Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 5c08e30e8cd35a7ddfb2be0cc7f6ade572c2bbc8^! / . / libs / gui / BufferQueueConsumer.cpp
commit5c08e30e8cd35a7ddfb2be0cc7f6ade572c2bbc8[log] [tgz]
authorKiyoung Kim <kiyoungkim@google.com>Fri Nov 10 16:35:13 2023 +0900
committerKiyoung Kim <kiyoungkim@google.com>Mon Nov 27 17:29:19 2023 +0900
treedfb5c5628fe986a4d1ecb7b48723873726403752
parent04b22dd2210c6d108c4bff4e5708cd3099ba770e [diff] [blame]
Do not rely on android_is_in_vendor_process

android_is_in_vendor_process is used to check if the function is called
from the system process. However, implementation would not work as
expected once VNDK deprecates. This change is to change logic from using
libvndksupport to directly check if current selinux context can access
to permission service.

Bug: 300366609
Test: aosp cf build succeded
Change-Id: I7cb904fe9910e5325132c68ca584eb964c84a79b

diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp
index b6a47fb..744201a 100644
--- a/libs/gui/BufferQueueConsumer.cpp
+++ b/libs/gui/BufferQueueConsumer.cpp

@@ -36,13 +36,45 @@
 #include <gui/TraceUtils.h>
 
 #include <private/gui/BufferQueueThreadState.h>
-#ifndef __ANDROID_VNDK__
+#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
 #include <binder/PermissionCache.h>
-#include <vndksupport/linker.h>
+#include <selinux/android.h>
+#include <selinux/selinux.h>
 #endif
 
 #include <system/window.h>
 
+namespace {
+#if !defined(__ANDROID_VNDK__) && !defined(NO_BINDER)
+int selinux_log_suppress_callback(int, const char*, ...) { // NOLINT
+    // DO NOTHING
+    return 0;
+}
+
+bool hasAccessToPermissionService() {
+    char* ctx;
+
+    if (getcon(&ctx) == -1) {
+        // Failed to get current selinux context
+        return false;
+    }
+
+    union selinux_callback cb;
+
+    cb.func_log = selinux_log_suppress_callback;
+    selinux_set_callback(SELINUX_CB_LOG, cb);
+
+    bool hasAccess = selinux_check_access(ctx, "u:object_r:permission_service:s0",
+                                          "service_manager", "find", NULL) == 0;
+    freecon(ctx);
+    cb.func_log = hasAccess ? selinux_log_callback : selinux_vendor_log_callback;
+    selinux_set_callback(SELINUX_CB_LOG, cb);
+
+    return hasAccess;
+}
+#endif
+} // namespace
+
 namespace android {
 
 // Macros for include BufferQueueCore information in log messages
@@ -814,7 +846,7 @@
     // the PermissionController. We need to do a runtime check as well, since
     // the system variant of libgui can be loaded in a vendor process. For eg:
     // if a HAL uses an llndk library that depends on libgui (libmediandk etc).
-    if (!android_is_in_vendor_process()) {
+    if (hasAccessToPermissionService()) {
         const pid_t pid = BufferQueueThreadState::getCallingPid();
         if ((uid != shellUid) &&
             !PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {