fix client pid for effects applied by audio policy
Test: Hangouts call, Play Music with and w/o effects
Change-Id: Ia9b20f94be667dd92e0497f8ef9c0dc0e95afe28
diff --git a/include/media/IAudioFlinger.h b/include/media/IAudioFlinger.h
index 638f552..8feb8c5 100644
--- a/include/media/IAudioFlinger.h
+++ b/include/media/IAudioFlinger.h
@@ -196,6 +196,7 @@
audio_io_handle_t output,
audio_session_t sessionId,
const String16& callingPackage,
+ pid_t pid,
status_t *status,
int *id,
int *enabled) = 0;
diff --git a/media/libaudioclient/AudioEffect.cpp b/media/libaudioclient/AudioEffect.cpp
index 590952f..a5f9ab6 100644
--- a/media/libaudioclient/AudioEffect.cpp
+++ b/media/libaudioclient/AudioEffect.cpp
@@ -128,9 +128,11 @@
mDescriptor.uuid = *(uuid != NULL ? uuid : EFFECT_UUID_NULL);
mIEffectClient = new EffectClient(this);
+ mClientPid = IPCThreadState::self()->getCallingPid();
iEffect = audioFlinger->createEffect((effect_descriptor_t *)&mDescriptor,
- mIEffectClient, priority, io, mSessionId, mOpPackageName, &mStatus, &mId, &enabled);
+ mIEffectClient, priority, io, mSessionId, mOpPackageName, mClientPid,
+ &mStatus, &mId, &enabled);
if (iEffect == 0 || (mStatus != NO_ERROR && mStatus != ALREADY_EXISTS)) {
ALOGE("set(): AudioFlinger could not create effect, status: %d", mStatus);
@@ -156,7 +158,6 @@
mCblk->buffer = (uint8_t *)mCblk + bufOffset;
IInterface::asBinder(iEffect)->linkToDeath(mIEffectClient);
- mClientPid = IPCThreadState::self()->getCallingPid();
ALOGV("set() %p OK effect: %s id: %d status %d enabled %d pid %d", this, mDescriptor.name, mId,
mStatus, mEnabled, mClientPid);
diff --git a/media/libaudioclient/IAudioFlinger.cpp b/media/libaudioclient/IAudioFlinger.cpp
index 65fdedb..31a18a4 100644
--- a/media/libaudioclient/IAudioFlinger.cpp
+++ b/media/libaudioclient/IAudioFlinger.cpp
@@ -716,6 +716,7 @@
audio_io_handle_t output,
audio_session_t sessionId,
const String16& opPackageName,
+ pid_t pid,
status_t *status,
int *id,
int *enabled)
@@ -737,6 +738,7 @@
data.writeInt32((int32_t) output);
data.writeInt32(sessionId);
data.writeString16(opPackageName);
+ data.writeInt32((int32_t) pid);
status_t lStatus = remote()->transact(CREATE_EFFECT, data, &reply);
if (lStatus != NO_ERROR) {
@@ -1294,12 +1296,14 @@
audio_io_handle_t output = (audio_io_handle_t) data.readInt32();
audio_session_t sessionId = (audio_session_t) data.readInt32();
const String16 opPackageName = data.readString16();
+ pid_t pid = (pid_t)data.readInt32();
+
status_t status = NO_ERROR;
int id = 0;
int enabled = 0;
sp<IEffect> effect = createEffect(&desc, client, priority, output, sessionId,
- opPackageName, &status, &id, &enabled);
+ opPackageName, pid, &status, &id, &enabled);
reply->writeInt32(status);
reply->writeInt32(id);
reply->writeInt32(enabled);
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index 0e70ad9..cf30aa9 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -2606,6 +2606,7 @@
audio_io_handle_t io,
audio_session_t sessionId,
const String16& opPackageName,
+ pid_t pid,
status_t *status,
int *id,
int *enabled)
@@ -2614,7 +2615,15 @@
sp<EffectHandle> handle;
effect_descriptor_t desc;
- pid_t pid = IPCThreadState::self()->getCallingPid();
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (pid == -1 || !isTrustedCallingUid(callingUid)) {
+ const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ ALOGW_IF(pid != -1 && pid != callingPid,
+ "%s uid %d pid %d tried to pass itself off as pid %d",
+ __func__, callingUid, callingPid, pid);
+ pid = callingPid;
+ }
+
ALOGV("createEffect pid %d, effectClient %p, priority %d, sessionId %d, io %d, factory %p",
pid, effectClient.get(), priority, sessionId, io, mEffectsFactoryHal.get());
diff --git a/services/audioflinger/AudioFlinger.h b/services/audioflinger/AudioFlinger.h
index c3bf1f9..71d6b92 100644
--- a/services/audioflinger/AudioFlinger.h
+++ b/services/audioflinger/AudioFlinger.h
@@ -224,6 +224,7 @@
audio_io_handle_t io,
audio_session_t sessionId,
const String16& opPackageName,
+ pid_t pid,
status_t *status /*non-NULL*/,
int *id,
int *enabled);
diff --git a/services/audiopolicy/service/AudioPolicyEffects.cpp b/services/audiopolicy/service/AudioPolicyEffects.cpp
index 6586bea..654465d 100644
--- a/services/audiopolicy/service/AudioPolicyEffects.cpp
+++ b/services/audiopolicy/service/AudioPolicyEffects.cpp
@@ -27,6 +27,7 @@
#include <utils/Vector.h>
#include <utils/SortedVector.h>
#include <cutils/config_utils.h>
+#include <binder/IPCThreadState.h>
#include "AudioPolicyEffects.h"
#include "ServiceUtilities.h"
@@ -105,6 +106,7 @@
ALOGV("addInputEffects(): input: %d, refCount: %d", input, sessionDesc->mRefCount);
if (sessionDesc->mRefCount == 1) {
+ int64_t token = IPCThreadState::self()->clearCallingIdentity();
Vector <EffectDesc *> effects = mInputSources.valueAt(index)->mEffects;
for (size_t i = 0; i < effects.size(); i++) {
EffectDesc *effect = effects[i];
@@ -125,6 +127,7 @@
sessionDesc->mEffects.add(fx);
}
sessionDesc->setProcessorEnabled(true);
+ IPCThreadState::self()->restoreCallingIdentity(token);
}
return status;
}
@@ -251,6 +254,8 @@
ALOGV("addOutputSessionEffects(): session: %d, refCount: %d",
audioSession, procDesc->mRefCount);
if (procDesc->mRefCount == 1) {
+ // make sure effects are associated to audio server even if we are executing a binder call
+ int64_t token = IPCThreadState::self()->clearCallingIdentity();
Vector <EffectDesc *> effects = mOutputStreams.valueAt(index)->mEffects;
for (size_t i = 0; i < effects.size(); i++) {
EffectDesc *effect = effects[i];
@@ -269,6 +274,7 @@
}
procDesc->setProcessorEnabled(true);
+ IPCThreadState::self()->restoreCallingIdentity(token);
}
return status;
}