Revert "Revert "Add gServiceSidMap.""
This reverts commit 8f21ad8aa6496e2ad6061589b87275f4a98ef651.
This enables getting security contexts from the kernel.
Bug: 121035042
Test: boot patch w/ w/o kernel patch on cuttlefish and check for
security logs.
Test: check for cnd failures on crosshatch.
Change-Id: I771fa6bbeac0b9cbba5321881e191605b0e17e23
Merged-In: I771fa6bbeac0b9cbba5321881e191605b0e17e23
(cherry picked from commit 42bc6d55089566924dc367afa40280269b1d0419)
diff --git a/transport/HidlTransportSupport.cpp b/transport/HidlTransportSupport.cpp
index c9937f1..db70438 100644
--- a/transport/HidlTransportSupport.cpp
+++ b/transport/HidlTransportSupport.cpp
@@ -42,6 +42,20 @@
return handleBinderPoll();
}
+// TODO(b/122472540): only store one data item per object
+template <typename V>
+static void pruneMapLocked(ConcurrentMap<wp<IBase>, V>& map) {
+ std::vector<wp<IBase>> toDelete;
+ for (const auto& kv : map) {
+ if (kv.first.promote() == nullptr) {
+ toDelete.push_back(kv.first);
+ }
+ }
+ for (const auto& k : toDelete) {
+ map.eraseLocked(k);
+ }
+}
+
bool setMinSchedulerPolicy(const sp<IBase>& service, int policy, int priority) {
if (service->isRemote()) {
LOG(ERROR) << "Can't set scheduler policy on remote service.";
@@ -71,24 +85,29 @@
// Due to ABI considerations, IBase cannot have a destructor to clean this up.
// So, because this API is so infrequently used, (expected to be usually only
// one time for a process, but it can be more), we are cleaning it up here.
- // TODO(b/37794345): if ever we update the HIDL ABI for launches in an Android
- // release in the meta-version sense, we should remove this.
std::unique_lock<std::mutex> lock = details::gServicePrioMap.lock();
-
- std::vector<wp<IBase>> toDelete;
- for (const auto& kv : details::gServicePrioMap) {
- if (kv.first.promote() == nullptr) {
- toDelete.push_back(kv.first);
- }
- }
- for (const auto& k : toDelete) {
- details::gServicePrioMap.eraseLocked(k);
- }
+ pruneMapLocked(details::gServicePrioMap);
details::gServicePrioMap.setLocked(service, {policy, priority});
return true;
}
+bool setRequestingSid(const sp<IBase>& service, bool requesting) {
+ if (service->isRemote()) {
+ LOG(ERROR) << "Can't set requesting sid on remote service.";
+ return false;
+ }
+
+ // Due to ABI considerations, IBase cannot have a destructor to clean this up.
+ // So, because this API is so infrequently used, (expected to be usually only
+ // one time for a process, but it can be more), we are cleaning it up here.
+ std::unique_lock<std::mutex> lock = details::gServiceSidMap.lock();
+ pruneMapLocked(details::gServiceSidMap);
+ details::gServiceSidMap.setLocked(service, requesting);
+
+ return true;
+}
+
bool interfacesEqual(const sp<IBase>& left, const sp<IBase>& right) {
if (left == nullptr || right == nullptr || !left->isRemote() || !right->isRemote()) {
return left == right;