audioflinger: Pass pid of process creating track or opening record
AudioFlinger allocates a Client heap for each unique pid.
If two applications use mediaplayer APIs, the same Client heap
is reused as the pid used is not the application pid but that
of mediaserver. With this change, the pid of the application
pid is used to decide the heap to be used.
Bug: 23525542
Bug: 28772898
Change-Id: I31a695b0b321eff6e2aca80c3bc4aeb3e1cd9ac7
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index 2b0d4c8..0e61e76 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -571,6 +571,7 @@
IAudioFlinger::track_flags_t *flags,
const sp<IMemory>& sharedBuffer,
audio_io_handle_t output,
+ pid_t pid,
pid_t tid,
audio_session_t *sessionId,
int clientUid,
@@ -582,6 +583,15 @@
status_t lStatus;
audio_session_t lSessionId;
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (pid == -1 || !isTrustedCallingUid(callingUid)) {
+ const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ ALOGW_IF(pid != -1 && pid != callingPid,
+ "%s uid %d pid %d tried to pass itself off as pid %d",
+ __func__, callingUid, callingPid, pid);
+ pid = callingPid;
+ }
+
// client AudioTrack::set already implements AUDIO_STREAM_DEFAULT => AUDIO_STREAM_MUSIC,
// but if someone uses binder directly they could bypass that and cause us to crash
if (uint32_t(streamType) >= AUDIO_STREAM_CNT) {
@@ -626,7 +636,6 @@
goto Exit;
}
- pid_t pid = IPCThreadState::self()->getCallingPid();
client = registerPid(pid);
PlaybackThread *effectThread = NULL;
@@ -1447,6 +1456,7 @@
const String16& opPackageName,
size_t *frameCount,
IAudioFlinger::track_flags_t *flags,
+ pid_t pid,
pid_t tid,
int clientUid,
audio_session_t *sessionId,
@@ -1464,11 +1474,21 @@
cblk.clear();
buffers.clear();
+ bool updatePid = (pid == -1);
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
if (!isTrustedCallingUid(callingUid)) {
ALOGW_IF((uid_t)clientUid != callingUid,
"%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, clientUid);
clientUid = callingUid;
+ updatePid = true;
+ }
+
+ if (updatePid) {
+ const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ ALOGW_IF(pid != -1 && pid != callingPid,
+ "%s uid %d pid %d tried to pass itself off as pid %d",
+ __func__, callingUid, callingPid, pid);
+ pid = callingPid;
}
// check calling permissions
@@ -1508,7 +1528,6 @@
goto Exit;
}
- pid_t pid = IPCThreadState::self()->getCallingPid();
client = registerPid(pid);
if (sessionId != NULL && *sessionId != AUDIO_SESSION_ALLOCATE) {
diff --git a/services/audioflinger/AudioFlinger.h b/services/audioflinger/AudioFlinger.h
index 96d38d0..59ad688 100644
--- a/services/audioflinger/AudioFlinger.h
+++ b/services/audioflinger/AudioFlinger.h
@@ -107,6 +107,7 @@
IAudioFlinger::track_flags_t *flags,
const sp<IMemory>& sharedBuffer,
audio_io_handle_t output,
+ pid_t pid,
pid_t tid,
audio_session_t *sessionId,
int clientUid,
@@ -120,6 +121,7 @@
const String16& opPackageName,
size_t *pFrameCount,
IAudioFlinger::track_flags_t *flags,
+ pid_t pid,
pid_t tid,
int clientUid,
audio_session_t *sessionId,