From 38f1da3889188fb3beeaf7fdfeb92b4444c9fb4b Mon Sep 17 00:00:00 2001 From: Eino-Ville Talvala Date: Wed, 13 Jan 2016 10:07:04 -0800 Subject: Camera: Disallow dumping clients directly Camera service dumps should only be initiated through ICameraService::dump. Bug: 26265403 Change-Id: If3ca4718ed74bf33ad8a416192689203029e2803 --- services/camera/libcameraservice/CameraService.cpp | 10 +++++++++- services/camera/libcameraservice/CameraService.h | 8 +++++++- services/camera/libcameraservice/api1/Camera2Client.cpp | 4 ++++ services/camera/libcameraservice/api1/Camera2Client.h | 2 ++ services/camera/libcameraservice/api1/CameraClient.cpp | 4 ++++ services/camera/libcameraservice/api1/CameraClient.h | 4 +++- services/camera/libcameraservice/api2/CameraDeviceClient.cpp | 5 ++++- services/camera/libcameraservice/api2/CameraDeviceClient.h | 2 ++ services/camera/libcameraservice/common/Camera2ClientBase.cpp | 2 +- services/camera/libcameraservice/common/Camera2ClientBase.h | 2 +- 10 files changed, 37 insertions(+), 6 deletions(-) (limited to 'services') diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp index 3deb396..7c4594f 100644 --- a/services/camera/libcameraservice/CameraService.cpp +++ b/services/camera/libcameraservice/CameraService.cpp @@ -1944,6 +1944,14 @@ void CameraService::BasicClient::disconnect() { mClientPid = 0; } +status_t CameraService::BasicClient::dump(int, const Vector&) { + // No dumping of clients directly over Binder, + // must go through CameraService::dump + android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403", + IPCThreadState::self()->getCallingUid(), NULL, 0); + return OK; +} + String16 CameraService::BasicClient::getPackageName() const { return mClientPackageName; } @@ -2396,7 +2404,7 @@ status_t CameraService::dump(int fd, const Vector& args) { String8(client->getPackageName()).string()); write(fd, result.string(), result.size()); - client->dump(fd, args); + client->dumpClient(fd, args); } if (stateLocked) mCameraStatesLock.unlock(); diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h index 4b0eeb7..d2c1bd3 100644 --- a/services/camera/libcameraservice/CameraService.h +++ b/services/camera/libcameraservice/CameraService.h @@ -87,6 +87,9 @@ public: // Default number of messages to store in eviction log static const size_t DEFAULT_EVENT_LOG_LENGTH = 100; + // Event log ID + static const int SN_EVENT_LOG_ID = 0x534e4554; + // Implementation of BinderService static char const* getServiceName() { return "media.camera"; } @@ -201,7 +204,10 @@ public: return mRemoteBinder; } - virtual status_t dump(int fd, const Vector& args) = 0; + // Disallows dumping over binder interface + virtual status_t dump(int fd, const Vector& args); + // Internal dump method to be called by CameraService + virtual status_t dumpClient(int fd, const Vector& args) = 0; // Return the package name for this client virtual String16 getPackageName() const; diff --git a/services/camera/libcameraservice/api1/Camera2Client.cpp b/services/camera/libcameraservice/api1/Camera2Client.cpp index 4338d64..fbd4034 100644 --- a/services/camera/libcameraservice/api1/Camera2Client.cpp +++ b/services/camera/libcameraservice/api1/Camera2Client.cpp @@ -163,6 +163,10 @@ Camera2Client::~Camera2Client() { } status_t Camera2Client::dump(int fd, const Vector& args) { + return BasicClient::dump(fd, args); +} + +status_t Camera2Client::dumpClient(int fd, const Vector& args) { String8 result; result.appendFormat("Client2[%d] (%p) PID: %d, dump:\n", mCameraId, (getRemoteCallback() != NULL ? diff --git a/services/camera/libcameraservice/api1/Camera2Client.h