diff options
| author | Jeff Brown <jeffbrown@google.com> | 2015-04-10 20:20:13 -0700 |
|---|---|---|
| committer | Dan Stoza <stoza@google.com> | 2015-05-28 14:19:22 -0700 |
| commit | 8b04725f1426d7543b5f38283ee53c95f071a7bc (patch) | |
| tree | 506961d9b9259357cea18597d78a1619a9578d14 /services/surfaceflinger | |
| parent | ae569747b632c2e04bddced4db969b11b5d72612 (diff) | |
| download | frameworks_native-8b04725f1426d7543b5f38283ee53c95f071a7bc.zip frameworks_native-8b04725f1426d7543b5f38283ee53c95f071a7bc.tar.gz frameworks_native-8b04725f1426d7543b5f38283ee53c95f071a7bc.tar.bz2 | |
Bypass surface flinger permission check for calls from system.
Early during the boot, before activity manager is ready to handle
permission checks, the system needs to be able to change the display
state. Added a hardcoded exemption for AID_SYSTEM (which already
has permission to talk to surface flinger anyhow).
Bug: 19029490
Change-Id: I6222edcab8e394e5fb6adf7a982be446e4505a1e
(cherry picked from commit 3bfe51d7901e99e7f122f76ed2708e2b67b71cf9)
Diffstat (limited to 'services/surfaceflinger')
| -rw-r--r-- | services/surfaceflinger/Client.cpp | 2 | ||||
| -rw-r--r-- | services/surfaceflinger/SurfaceFlinger.cpp | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/services/surfaceflinger/Client.cpp b/services/surfaceflinger/Client.cpp index f7d32d0..49389e0 100644 --- a/services/surfaceflinger/Client.cpp +++ b/services/surfaceflinger/Client.cpp @@ -93,7 +93,7 @@ status_t Client::onTransact( const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); const int self_pid = getpid(); - if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != 0)) { + if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0)) { // we're called from a different process, do the real check if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger)) { diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp index b6131b5..4f19646 100644 --- a/services/surfaceflinger/SurfaceFlinger.cpp +++ b/services/surfaceflinger/SurfaceFlinger.cpp @@ -2807,7 +2807,7 @@ status_t SurfaceFlinger::onTransact( IPCThreadState* ipc = IPCThreadState::self(); const int pid = ipc->getCallingPid(); const int uid = ipc->getCallingUid(); - if ((uid != AID_GRAPHICS) && + if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) && !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) { ALOGE("Permission Denial: " "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid); |