Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 4a8e5f7ed7d23356d00be5f7bce010cef51bed5b^! / . / services / surfaceflinger / SurfaceFlinger.cpp
commit4a8e5f7ed7d23356d00be5f7bce010cef51bed5b[log] [tgz]
authorCarlos Martinez Romero <carlosmr@google.com>Fri Nov 22 11:11:39 2024 -0800
committerCarlos Martinez Romero <carlosmr@google.com>Fri Nov 22 19:20:37 2024 +0000
tree6e1f79a86acabeedade68efa358fa1b1d405de56
parentf9854d272c816ca2ad2fec085e17c6591721bff9 [diff] [blame]
Add permission checks for sfdo functions.

The sfdo functions should only be called from a system uid. If the permission check fails the call return an error.

Bug: 379296794
Test: adb shell sfdo debug-flash
Flag: EXEMPT minor bug fix - permission check
Change-Id: Iafff85704c61779b3b0ae43946238a86a0841760

diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index a66380b..20e8914 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp

@@ -9082,26 +9082,46 @@
 }
 
 binder::Status SurfaceComposerAIDL::enableRefreshRateOverlay(bool active) {
+    status_t status = checkAccessPermission();
+    if (status != OK) {
+        return binderStatusFromStatusT(status);
+    }
     mFlinger->sfdo_enableRefreshRateOverlay(active);
     return binder::Status::ok();
 }
 
 binder::Status SurfaceComposerAIDL::setDebugFlash(int delay) {
+    status_t status = checkAccessPermission();
+    if (status != OK) {
+        return binderStatusFromStatusT(status);
+    }
     mFlinger->sfdo_setDebugFlash(delay);
     return binder::Status::ok();
 }
 
 binder::Status SurfaceComposerAIDL::scheduleComposite() {
+    status_t status = checkAccessPermission();
+    if (status != OK) {
+        return binderStatusFromStatusT(status);
+    }
     mFlinger->sfdo_scheduleComposite();
     return binder::Status::ok();
 }
 
 binder::Status SurfaceComposerAIDL::scheduleCommit() {
+    status_t status = checkAccessPermission();
+    if (status != OK) {
+        return binderStatusFromStatusT(status);
+    }
     mFlinger->sfdo_scheduleCommit();
     return binder::Status::ok();
 }
 
 binder::Status SurfaceComposerAIDL::forceClientComposition(bool enabled) {
+    status_t status = checkAccessPermission();
+    if (status != OK) {
+        return binderStatusFromStatusT(status);
+    }
     mFlinger->sfdo_forceClientComposition(enabled);
     return binder::Status::ok();
 }