,6 +285,16 @@
EXPECT_EQ(IFoo::getService(kInstanceName1), IFoo::getService(kInstanceName2));
}
+TEST(NdkBinder, RequestedSidWorks) {
+ ndk::SpAIBinder binder(AServiceManager_getService(kBinderNdkUnitTestService));
+ std::shared_ptr<aidl::IBinderNdkUnitTest> service =
+ aidl::IBinderNdkUnitTest::fromBinder(binder);
+
+ bool gotSid = false;
+ EXPECT_TRUE(service->getsRequestedSid(&gotSid).isOk());
+ EXPECT_TRUE(gotSid);
+}
+
TEST(NdkBinder, SentAidlBinderCanBeDestroyed) {
static volatile bool destroyed = false;
static std::mutex dMutex;