Need to call set_requesting_sid for with_calling_sid to work.
SID should always be available, so fail with an error if it's not.
Bug: 181869875
Bug: 178852354
Test: mm
Change-Id: I3a817c054349d7cd6921ad96fe4a8c0b3aa73475
diff --git a/virtmanager/aidl/android/system/virtmanager/VirtualMachineDebugInfo.aidl b/virtmanager/aidl/android/system/virtmanager/VirtualMachineDebugInfo.aidl
index 7bb77ce..967db04 100644
--- a/virtmanager/aidl/android/system/virtmanager/VirtualMachineDebugInfo.aidl
+++ b/virtmanager/aidl/android/system/virtmanager/VirtualMachineDebugInfo.aidl
@@ -24,7 +24,7 @@
int requesterUid;
/** The SID of the process which requested the VM. */
- @nullable String requesterSid;
+ String requesterSid;
/**
* The PID of the process which requested the VM. Note that this process may no longer exist and
diff --git a/virtmanager/src/aidl.rs b/virtmanager/src/aidl.rs
index cd3bb6d..2f96f9d 100644
--- a/virtmanager/src/aidl.rs
+++ b/virtmanager/src/aidl.rs
@@ -27,7 +27,6 @@
self, BinderFeatures, Interface, ParcelFileDescriptor, StatusCode, Strong, ThreadState,
};
use log::{debug, error};
-use std::ffi::CStr;
use std::fs::File;
use std::sync::{Arc, Mutex, Weak};
@@ -60,18 +59,29 @@
.transpose()?;
let requester_uid = ThreadState::get_calling_uid();
let requester_sid = ThreadState::with_calling_sid(|sid| {
- sid.and_then(|sid: &CStr| match sid.to_str() {
- Ok(s) => Some(s.to_owned()),
- Err(e) => {
- error!("SID was not valid UTF-8: {:?}", e);
- None
+ if let Some(sid) = sid {
+ match sid.to_str() {
+ Ok(sid) => Ok(sid.to_owned()),
+ Err(e) => {
+ error!("SID was not valid UTF-8: {:?}", e);
+ Err(StatusCode::BAD_VALUE)
+ }
}
- })
- });
- let requester_pid = ThreadState::get_calling_pid();
+ } else {
+ error!("Missing SID on startVm");
+ Err(StatusCode::UNKNOWN_ERROR)
+ }
+ })?;
+ let requester_debug_pid = ThreadState::get_calling_pid();
let cid = state.allocate_cid()?;
- let instance =
- start_vm(config_fd.as_ref(), cid, log_fd, requester_uid, requester_sid, requester_pid)?;
+ let instance = start_vm(
+ config_fd.as_ref(),
+ cid,
+ log_fd,
+ requester_uid,
+ requester_sid,
+ requester_debug_pid,
+ )?;
state.add_vm(Arc::downgrade(&instance));
Ok(VirtualMachine::create(instance))
}
@@ -91,7 +101,7 @@
cid: vm.cid as i32,
requesterUid: vm.requester_uid as i32,
requesterSid: vm.requester_sid.clone(),
- requesterPid: vm.requester_pid,
+ requesterPid: vm.requester_debug_pid,
running: vm.running(),
})
.collect();
@@ -259,16 +269,16 @@
cid: Cid,
log_fd: Option<File>,
requester_uid: u32,
- requester_sid: Option<String>,
- requester_pid: i32,
+ requester_sid: String,
+ requester_debug_pid: i32,
) -> binder::Result<Arc<VmInstance>> {
let config = VmConfig::load(config_file).map_err(|e| {
error!("Failed to load VM config from {:?}: {:?}", config_file, e);
StatusCode::BAD_VALUE
})?;
- Ok(VmInstance::start(&config, cid, log_fd, requester_uid, requester_sid, requester_pid)
+ Ok(VmInstance::start(&config, cid, log_fd, requester_uid, requester_sid, requester_debug_pid)
.map_err(|e| {
- error!("Failed to start VM from {:?}: {:?}", config_file, e);
- StatusCode::UNKNOWN_ERROR
- })?)
+ error!("Failed to start VM from {:?}: {:?}", config_file, e);
+ StatusCode::UNKNOWN_ERROR
+ })?)
}
diff --git a/virtmanager/src/crosvm.rs b/virtmanager/src/crosvm.rs
index 5e6f658..60e063c 100644
--- a/virtmanager/src/crosvm.rs
+++ b/virtmanager/src/crosvm.rs
@@ -38,10 +38,10 @@
/// The UID of the process which requested the VM.
pub requester_uid: u32,
/// The SID of the process which requested the VM.
- pub requester_sid: Option<String>,
+ pub requester_sid: String,
/// The PID of the process which requested the VM. Note that this process may no longer exist
/// and the PID may have been reused for a different process, so this should not be trusted.
- pub requester_pid: i32,
+ pub requester_debug_pid: i32,
/// Whether the VM is still running.
running: AtomicBool,
/// Callbacks to clients of the VM.
@@ -54,15 +54,15 @@
child: SharedChild,
cid: Cid,
requester_uid: u32,
- requester_sid: Option<String>,
- requester_pid: i32,
+ requester_sid: String,
+ requester_debug_pid: i32,
) -> VmInstance {
VmInstance {
child,
cid,
requester_uid,
requester_sid,
- requester_pid,
+ requester_debug_pid,
running: AtomicBool::new(true),
callbacks: Default::default(),
}
@@ -75,12 +75,17 @@
cid: Cid,
log_fd: Option<File>,
requester_uid: u32,
- requester_sid: Option<String>,
- requester_pid: i32,
+ requester_sid: String,
+ requester_debug_pid: i32,
) -> Result<Arc<VmInstance>, Error> {
let child = run_vm(config, cid, log_fd)?;
- let instance =
- Arc::new(VmInstance::new(child, cid, requester_uid, requester_sid, requester_pid));
+ let instance = Arc::new(VmInstance::new(
+ child,
+ cid,
+ requester_uid,
+ requester_sid,
+ requester_debug_pid,
+ ));
let instance_clone = instance.clone();
thread::spawn(move || {
diff --git a/virtmanager/src/main.rs b/virtmanager/src/main.rs
index 454fc7e..4c98c41 100644
--- a/virtmanager/src/main.rs
+++ b/virtmanager/src/main.rs
@@ -38,7 +38,10 @@
);
let virt_manager = VirtManager::default();
- let virt_manager = BnVirtManager::new_binder(virt_manager, BinderFeatures::default());
+ let virt_manager = BnVirtManager::new_binder(
+ virt_manager,
+ BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() },
+ );
add_service(BINDER_SERVICE_IDENTIFIER, virt_manager.as_binder()).unwrap();
info!("Registered Binder service, joining threadpool.");
ProcessState::join_thread_pool();