diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2019-12-12 20:15:46 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2019-12-12 20:15:46 +0000 |
| commit | e45598e00d9fc373a79e5c91174bbb6c9237b657 (patch) | |
| tree | 72103940fa7164cc737c6a26fea96573deff554f /services/usb | |
| parent | 72193aeda62679fc2f83eec4def7ffe85322284c (diff) | |
| parent | 197a9ad1d3f0be4d842a167a5fc81b516ab0052a (diff) | |
Merge "Use correct calling identity during camera permission check" into qt-qpr1-dev am: 197a9ad1d3
Change-Id: Iee8e483a5ec9225d96ad8690efdcfa2d5f096567
Diffstat (limited to 'services/usb')
4 files changed, 21 insertions, 15 deletions
diff --git a/services/usb/java/com/android/server/usb/UsbHostManager.java b/services/usb/java/com/android/server/usb/UsbHostManager.java index 00c75480ba80..812237489063 100644 --- a/services/usb/java/com/android/server/usb/UsbHostManager.java +++ b/services/usb/java/com/android/server/usb/UsbHostManager.java @@ -486,7 +486,7 @@ public class UsbHostManager { /* Opens the specified USB device */ public ParcelFileDescriptor openDevice(String deviceAddress, UsbUserSettingsManager settings, - String packageName, int uid) { + String packageName, int pid, int uid) { synchronized (mLock) { if (isBlackListed(deviceAddress)) { throw new SecurityException("USB device is on a restricted bus"); @@ -498,7 +498,7 @@ public class UsbHostManager { "device " + deviceAddress + " does not exist or is restricted"); } - settings.checkPermission(device, packageName, uid); + settings.checkPermission(device, packageName, pid, uid); return nativeOpenDevice(deviceAddress); } } diff --git a/services/usb/java/com/android/server/usb/UsbSerialReader.java b/services/usb/java/com/android/server/usb/UsbSerialReader.java index 8ca77f0c63dc..077d6b9bd62d 100644 --- a/services/usb/java/com/android/server/usb/UsbSerialReader.java +++ b/services/usb/java/com/android/server/usb/UsbSerialReader.java @@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub { UserHandle.getUserId(uid)); if (mDevice instanceof UsbDevice) { - settings.checkPermission((UsbDevice) mDevice, packageName, uid); + settings.checkPermission((UsbDevice) mDevice, packageName, pid, uid); } else { settings.checkPermission((UsbAccessory) mDevice, uid); } diff --git a/services/usb/java/com/android/server/usb/UsbService.java b/services/usb/java/com/android/server/usb/UsbService.java index 4be68b83dbcb..13275f34ee1a 100644 --- a/services/usb/java/com/android/server/usb/UsbService.java +++ b/services/usb/java/com/android/server/usb/UsbService.java @@ -249,6 +249,7 @@ public class UsbService extends IUsbManager.Stub { if (mHostManager != null) { if (deviceName != null) { int uid = Binder.getCallingUid(); + int pid = Binder.getCallingPid(); int user = UserHandle.getUserId(uid); long ident = clearCallingIdentity(); @@ -256,7 +257,7 @@ public class UsbService extends IUsbManager.Stub { synchronized (mLock) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { fd = mHostManager.openDevice(deviceName, getSettingsForUser(user), - packageName, uid); + packageName, pid, uid); } else { Slog.w(TAG, "Cannot open " + deviceName + " for user " + user + " as user is not active."); @@ -350,11 +351,12 @@ public class UsbService extends IUsbManager.Stub { @Override public boolean hasDevicePermission(UsbDevice device, String packageName) { final int uid = Binder.getCallingUid(); + final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); try { - return getSettingsForUser(userId).hasPermission(device, packageName, uid); + return getSettingsForUser(userId).hasPermission(device, packageName, pid, uid); } finally { Binder.restoreCallingIdentity(token); } @@ -376,11 +378,12 @@ public class UsbService extends IUsbManager.Stub { @Override public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { final int uid = Binder.getCallingUid(); + final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); try { - getSettingsForUser(userId).requestPermission(device, packageName, pi, uid); + getSettingsForUser(userId).requestPermission(device, packageName, pi, pid, uid); } finally { Binder.restoreCallingIdentity(token); } diff --git a/services/usb/java/com/android/server/usb/UsbUserSettingsManager.java b/services/usb/java/com/android/server/usb/UsbUserSettingsManager.java index 84add88cc84c..e1bfb8a7c6d0 100644 --- a/services/usb/java/com/android/server/usb/UsbUserSettingsManager.java +++ b/services/usb/java/com/android/server/usb/UsbUserSettingsManager.java @@ -127,11 +127,12 @@ class UsbUserSettingsManager { * Check for camera permission of the calling process. * * @param packageName Package name of the caller. + * @param pid Linux pid of the calling process. * @param uid Linux uid of the calling process. * * @return True in case camera permission is available, False otherwise. */ - private boolean isCameraPermissionGranted(String packageName, int uid) { + private boolean isCameraPermissionGranted(String packageName, int pid, int uid) { int targetSdkVersion = android.os.Build.VERSION_CODES.P; try { ApplicationInfo aInfo = mPackageManager.getApplicationInfo(packageName, 0); @@ -147,7 +148,8 @@ class UsbUserSettingsManager { } if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { - int allowed = mUserContext.checkCallingPermission(android.Manifest.permission.CAMERA); + int allowed = mUserContext.checkPermission(android.Manifest.permission.CAMERA, pid, + uid); if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { Slog.i(TAG, "Camera permission required for USB video class devices"); return false; @@ -157,9 +159,9 @@ class UsbUserSettingsManager { return true; } - public boolean hasPermission(UsbDevice device, String packageName, int uid) { + public boolean hasPermission(UsbDevice device, String packageName, int pid, int uid) { if (isCameraDevicePresent(device)) { - if (!isCameraPermissionGranted(packageName, uid)) { + if (!isCameraPermissionGranted(packageName, pid, uid)) { return false; } } @@ -171,8 +173,8 @@ class UsbUserSettingsManager { return mUsbPermissionManager.hasPermission(accessory, uid); } - public void checkPermission(UsbDevice device, String packageName, int uid) { - if (!hasPermission(device, packageName, uid)) { + public void checkPermission(UsbDevice device, String packageName, int pid, int uid) { + if (!hasPermission(device, packageName, pid, uid)) { throw new SecurityException("User has not given " + uid + "/" + packageName + " permission to access device " + device.getDeviceName()); } @@ -206,11 +208,12 @@ class UsbUserSettingsManager { accessory, canBeDefault, packageName, uid, mUserContext, pi); } - public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) { + public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid, + int uid) { Intent intent = new Intent(); // respond immediately if permission has already been granted - if (hasPermission(device, packageName, uid)) { + if (hasPermission(device, packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); try { @@ -221,7 +224,7 @@ class UsbUserSettingsManager { return; } if (isCameraDevicePresent(device)) { - if (!isCameraPermissionGranted(packageName, uid)) { + if (!isCameraPermissionGranted(packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); try { |