Introduce an API to verify trusted caller apps by UID.
This CL introduces a new function to make sure only trusted packages
like VrCore can make use of APIs that are not intended for app use.
As a first example, this CL introduces a caller check for taking screenshots,
although any sensitive APIs should implement similar checks.
Package trust is defined by having the RESTRICTED_VR_ACCESS permission.
Bug: 34474022
Change-Id: Ib5a242d1a4e17f59b178fb1465064043613ac369
diff --git a/libs/vr/libvrflinger/screenshot_service.cpp b/libs/vr/libvrflinger/screenshot_service.cpp
index e174943..fd1c582 100644
--- a/libs/vr/libvrflinger/screenshot_service.cpp
+++ b/libs/vr/libvrflinger/screenshot_service.cpp
@@ -3,7 +3,9 @@
#include <utils/Trace.h>
#include <pdx/default_transport/service_endpoint.h>
+#include <private/android_filesystem_config.h>
#include <private/dvr/display_types.h>
+#include <private/dvr/trusted_uids.h>
using android::pdx::Message;
using android::pdx::MessageInfo;
@@ -40,6 +42,12 @@
ScreenshotData ScreenshotService::OnTakeScreenshot(pdx::Message& message,
int layer_index) {
+ // Also allow AID_SHELL to support vrscreencap commands.
+ if (message.GetEffectiveUserId() != AID_SHELL &&
+ !IsTrustedUid(message.GetEffectiveUserId())) {
+ REPLY_ERROR_RETURN(message, EACCES, {});
+ }
+
AddWaiter(std::move(message), layer_index);
return {};
}