bool Permission::checkCalling() const
{
IPCThreadState* ipcState = IPCThreadState::self();
pid_t pid = ipcState->getCallingPid();
uid_t uid = ipcState->getCallingUid();
return doCheckPermission(pid, uid);
}
status_t FakeSurfaceComposer::onTransact(uint32_t code, const Parcel& data,
Parcel* reply, uint32_t flags)
{
switch (code) {
case CREATE_CONNECTION:
case CREATE_DISPLAY:
case SET_TRANSACTION_STATE:
case CAPTURE_SCREEN:
{
// codes that require permission check
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
// Accept request only when uid is root.
if (uid != AID_ROOT) {
ALOGE("Permission Denial: "
"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
return PERMISSION_DENIED;
}
break;
}
}
return BnSurfaceComposer::onTransact(code, data, reply, flags);
}
static bool isProtectedCallAllowed() {
// M: migration these from ICS
// TODO
// Following implementation is just for reference.
// Each OEM manufacturer should implement/replace with their own solutions.
bool result = false;
IPCThreadState* ipcState = IPCThreadState::self();
uid_t uid = ipcState->getCallingUid();
for (unsigned int i = 0; i < trustedUids.size(); ++i) {
if (trustedUids[i] == uid) {
result = true;
break;
}
}
// M:
// for OMA DRM v1 implementation
// if can't authorize the process by UID, then check the process name.
if (!result) {
pid_t pid = ipcState->getCallingPid();
result = DrmTrustedClient::IsDrmTrustedClient(DrmMtkUtil::getProcessName(pid));
}
return result;
}
status_t BnQService::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
// IPC should be from mediaserver only
IPCThreadState* ipc = IPCThreadState::self();
const int callerPid = ipc->getCallingPid();
const int callerUid = ipc->getCallingUid();
const bool permission = (callerUid == AID_MEDIA);
switch(code) {
case CONNECT: {
CHECK_INTERFACE(IQService, data, reply);
sp<IQClient> client =
interface_cast<IQClient>(data.readStrongBinder());
connect(client);
return NO_ERROR;
} break;
case SETMEM: {
CHECK_INTERFACE(IQService, data, reply);
sp<IMemory> sharedBuffer =
interface_cast<IMemory>(data.readStrongBinder());
setMemory(sharedBuffer);
return NO_ERROR;
} break;
default:
return BBinder::onTransact(code, data, reply, flags);
}
}
bool checkCallingPermission(const String16& permission, int32_t* outPid, int32_t* outUid)
{
IPCThreadState* ipcState = IPCThreadState::self();
pid_t pid = ipcState->getCallingPid();
uid_t uid = ipcState->getCallingUid();
if (outPid) *outPid = pid;
if (outUid) *outUid = uid;
return checkPermission(permission, pid, uid);
}
virtual int enroll(uint32_t uid,
const uint8_t *current_password_handle, uint32_t current_password_handle_length,
const uint8_t *current_password, uint32_t current_password_length,
const uint8_t *desired_password, uint32_t desired_password_length,
uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
IPCThreadState* ipc = IPCThreadState::self();
const int calling_pid = ipc->getCallingPid();
const int calling_uid = ipc->getCallingUid();
if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
return PERMISSION_DENIED;
}
// need a desired password to enroll
if (desired_password_length == 0) return -EINVAL;
int ret;
if (device) {
const gatekeeper::password_handle_t *handle =
reinterpret_cast<const gatekeeper::password_handle_t *>(current_password_handle);
if (handle != NULL && handle->version != 0 && !handle->hardware_backed) {
// handle is being re-enrolled from a software version. HAL probably won't accept
// the handle as valid, so we nullify it and enroll from scratch
current_password_handle = NULL;
current_password_handle_length = 0;
current_password = NULL;
current_password_length = 0;
}
ret = device->enroll(device, uid, current_password_handle, current_password_handle_length,
current_password, current_password_length,
desired_password, desired_password_length,
enrolled_password_handle, enrolled_password_handle_length);
} else {
ret = soft_device->enroll(uid,
current_password_handle, current_password_handle_length,
current_password, current_password_length,
desired_password, desired_password_length,
enrolled_password_handle, enrolled_password_handle_length);
}
if (ret == 0) {
gatekeeper::password_handle_t *handle =
reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
store_sid(uid, handle->user_id);
bool rr;
// immediately verify this password so we don't ask the user to enter it again
// if they just created it.
