From: Corey Tabaka Date: Fri, 30 Jun 2017 18:27:57 +0000 (-0700) Subject: Make default permission checks in performance service more restrictive. X-Git-Tag: android-x86-8.1-r1~35^2^2~39^2 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=94055ca2247505b531dd3d08577fb1d0dae1ad9e;p=android-x86%2Fframeworks-native.git Make default permission checks in performance service more restrictive. - Check sending process in unrestricted policies. - Allow IsTrustedUid() to cache results for better runtime efficiency. - Update tests to verify unrestricted policy behavior. Bug: 62468109 Test: performance_service_tests passes. Change-Id: I0614879c8bde35ffeda2f673a3da68092433dc1a --- diff --git a/services/vr/performanced/performance_service.cpp b/services/vr/performanced/performance_service.cpp index 3f7009a76b..4b9fbe047d 100644 --- a/services/vr/performanced/performance_service.cpp +++ b/services/vr/performanced/performance_service.cpp @@ -63,7 +63,7 @@ struct GroupId { // Returns true if the sender's euid is trusted according to VR manager service. struct Trusted { static bool Check(const Message& sender, const Task&) { - return IsTrustedUid(sender.GetEffectiveUserId(), false); + return IsTrustedUid(sender.GetEffectiveUserId()); } }; diff --git a/services/vr/performanced/performance_service.h b/services/vr/performanced/performance_service.h index b8125356ac..b28d94addb 100644 --- a/services/vr/performanced/performance_service.h +++ b/services/vr/performanced/performance_service.h @@ -53,10 +53,13 @@ class PerformanceService : public pdx::ServiceBase { permission_check; // Check the permisison of the given task to use this scheduler class. If a - // permission check function is not set then all tasks are allowed. - bool IsAllowed(const pdx::Message& message, const Task& task) const { + // permission check function is not set then operations are only allowed on + // tasks in the sender's process. + bool IsAllowed(const pdx::Message& sender, const Task& task) const { if (permission_check) - return permission_check(message, task); + return permission_check(sender, task); + else if (!task || task.thread_group_id() != sender.GetProcessId()) + return false; else return true; } diff --git a/services/vr/performanced/performance_service_tests.cpp b/services/vr/performanced/performance_service_tests.cpp index 7de1f082aa..274a1b36d4 100644 --- a/services/vr/performanced/performance_service_tests.cpp +++ b/services/vr/performanced/performance_service_tests.cpp @@ -183,6 +183,17 @@ TEST(PerformanceTest, Permissions) { ASSERT_EQ(AID_ROOT, original_uid) << "This test must run as root to function correctly!"; + // Test unprivileged policies on a task that does not belong to this process. + // Use the init process (task_id=1) as the target. + error = dvrSetSchedulerPolicy(1, "batch"); + EXPECT_EQ(-EINVAL, error); + error = dvrSetSchedulerPolicy(1, "background"); + EXPECT_EQ(-EINVAL, error); + error = dvrSetSchedulerPolicy(1, "foreground"); + EXPECT_EQ(-EINVAL, error); + error = dvrSetSchedulerPolicy(1, "normal"); + EXPECT_EQ(-EINVAL, error); + // Switch the uid/gid to an id that should not have permission to access any // privileged actions. ASSERT_EQ(0, setresgid(AID_NOBODY, AID_NOBODY, -1))