gugelfrei
/
android_frameworks_av
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

drmserver: use getCallingSid

Browse Source 
Bug: 121035042
Test: `atest android.drm.cts`
    CtsDrmTestCases: Passed: 43, Failed: 0
Change-Id: Ia85f437da29821d08dd585f87ac096de5f85b980
gugelfrei
Steven Moreland 6 years ago
parent 78fde5f87c
commit 1a394d593e
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File

25
drm/drmserver/DrmManagerService.cpp
Unescape View File

@ -58,22 +58,26 @@ const char *DrmManagerService::get_perm_label(drm_perm_t perm) {
return drm_perm_labels[index]; return drm_perm_labels[index];
} }
bool DrmManagerService::selinuxIsProtectedCallAllowed(pid_t spid, drm_perm_t perm) { bool DrmManagerService::selinuxIsProtectedCallAllowed(pid_t spid, const char* ssid, drm_perm_t perm) {
if (selinux_enabled <= 0) { if (selinux_enabled <= 0) {
return true; return true;
} }
char *sctx; char *sctx = NULL;
const char *selinux_class = "drmservice"; const char *selinux_class = "drmservice";
const char *str_perm = get_perm_label(perm); const char *str_perm = get_perm_label(perm);
if (getpidcon(spid, &sctx) != 0) { if (ssid == NULL) {
ALOGE("SELinux: getpidcon(pid=%d) failed.\n", spid); android_errorWriteLog(0x534e4554, "121035042");
return false;
if (getpidcon(spid, &sctx) != 0) {
ALOGE("SELinux: getpidcon(pid=%d) failed.\n", spid);
return false;
}
} }
bool allowed = (selinux_check_access(sctx, drmserver_context, selinux_class, bool allowed = (selinux_check_access(ssid ? ssid : sctx, drmserver_context,
str_perm, NULL) == 0); selinux_class, str_perm, NULL) == 0);
freecon(sctx); freecon(sctx);
return allowed; return allowed;
@ -86,10 +90,11 @@ bool DrmManagerService::isProtectedCallAllowed(drm_perm_t perm) {
IPCThreadState* ipcState = IPCThreadState::self(); IPCThreadState* ipcState = IPCThreadState::self();
uid_t uid = ipcState->getCallingUid(); uid_t uid = ipcState->getCallingUid();
pid_t spid = ipcState->getCallingPid(); pid_t spid = ipcState->getCallingPid();
const char* ssid = ipcState->getCallingSid();
for (unsigned int i = 0; i < trustedUids.size(); ++i) { for (unsigned int i = 0; i < trustedUids.size(); ++i) {
if (trustedUids[i] == uid) { if (trustedUids[i] == uid) {
return selinuxIsProtectedCallAllowed(spid, perm); return selinuxIsProtectedCallAllowed(spid, ssid, perm);
} }
} }
return false; return false;
@ -97,7 +102,9 @@ bool DrmManagerService::isProtectedCallAllowed(drm_perm_t perm) {
void DrmManagerService::instantiate() { void DrmManagerService::instantiate() {
ALOGV("instantiate"); ALOGV("instantiate");
defaultServiceManager()->addService(String16("drm.drmManager"), new DrmManagerService()); sp<DrmManagerService> service = new DrmManagerService();
service->setRequestingSid(true);
defaultServiceManager()->addService(String16("drm.drmManager"), service);
if (0 >= trustedUids.size()) { if (0 >= trustedUids.size()) {
// TODO // TODO

2
drm/drmserver/DrmManagerService.h
Unescape View File

@ -60,7 +60,7 @@ private:
static const char *get_perm_label(drm_perm_t perm); static const char *get_perm_label(drm_perm_t perm);
static bool selinuxIsProtectedCallAllowed(pid_t spid, drm_perm_t perm); static bool selinuxIsProtectedCallAllowed(pid_t spid, const char* ssid, drm_perm_t perm);
static bool isProtectedCallAllowed(drm_perm_t perm); static bool isProtectedCallAllowed(drm_perm_t perm);

Write Preview
Loading…
Cancel
Save