Merge "audioflinger: Pass pid of process creating track or opening record" into nyc-dev
diff --git a/include/media/IAudioFlinger.h b/include/media/IAudioFlinger.h
index 1ade4ba..984bc02 100644
--- a/include/media/IAudioFlinger.h
+++ b/include/media/IAudioFlinger.h
@@ -73,6 +73,7 @@
// reference and will release it when the track is destroyed.
// However on failure, the client is responsible for release.
audio_io_handle_t output,
+ pid_t pid,
pid_t tid, // -1 means unused, otherwise must be valid non-0
audio_session_t *sessionId,
int clientUid,
@@ -89,6 +90,7 @@
const String16& callingPackage,
size_t *pFrameCount,
track_flags_t *flags,
+ pid_t pid,
pid_t tid, // -1 means unused, otherwise must be valid non-0
int clientUid,
audio_session_t *sessionId,
diff --git a/media/libmedia/AudioRecord.cpp b/media/libmedia/AudioRecord.cpp
index 2976a5c..343bf1a 100644
--- a/media/libmedia/AudioRecord.cpp
+++ b/media/libmedia/AudioRecord.cpp
@@ -615,6 +615,7 @@
opPackageName,
&temp,
&trackFlags,
+ mClientPid,
tid,
mClientUid,
&mSessionId,
diff --git a/media/libmedia/AudioTrack.cpp b/media/libmedia/AudioTrack.cpp
index 22a5acd..f206f5c 100644
--- a/media/libmedia/AudioTrack.cpp
+++ b/media/libmedia/AudioTrack.cpp
@@ -1401,6 +1401,7 @@
&trackFlags,
mSharedBuffer,
output,
+ mClientPid,
tid,
&mSessionId,
mClientUid,
diff --git a/media/libmedia/IAudioFlinger.cpp b/media/libmedia/IAudioFlinger.cpp
index aa75188..92e65e4 100644
--- a/media/libmedia/IAudioFlinger.cpp
+++ b/media/libmedia/IAudioFlinger.cpp
@@ -104,6 +104,7 @@
track_flags_t *flags,
const sp<IMemory>& sharedBuffer,
audio_io_handle_t output,
+ pid_t pid,
pid_t tid,
audio_session_t *sessionId,
int clientUid,
@@ -128,6 +129,7 @@
data.writeInt32(false);
}
data.writeInt32((int32_t) output);
+ data.writeInt32((int32_t) pid);
data.writeInt32((int32_t) tid);
audio_session_t lSessionId = AUDIO_SESSION_ALLOCATE;
if (sessionId != NULL) {
@@ -179,6 +181,7 @@
const String16& opPackageName,
size_t *pFrameCount,
track_flags_t *flags,
+ pid_t pid,
pid_t tid,
int clientUid,
audio_session_t *sessionId,
@@ -199,6 +202,7 @@
data.writeInt64(frameCount);
track_flags_t lFlags = flags != NULL ? *flags : (track_flags_t) TRACK_DEFAULT;
data.writeInt32(lFlags);
+ data.writeInt32((int32_t) pid);
data.writeInt32((int32_t) tid);
data.writeInt32((int32_t) clientUid);
audio_session_t lSessionId = AUDIO_SESSION_ALLOCATE;
@@ -950,6 +954,7 @@
buffer = interface_cast<IMemory>(data.readStrongBinder());
}
audio_io_handle_t output = (audio_io_handle_t) data.readInt32();
+ pid_t pid = (pid_t) data.readInt32();
pid_t tid = (pid_t) data.readInt32();
audio_session_t sessionId = (audio_session_t) data.readInt32();
int clientUid = data.readInt32();
@@ -962,7 +967,7 @@
} else {
track = createTrack(
(audio_stream_type_t) streamType, sampleRate, format,
- channelMask, &frameCount, &flags, buffer, output, tid,
+ channelMask, &frameCount, &flags, buffer, output, pid, tid,
&sessionId, clientUid, &status);
LOG_ALWAYS_FATAL_IF((track != 0) != (status == NO_ERROR));
}
@@ -982,6 +987,7 @@
const String16& opPackageName = data.readString16();
size_t frameCount = data.readInt64();
track_flags_t flags = (track_flags_t) data.readInt32();
+ pid_t pid = (pid_t) data.readInt32();
pid_t tid = (pid_t) data.readInt32();
