audio: filter reserved binder calls
Block incoming binder calls to audio flinger and audio policy service
for sensitive functions if they are not coming from a system UID.
Bug: 72278478
Test: audio smoke tests. CTS tests for AudioTrack and AudioRecord
Change-Id: I78e02efffe135d5450ced125e51e2084719ca03d
diff --git a/media/libaudioclient/IAudioFlinger.cpp b/media/libaudioclient/IAudioFlinger.cpp
index ae9c96f..f234e47 100644
--- a/media/libaudioclient/IAudioFlinger.cpp
+++ b/media/libaudioclient/IAudioFlinger.cpp
@@ -24,6 +24,7 @@
#include <binder/IPCThreadState.h>
#include <binder/Parcel.h>
+#include <private/android_filesystem_config.h>
#include "IAudioFlinger.h"
@@ -881,6 +882,24 @@
break;
}
+ // make sure the following transactions come from system components
+ switch (code) {
+ case SET_MASTER_VOLUME:
+ case SET_MASTER_MUTE:
+ case SET_MODE:
+ case SET_MIC_MUTE:
+ case SET_LOW_RAM_DEVICE:
+ case SYSTEM_READY:
+ if (IPCThreadState::self()->getCallingUid() >= AID_APP_START) {
+ ALOGW("%s: transaction %d received from PID %d unauthorized UID %d",
+ __func__, code, IPCThreadState::self()->getCallingPid(),
+ IPCThreadState::self()->getCallingUid());
+ return INVALID_OPERATION;
+ }
+ default:
+ break;
+ }
+
// Whitelist of relevant events to trigger log merging.
// Log merging should activate during audio activity of any kind. This are considered the
// most relevant events.