hwc: qservice: Pass through binder calls
Pass through binder calls for non qservice calls.
Change-Id: I9cae0d40b8377bda9627fbc3e6f90d5aed1f1e0f
Signed-off-by: Iliyan Malchev <malchev@google.com>
diff --git a/libqservice/IQService.cpp b/libqservice/IQService.cpp
index 5f71732..420d59c 100644
--- a/libqservice/IQService.cpp
+++ b/libqservice/IQService.cpp
@@ -26,6 +26,7 @@
#include <binder/IInterface.h>
#include <binder/IPCThreadState.h>
#include <utils/Errors.h>
+#include <private/android_filesystem_config.h>
#include <IQService.h>
@@ -68,25 +69,32 @@
// IPC should be from mediaserver only
IPCThreadState* ipc = IPCThreadState::self();
const int callerPid = ipc->getCallingPid();
+ const int callerUid = ipc->getCallingUid();
const size_t MAX_BUF_SIZE = 1024;
- const char *mediaServer = "/system/bin/mediaserver";
char callingProcName[MAX_BUF_SIZE] = {0};
getProcName(callerPid, callingProcName, MAX_BUF_SIZE);
- if(strcmp(callingProcName, mediaServer) != 0 ) { //Some rogue process
- ALOGE("No Permission:can't access display.qservice pid=%d process=%s",
- callerPid, callingProcName);
- return PERMISSION_DENIED;
- }
+
+ const bool permission = (callerUid == AID_MEDIA);
switch(code) {
case SECURING: {
+ if(!permission) {
+ ALOGE("display.qservice SECURING access denied: pid=%d uid=%d process=%s",
+ callerPid, callerUid, callingProcName);
+ return PERMISSION_DENIED;
+ }
CHECK_INTERFACE(IQService, data, reply);
uint32_t startEnd = data.readInt32();
securing(startEnd);
return NO_ERROR;
} break;
case UNSECURING: {
+ if(!permission) {
+ ALOGE("display.qservice UNSECURING access denied: pid=%d uid=%d process=%s",
+ callerPid, callerUid, callingProcName);
+ return PERMISSION_DENIED;
+ }
CHECK_INTERFACE(IQService, data, reply);
uint32_t startEnd = data.readInt32();
unsecuring(startEnd);