BQ: Add permission check to BufferQueueConsumer::dump

author Pablo Ceballos <pceballos@google.com>

Fri, 12 Feb 2016 02:01:49 +0000 (18:01 -0800)

committer The Android Automerger <android-build@google.com>

Sat, 27 Feb 2016 00:56:14 +0000 (16:56 -0800)
author Pablo Ceballos <pceballos@google.com>
Fri, 12 Feb 2016 02:01:49 +0000 (18:01 -0800)
committer The Android Automerger <android-build@google.com>
Sat, 27 Feb 2016 00:56:14 +0000 (16:56 -0800)
diff --git a/libs/gui/BufferQueueConsumer.cpp b/libs/gui/BufferQueueConsumer.cpp

index bb3e1b0..158eeb4 100644 (file)
--- a/libs/gui/BufferQueueConsumer.cpp
+++ b/libs/gui/BufferQueueConsumer.cpp
@@ -26,6 +26,10 @@
  #include <gui/IConsumerListener.h>
  #include <gui/IProducerListener.h>
  
+#include <binder/IPCThreadState.h>
+#include <binder/PermissionCache.h>
+#include <private/android_filesystem_config.h>
+
  namespace android {
  
  BufferQueueConsumer::BufferQueueConsumer(const sp<BufferQueueCore>& core) :
@@ -572,7 +576,17 @@ sp<NativeHandle> BufferQueueConsumer::getSidebandStream() const {
  }
  
  void BufferQueueConsumer::dump(String8& result, const char* prefix) const {
-    mCore->dump(result, prefix);
+    const IPCThreadState* ipc = IPCThreadState::self();
+    const pid_t pid = ipc->getCallingPid();
+    const uid_t uid = ipc->getCallingUid();
+    if ((uid != AID_SHELL)
+            && !PermissionCache::checkPermission(String16(
+            "android.permission.DUMP"), pid, uid)) {
+        result.appendFormat("Permission Denial: can't dump BufferQueueConsumer "
+                "from pid=%d, uid=%d\n", pid, uid);
+    } else {
+        mCore->dump(result, prefix);
+    }
  }
  
  } // namespace android
author	Pablo Ceballos <pceballos@google.com>
	Fri, 12 Feb 2016 02:01:49 +0000 (18:01 -0800)
committer	The Android Automerger <android-build@google.com>
	Sat, 27 Feb 2016 00:56:14 +0000 (16:56 -0800)