Check for dump permission on perfprofd
Even though dumping is not implemented yet on this service, it should
check for the right permission and print a failure message as expected
by CTS.
The fix is based on a similar change in frameworks/av, commit
8bf5518c49d256ac27937dba007879c7f4693138.
Issue: FP2P-326
Test: run cts -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest#testDumpProtected
Change-Id: I81e63724ecfa7c4346f1425c616f241e5024bf46
diff --git a/perfprofd/binder_interface/perfprofd_binder.cc b/perfprofd/binder_interface/perfprofd_binder.cc
index e4672c3..c401444 100644
--- a/perfprofd/binder_interface/perfprofd_binder.cc
+++ b/perfprofd/binder_interface/perfprofd_binder.cc
@@ -32,7 +32,9 @@
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <binder/BinderService.h>
+#include <binder/IPCThreadState.h>
#include <binder/IResultReceiver.h>
+#include <binder/PermissionCache.h>
#include <binder/Status.h>
#include <google/protobuf/io/zero_copy_stream_impl_lite.h>
#include <utils/String16.h>
@@ -108,6 +110,16 @@
status_t PerfProfdNativeService::dump(int fd, const Vector<String16> &args) {
auto out = std::fstream(base::StringPrintf("/proc/self/fd/%d", fd));
+
+ const IPCThreadState* ipc = IPCThreadState::self();
+ const int pid = ipc->getCallingPid();
+ const int uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(String16("android.permission.DUMP"), pid, uid)) {
+ out << "Permission Denial: can't dump MediaExtractor from pid="
+ << pid << ", uid=" << uid << std::endl;
+ return android::PERMISSION_DENIED;
+ }
+
out << "Nothing to log, yet!" << std::endl;
return NO_ERROR;