b/services/camera/libcameraservice/api1/Camera2Client.h index d50bf63..7e7a284 100644 --- a/services/camera/libcameraservice/api1/Camera2Client.h +++ b/services/camera/libcameraservice/api1/Camera2Client.h @@ -100,6 +100,8 @@ public: virtual status_t dump(int fd, const Vector& args); + virtual status_t dumpClient(int fd, const Vector& args); + /** * Interface used by CameraDeviceBase */ diff --git a/services/camera/libcameraservice/api1/CameraClient.cpp b/services/camera/libcameraservice/api1/CameraClient.cpp index 30b462b..6020e35 100644 --- a/services/camera/libcameraservice/api1/CameraClient.cpp +++ b/services/camera/libcameraservice/api1/CameraClient.cpp @@ -108,6 +108,10 @@ CameraClient::~CameraClient() { } status_t CameraClient::dump(int fd, const Vector& args) { + return BasicClient::dump(fd, args); +} + +status_t CameraClient::dumpClient(int fd, const Vector& args) { const size_t SIZE = 256; char buffer[SIZE]; diff --git a/services/camera/libcameraservice/api1/CameraClient.h b/services/camera/libcameraservice/api1/CameraClient.h index 95616b2..17999a5 100644 --- a/services/camera/libcameraservice/api1/CameraClient.h +++ b/services/camera/libcameraservice/api1/CameraClient.h @@ -70,7 +70,9 @@ public: status_t initialize(CameraModule *module); - status_t dump(int fd, const Vector& args); + virtual status_t dump(int fd, const Vector& args); + + virtual status_t dumpClient(int fd, const Vector& args); private: diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp index 0c531c3..bd9fea3 100644 --- a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp +++ b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp @@ -787,8 +787,11 @@ status_t CameraDeviceClient::tearDown(int streamId) { return res; } - status_t CameraDeviceClient::dump(int fd, const Vector& args) { + return BasicClient::dump(fd, args); +} + +status_t CameraDeviceClient::dumpClient(int fd, const Vector& args) { String8 result; result.appendFormat("CameraDeviceClient[%d] (%p) dump:\n", mCameraId, diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.h b/services/camera/libcameraservice/api2/CameraDeviceClient.h index d1e692c..b1d1762 100644 --- a/services/camera/libcameraservice/api2/CameraDeviceClient.h +++ b/services/camera/libcameraservice/api2/CameraDeviceClient.h @@ -135,6 +135,8 @@ public: virtual status_t dump(int fd, const Vector& args); + virtual status_t dumpClient(int fd, const Vector& args); + /** * Device listener interface */ diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.cpp b/services/camera/libcameraservice/common/Camera2ClientBase.cpp index 5732f80..c7de56a 100644 --- a/services/camera/libcameraservice/common/Camera2ClientBase.cpp +++ b/services/camera/libcameraservice/common/Camera2ClientBase.cpp @@ -124,7 +124,7 @@ Camera2ClientBase::~Camera2ClientBase() { } template -status_t Camera2ClientBase::dump(int fd, +status_t Camera2ClientBase::dumpClient(int fd, const Vector& args) { String8 result; result.appendFormat("Camera2ClientBase[%d] (%p) PID: %d, dump:\n", diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.h b/services/camera/libcameraservice/common/Camera2ClientBase.h index 220c5ad..4568af0 100644 --- a/services/camera/libcameraservice/common/Camera2ClientBase.h +++ b/services/camera/libcameraservice/common/Camera2ClientBase.h @@ -57,7 +57,7 @@ public: virtual ~Camera2ClientBase(); virtual status_t initialize(CameraModule *module); - virtual status_t dump(int fd, const Vector& args); + virtual status_t dumpClient(int fd, const Vector& args); /** * CameraDeviceBase::NotificationListener implementation -- cgit v1.1