Transcoding service: Check client DUMP permission
Fixes android.security.cts.ServicePermissionsTest#testDumpProtected test
by verifying the client's DUMP permission before dumping internal state.
Test: android.security.cts.ServicePermissionsTest#testDumpProtected
Test: Transcoding service unit test
Fixes: 161457160
Change-Id: I26dfe46d8cecb4eedca77d8b4047a526cb875930
diff --git a/services/mediatranscoding/Android.bp b/services/mediatranscoding/Android.bp
index bfcf01f..2dbcf5a 100644
--- a/services/mediatranscoding/Android.bp
+++ b/services/mediatranscoding/Android.bp
@@ -9,6 +9,7 @@
shared_libs: [
"libbase",
+ "libbinder",
"libbinder_ndk",
"libcutils",
"liblog",
diff --git a/services/mediatranscoding/MediaTranscodingService.cpp b/services/mediatranscoding/MediaTranscodingService.cpp
index b0ea0db..6ae630f 100644
--- a/services/mediatranscoding/MediaTranscodingService.cpp
+++ b/services/mediatranscoding/MediaTranscodingService.cpp
@@ -20,6 +20,7 @@
#include <android/binder_manager.h>
#include <android/binder_process.h>
+#include <binder/IServiceManager.h>
#include <cutils/properties.h>
#include <media/TranscoderWrapper.h>
#include <media/TranscodingClientManager.h>
@@ -69,6 +70,16 @@
binder_status_t MediaTranscodingService::dump(int fd, const char** /*args*/, uint32_t /*numArgs*/) {
String8 result;
+
+ if (checkCallingPermission(String16("android.permission.DUMP")) == false) {
+ result.format(
+ "Permission Denial: "
+ "can't dump MediaTranscodingService from pid=%d, uid=%d\n",
+ AIBinder_getCallingPid(), AIBinder_getCallingUid());
+ write(fd, result.string(), result.size());
+ return PERMISSION_DENIED;
+ }
+
const size_t SIZE = 256;
char buffer[SIZE];