Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 23115b098dfdec7d5b6167c1e2e6837dd6fb717f^! / . / keystore / key_store_service.cpp
commit23115b098dfdec7d5b6167c1e2e6837dd6fb717f[log] [tgz]
authorSteven Moreland <smoreland@google.com>Thu Jan 10 16:20:20 2019 -0800
committerSteven Moreland <smoreland@google.com>Thu Jan 10 16:20:20 2019 -0800
tree8890a83213e838a426755732e62889d3e5e1040a
parente47f2e78cd72a2604dccc21d6bfdb3dca056b8ec [diff] [blame]
keystore: use getCallingSid

Bug: 121035042
Test: boot. SafetyNet logs go away when device has new kernel.
Change-Id: Iebfdc8b221de1070aeaf6fc1ac5c02cc6987b285

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 16ad7a8..fcf863d 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp

@@ -1222,7 +1222,8 @@
 bool KeyStoreService::checkBinderPermission(perm_t permission, int32_t targetUid) {
     uid_t callingUid = IPCThreadState::self()->getCallingUid();
     pid_t spid = IPCThreadState::self()->getCallingPid();
-    if (!has_permission(callingUid, permission, spid)) {
+    const char* ssid = IPCThreadState::self()->getCallingSid();
+    if (!has_permission(callingUid, permission, spid, ssid)) {
         ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
         return false;
     }
@@ -1240,7 +1241,8 @@
 bool KeyStoreService::checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) {
     uid_t callingUid = IPCThreadState::self()->getCallingUid();
     pid_t spid = IPCThreadState::self()->getCallingPid();
-    if (!has_permission(callingUid, permission, spid)) {
+    const char* ssid = IPCThreadState::self()->getCallingSid();
+    if (!has_permission(callingUid, permission, spid, ssid)) {
         ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
         return false;
     }