int clientUid = data.readInt32();
audio_session_t sessionId = (audio_session_t) data.readInt32();
@@ -990,8 +996,9 @@
sp<IMemory> buffers;
status_t status = NO_ERROR;
sp<IAudioRecord> record = openRecord(input,
- sampleRate, format, channelMask, opPackageName, &frameCount, &flags, tid,
- clientUid, &sessionId, ¬ificationFrames, cblk, buffers, &status);
+ sampleRate, format, channelMask, opPackageName, &frameCount, &flags,
+ pid, tid, clientUid, &sessionId, ¬ificationFrames, cblk, buffers,
+ &status);
LOG_ALWAYS_FATAL_IF((record != 0) != (status == NO_ERROR));
reply->writeInt64(frameCount);
reply->writeInt32(flags);
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index 2b0d4c8..0e61e76 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -571,6 +571,7 @@
IAudioFlinger::track_flags_t *flags,
const sp<IMemory>& sharedBuffer,
audio_io_handle_t output,
+ pid_t pid,
pid_t tid,
audio_session_t *sessionId,
int clientUid,
@@ -582,6 +583,15 @@
status_t lStatus;
audio_session_t lSessionId;
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (pid == -1 || !isTrustedCallingUid(callingUid)) {
+ const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ ALOGW_IF(pid != -1 && pid != callingPid,
+ "%s uid %d pid %d tried to pass itself off as pid %d",
+ __func__, callingUid, callingPid, pid);
+ pid = callingPid;
+ }
+
// client AudioTrack::set already implements AUDIO_STREAM_DEFAULT => AUDIO_STREAM_MUSIC,
// but if someone uses binder directly they could bypass that and cause us to crash
if (uint32_t(streamType) >= AUDIO_STREAM_CNT) {
@@ -626,7 +636,6 @@
goto Exit;
}
- pid_t pid = IPCThreadState::self()->getCallingPid();
client = registerPid(pid);
PlaybackThread *effectThread = NULL;
@@ -1447,6 +1456,7 @@
const String16& opPackageName,
size_t *frameCount,
IAudioFlinger::track_flags_t *flags,
+ pid_t pid,
pid_t tid,
int clientUid,
audio_session_t *sessionId,
@@ -1464,11 +1474,21 @@
cblk.clear();
buffers.clear();
+ bool updatePid = (pid == -1);
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
if (!isTrustedCallingUid(callingUid)) {
ALOGW_IF((uid_t)clientUid != callingUid,
"%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, clientUid);
clientUid = callingUid;
+ updatePid = true;
+ }
+
+ if (updatePid) {
+ const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ ALOGW_IF(pid != -1 && pid != callingPid,
+ "%s uid %d pid %d tried to pass itself off as pid %d",
+ __func__, callingUid, callingPid, pid);
+ pid = callingPid;
}
// check calling permissions
@@ -1508,7 +1528,6 @@
goto Exit;
}
- pid_t pid = IPCThreadState::self()->getCallingPid();
client = registerPid(pid);
if (sessionId != NULL && *sessionId != AUDIO_SESSION_ALLOCATE) {
diff --git a/services/audioflinger/AudioFlinger.h b/services/audioflinger/AudioFlinger.h
index 96d38d0..59ad688 100644
--- a/services/audioflinger/AudioFlinger.h
+++ b/services/audioflinger/AudioFlinger.h
@@ -107,6 +107,7 @@
IAudioFlinger::track_flags_t *flags,
const sp<IMemory>& sharedBuffer,
audio_io_handle_t output,
+ pid_t pid,
pid_t tid,
audio_session_t *sessionId,
int clientUid,
@@ -120,6 +121,7 @@
const String16& opPackageName,
size_t *pFrameCount,
IAudioFlinger::track_flags_t *flags,
+ pid_t pid,
pid_t tid,
int clientUid,
audio_session_t *sessionId,