commit 8e2f3858d5a06dae5a543d9428278f59120f7f8c
author Siva Velusamy <vsiva@google.com> Thu Mar 15 16:18:38 2012 -0700
committer Siva Velusamy <vsiva@google.com> Thu Mar 15 16:41:35 2012 -0700
tree f3d1a881d8221279bc23cca533d8972df9c7b7f6
parent 9eeebe39807e65e29b3bb05e7d0e4094bdb564c8

gltrace: Only accept connections from the shell.

Only accept incoming connections from the shell user.

Change-Id: Ibef1a796d794d45f73db59949b39cb1ce68542b4

opengl/libs/GLES_trace/src/gltrace_transport.cpp

diff --git a/opengl/libs/GLES_trace/src/gltrace_transport.cpp b/opengl/libs/GLES_trace/src/gltrace_transport.cpp
index 5251b12..5c73456 100644
--- a/opengl/libs/GLES_trace/src/gltrace_transport.cpp
+++ b/opengl/libs/GLES_trace/src/gltrace_transport.cpp
@@ -23,6 +23,7 @@
 #include <netinet/in.h>
 
 #include <cutils/log.h>
+#include <private/android_filesystem_config.h>
 
 #include "gltrace_transport.h"
 
@@ -67,6 +68,19 @@
         return -1;
     }
 
+    struct ucred cr;
+    socklen_t cr_len = sizeof(cr);
+    if (getsockopt(clientSocket, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) != 0) {
+        ALOGE("Error obtaining credentials of peer");
+        return -1;
+    }
+
+    // Only accept connects from the shell (adb forward comes to us as shell user)
+    if (cr.uid != AID_SHELL) {
+        ALOGE("Unknown peer type (%d), expected shell to be the peer", cr.uid);
+        return -1;
+    }
+
     ALOGD("gltrace::waitForClientConnection: client connected.");
 
     // do not accept any more incoming connections