Sensor: expose sensor UUID to privileged clients
Allow privileged clients (system server and audio server)
to access the UUID of dynamic sensors.
For other clients, the UUID is replaced by the existing
obfuscated sensor ID.
Bug: 210803914
Test: make
Change-Id: I496ac59504da4e8d98310663c047cb3c0a2abad6
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
index 0a49008..5cf3f1a 100644
--- a/libs/sensor/Sensor.cpp
+++ b/libs/sensor/Sensor.cpp
@@ -468,7 +468,15 @@
}
void Sensor::setId(int32_t id) {
- mUuid.i64[0] = id;
+ mId = id;
+}
+
+int32_t Sensor::getId() const {
+ return mId;
+}
+
+void Sensor::anonymizeUuid() {
+ mUuid.i64[0] = mId;
mUuid.i64[1] = 0;
}
@@ -485,17 +493,14 @@
}
}
-int32_t Sensor::getId() const {
- return int32_t(mUuid.i64[0]);
-}
-
size_t Sensor::getFlattenedSize() const {
size_t fixedSize =
sizeof(mVersion) + sizeof(mHandle) + sizeof(mType) +
sizeof(mMinValue) + sizeof(mMaxValue) + sizeof(mResolution) +
sizeof(mPower) + sizeof(mMinDelay) + sizeof(mFifoMaxEventCount) +
sizeof(mFifoMaxEventCount) + sizeof(mRequiredPermissionRuntime) +
- sizeof(mRequiredAppOp) + sizeof(mMaxDelay) + sizeof(mFlags) + sizeof(mUuid);
+ sizeof(mRequiredAppOp) + sizeof(mMaxDelay) + sizeof(mFlags) +
+ sizeof(mUuid) + sizeof(mId);
size_t variableSize =
sizeof(uint32_t) + FlattenableUtils::align<4>(mName.length()) +
@@ -529,18 +534,8 @@
FlattenableUtils::write(buffer, size, mRequiredAppOp);
FlattenableUtils::write(buffer, size, mMaxDelay);
FlattenableUtils::write(buffer, size, mFlags);
- if (mUuid.i64[1] != 0) {
- // We should never hit this case with our current API, but we
- // could via a careless API change. If that happens,
- // this code will keep us from leaking our UUID (while probably
- // breaking dynamic sensors). See b/29547335.
- ALOGW("Sensor with UUID being flattened; sending 0. Expect "
- "bad dynamic sensor behavior");
- uuid_t tmpUuid; // default constructor makes this 0.
- FlattenableUtils::write(buffer, size, tmpUuid);
- } else {
- FlattenableUtils::write(buffer, size, mUuid);
- }
+ FlattenableUtils::write(buffer, size, mUuid);
+ FlattenableUtils::write(buffer, size, mId);
return NO_ERROR;
}
@@ -580,7 +575,7 @@
size_t fixedSize2 =
sizeof(mRequiredPermissionRuntime) + sizeof(mRequiredAppOp) + sizeof(mMaxDelay) +
- sizeof(mFlags) + sizeof(mUuid);
+ sizeof(mFlags) + sizeof(mUuid) + sizeof(mId);
if (size < fixedSize2) {
return NO_MEMORY;
}
@@ -590,6 +585,7 @@
FlattenableUtils::read(buffer, size, mMaxDelay);
FlattenableUtils::read(buffer, size, mFlags);
FlattenableUtils::read(buffer, size, mUuid);
+ FlattenableUtils::read(buffer, size, mId);
return NO_ERROR;
}
diff --git a/libs/sensor/include/sensor/Sensor.h b/libs/sensor/include/sensor/Sensor.h
index 374b68f..bae8a13 100644
--- a/libs/sensor/include/sensor/Sensor.h
+++ b/libs/sensor/include/sensor/Sensor.h
@@ -96,11 +96,8 @@
bool isDirectChannelTypeSupported(int32_t sharedMemType) const;
int32_t getReportingMode() const;
- // Note that after setId() has been called, getUuid() no longer
- // returns the UUID.
- // TODO(b/29547335): Remove getUuid(), add getUuidIndex(), and
- // make sure setId() doesn't change the UuidIndex.
const uuid_t& getUuid() const;
+ void anonymizeUuid();
int32_t getId() const;
void setId(int32_t id);
@@ -132,10 +129,8 @@
int32_t mRequiredAppOp;
int32_t mMaxDelay;
uint32_t mFlags;
- // TODO(b/29547335): Get rid of this field and replace with an index.
- // The index will be into a separate global vector of UUIDs.
- // Also add an mId field (and change flatten/unflatten appropriately).
uuid_t mUuid;
+ int32_t mId;
static void flattenString8(void*& buffer, size_t& size, const String8& string8);
static bool unflattenString8(void const*& buffer, size_t& size, String8& outputString8);
};
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index 9bc7b8e..517d383 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -1254,6 +1254,11 @@
for (auto &sensor : sensorList) {
int32_t id = getIdFromUuid(sensor.getUuid());
sensor.setId(id);
+ // The sensor UUID must always be anonymized here for non privileged clients.
+ // There is no other checks after this point before returning to client process.
+ if (!isAudioServerOrSystemServerUid(IPCThreadState::self()->getCallingUid())) {
+ sensor.anonymizeUuid();
+ }
}
}
diff --git a/services/sensorservice/SensorService.h b/services/sensorservice/SensorService.h
index 9b6d01a..b009829 100644
--- a/services/sensorservice/SensorService.h
+++ b/services/sensorservice/SensorService.h
@@ -26,6 +26,7 @@
#include <binder/IUidObserver.h>
#include <cutils/compiler.h>
#include <cutils/multiuser.h>
+#include <private/android_filesystem_config.h>
#include <sensor/ISensorServer.h>
#include <sensor/ISensorEventConnection.h>
#include <sensor/Sensor.h>
@@ -447,6 +448,10 @@
// Removes the capped rate on active direct connections (when the mic toggle is flipped to off)
void uncapRates(userid_t userId);
+ static inline bool isAudioServerOrSystemServerUid(uid_t uid) {
+ return multiuser_get_app_id(uid) == AID_SYSTEM || uid == AID_AUDIOSERVER;
+ }
+
static uint8_t sHmacGlobalKey[128];
static bool sHmacGlobalKeyIsValid;