verify(uid, *enrolled_password_handle, sizeof(password_handle_t), desired_password,
desired_password_length, &rr);
}
return ret;
}
status_t BatteryPropertiesRegistrar::dump(int fd, const Vector<String16>& /*args*/) {
IPCThreadState* self = IPCThreadState::self();
const int pid = self->getCallingPid();
const int uid = self->getCallingUid();
if ((uid != AID_SHELL) &&
!PermissionCache::checkPermission(
String16("android.permission.DUMP"), pid, uid))
return PERMISSION_DENIED;
healthd_dump_battery_state(fd);
return OK;
}
virtual void clearSecureUserId(uint32_t uid) {
IPCThreadState* ipc = IPCThreadState::self();
const int calling_pid = ipc->getCallingPid();
const int calling_uid = ipc->getCallingUid();
if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
return;
}
clear_sid(uid);
if (device != NULL && device->delete_user != NULL) {
device->delete_user(device, uid);
}
}
virtual status_t dump(int fd, const Vector<String16> &) {
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) {
return PERMISSION_DENIED;
}
if (device == NULL) {
const char *result = "Device not available";
write(fd, result, strlen(result) + 1);
} else {
const char *result = "OK";
write(fd, result, strlen(result) + 1);
}
return NO_ERROR;
}
status_t Client::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
// these must be checked
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
const int self_pid = getpid();
if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != 0)) {
// we're called from a different process, do the real check
if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger))
{
ALOGE("Permission Denial: "
"can't openGlobalTransaction pid=%d, uid=%d", pid, uid);
return PERMISSION_DENIED;
}
}
return BnSurfaceComposerClient::onTransact(code, data, reply, flags);
}
status_t LayerBaseClient::Surface::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
switch (code) {
case REGISTER_BUFFERS:
case UNREGISTER_BUFFERS:
case CREATE_OVERLAY:
{
if (!mFlinger->mAccessSurfaceFlinger.checkCalling()) {
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
LOGE("Permission Denial: "
"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
return PERMISSION_DENIED;
}
}
}
return BnSurface::onTransact(code, data, reply, flags);
}
int
GonkSchedulePolicyService::requestPriority(int32_t pid, int32_t tid, int32_t prio)
{
// See SchedulingPolicyService.java
#define PRIORITY_MIN 1
#define PRIORITY_MAX 3
IPCThreadState* ipcState = IPCThreadState::self();
if (ipcState->getCallingUid() != AID_MEDIA ||
prio < PRIORITY_MIN || prio > PRIORITY_MAX ||
!tidBelongsToPid(tid, pid))
return -1; /* PackageManager.PERMISSION_DENIED */
set_sched_policy(tid, ipcState->getCallingPid() == pid ?
SP_AUDIO_SYS : SP_AUDIO_APP);
struct sched_param param;
param.sched_priority = prio;
int rc = sched_setscheduler(tid, SCHED_FIFO, ¶m);
if (rc)
return -1;
return 0; /* PackageManger.PERMISSION_GRANTED */
}
status_t Client::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
// these must be checked
IPCThreadState* ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
const int self_pid = getpid();
// If we are called from another non root process without the GRAPHICS, SYSTEM, or ROOT
// uid we require the sAccessSurfaceFlinger permission.
// We grant an exception in the case that the Client has a "parent layer", as its
// effects will be scoped to that layer.
if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0)
&& (getParentLayer() == nullptr)) {
// we're called from a different process, do the real check
if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger))
{
ALOGE("Permission Denial: "
"can't openGlobalTransaction pid=%d, uid<=%d", pid, uid);
return PERMISSION_DENIED;
}
}
return BnSurfaceComposerClient::onTransact(code, data, reply, flags);
}
virtual int verifyChallenge(uint32_t uid, uint64_t challenge,
const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
const uint8_t *provided_password, uint32_t provided_password_length,
uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) {
IPCThreadState* ipc = IPCThreadState::self();
const int calling_pid = ipc->getCallingPid();
const int calling_uid = ipc->getCallingUid();
if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
return PERMISSION_DENIED;
}
// can't verify if we're missing either param
if ((enrolled_password_handle_length | provided_password_length) == 0)
return -EINVAL;
int ret;
if (device) {
const gatekeeper::password_handle_t *handle =
reinterpret_cast<const gatekeeper::password_handle_t *>(enrolled_password_handle);
// handle version 0 does not have hardware backed flag, and thus cannot be upgraded to
// a HAL if there was none before
if (handle->version == 0 || handle->hardware_backed) {
ret = device->verify(device, uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length,
request_reenroll);
} else {
// upgrade scenario, a HAL has been added to this device where there was none before
SoftGateKeeperDevice soft_dev;
ret = soft_dev.verify(uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length,
request_reenroll);
if (ret == 0) {
// success! re-enroll with HAL
*request_reenroll = true;
}
}
} else {
ret = soft_device->verify(uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length,
request_reenroll);
}
if (ret == 0 && *auth_token != NULL && *auth_token_length > 0) {
// TODO: cache service?
