commit 030090fa01fd2db033944d9f424720c90885881a
author TreeHugger Robot <treehugger-gerrit@google.com> Wed Jul 29 07:23:09 2020 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Jul 29 07:23:09 2020 +0000
tree 972fde8058f4399084c330295e61fe824340b020
parent 4f884a132c55cadb98f27e29c027b7a513ec15f0
parent c7cdd0567a58ff8ffcc70bb791fde172faa99f6d

Merge "GpuService: secure setUpdatableDriverPath"

services/gpuservice/GpuService.cpp

diff --git a/services/gpuservice/GpuService.cpp b/services/gpuservice/GpuService.cpp
index 18c819f..52d5d4f 100644
--- a/services/gpuservice/GpuService.cpp
+++ b/services/gpuservice/GpuService.cpp
@@ -75,11 +75,23 @@
 }
 
 void GpuService::setUpdatableDriverPath(const std::string& driverPath) {
-    developerDriverPath = driverPath;
+    IPCThreadState* ipc = IPCThreadState::self();
+    const int pid = ipc->getCallingPid();
+    const int uid = ipc->getCallingUid();
+
+    // only system_server is allowed to set updatable driver path
+    if (uid != AID_SYSTEM) {
+        ALOGE("Permission Denial: can't set updatable driver path from pid=%d, uid=%d\n", pid, uid);
+        return;
+    }
+
+    std::lock_guard<std::mutex> lock(mLock);
+    mDeveloperDriverPath = driverPath;
 }
 
 std::string GpuService::getUpdatableDriverPath() {
-    return developerDriverPath;
+    std::lock_guard<std::mutex> lock(mLock);
+    return mDeveloperDriverPath;
 }
 
 status_t GpuService::shellCommand(int /*in*/, int out, int err, std::vector<String16>& args) {

services/gpuservice/GpuService.h

diff --git a/services/gpuservice/GpuService.h b/services/gpuservice/GpuService.h
index 43faa3e..409084b 100644
--- a/services/gpuservice/GpuService.h
+++ b/services/gpuservice/GpuService.h
@@ -79,7 +79,8 @@
     std::shared_ptr<GpuMem> mGpuMem;
     std::unique_ptr<GpuStats> mGpuStats;
     std::unique_ptr<GpuMemTracer> mGpuMemTracer;
-    std::string developerDriverPath;
+    std::mutex mLock;
+    std::string mDeveloperDriverPath;
 };
 
 } // namespace android