sp<IServiceManager> sm = defaultServiceManager();
sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
if (service != NULL) {
status_t ret = service->addAuthToken(*auth_token, *auth_token_length);
if (ret != ResponseCode::NO_ERROR) {
ALOGE("Falure sending auth token to KeyStore: %d", ret);
}
} else {
ALOGE("Unable to communicate with KeyStore");
}
}
if (ret == 0) {
maybe_store_sid(uid, reinterpret_cast<const gatekeeper::password_handle_t *>(
enrolled_password_handle)->user_id);
}
return ret;
}
status_t BnMonzax::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
status_t status = BBinder::onTransact(code, data, reply, flags);
if (status != UNKNOWN_TRANSACTION) {
return status;
}
if (! reply) {
ALOGE("Monzax::onTransact(): null reply parcel received.");
return BAD_VALUE;
}
IPCThreadState *ipc = IPCThreadState::self();
const int pid = ipc->getCallingPid();
const int uid = ipc->getCallingUid();
// dispatch to the appropriate method based on the transaction code.
switch(code){
case FILE_OPEN:
{
CHECK_INTERFACE(IMonzax, data, reply);
ALOGI("BnMonzax: onTransact: FILE_OPEN"
"client to access MonzaxService from uid=%d pid=%d code: %d",
uid, pid, code);
char *pName = (char *) data.readCString();
int ret = file_open(pName);
reply->writeInt32(ret);
return NO_ERROR;
}
break;
case FILE_CLOSE:
{
ALOGI("BnMonzax: onTransact: FILE_CLOSE"
"client to access MonzaxService from uid=%d pid=%d code: %d",
uid, pid, code);
CHECK_INTERFACE(IMonzax, data, reply);
int fd = data.readInt32();
int ret = file_close(fd);
reply->writeInt32(ret);
return NO_ERROR;
}
break;
case FILE_SEEK:
{
CHECK_INTERFACE(IMonzax, data, reply);
int ret;
int fd = data.readInt32();
int offset = data.readInt32();
int whence = data.readInt32();
ret = file_seek(fd, offset, whence);
reply->writeInt32(ret);
return NO_ERROR;
}
break;
case FILE_READ:
{
CHECK_INTERFACE(IMonzax, data, reply);
char *pReadBuf;
int ret;
int fd = data.readInt32();
int length = data.readInt32();
pReadBuf = (char*) malloc(sizeof(char) * length);
if (pReadBuf == NULL) {
ret = -1;
reply->writeInt32(ret);
ALOGE("onTransact File_Read malloc result failed.\n");
goto err_read;
}
ret = file_read(fd, pReadBuf, length);
reply->writeInt32(ret);
if(ret >0){
reply->write((char *) pReadBuf, ret);
}
free(pReadBuf);
pReadBuf = NULL;
return NO_ERROR;
err_read:
ALOGE("onTransact File_Read ,ret =%d out\n", (int)ret);
return ret;
}
break;
case FILE_WRITE:
{
CHECK_INTERFACE(IMonzax, data, reply);
int ret;
int fd = data.readInt32();
int length = data.readInt32();
char *pWriteBuf = (char*) malloc(sizeof(char) * length);
if (pWriteBuf == NULL) {
ret = -1;
reply->writeInt32(ret);
ALOGE("onTransact File_Write malloc result failed.\n");
goto err_write;
}
if(length > 0){
const char *input = (const char *) data.readInplace(length);
if (input)
memcpy(pWriteBuf, input, length);
else {
ALOGE("onTransact File_Write length is 0, failed.\n");
memset(pWriteBuf, 0, length);
length = 0;
}
} else
memset(pWriteBuf, 0, length);
ret = file_write(fd, (char *)pWriteBuf, length);
reply->writeInt32(ret);
free(pWriteBuf);
pWriteBuf = NULL;
return NO_ERROR;
err_write:
ALOGE("onTransact File_Write ,ret =%d out\n", (int)ret);
return ret;
}
break;
default:
return BBinder::onTransact(code, data, reply, flags);
}
}