mediaresourcemanager: verify the input calling pid
Bug: 26830615
Change-Id: I2e9c579b3bdd86a90b08fa161206d32527390bb5
diff --git a/include/media/stagefright/ProcessInfo.h b/include/media/stagefright/ProcessInfo.h
index ec0cdff..0be1a52 100644
--- a/include/media/stagefright/ProcessInfo.h
+++ b/include/media/stagefright/ProcessInfo.h
@@ -27,6 +27,7 @@
ProcessInfo();
virtual bool getPriority(int pid, int* priority);
+ virtual bool isValidPid(int pid);
protected:
virtual ~ProcessInfo();
diff --git a/include/media/stagefright/ProcessInfoInterface.h b/include/media/stagefright/ProcessInfoInterface.h
index 222f92d..b39112a 100644
--- a/include/media/stagefright/ProcessInfoInterface.h
+++ b/include/media/stagefright/ProcessInfoInterface.h
@@ -23,6 +23,7 @@
struct ProcessInfoInterface : public RefBase {
virtual bool getPriority(int pid, int* priority) = 0;
+ virtual bool isValidPid(int pid) = 0;
protected:
virtual ~ProcessInfoInterface() {}
diff --git a/media/libmediaplayerservice/tests/DrmSessionManager_test.cpp b/media/libmediaplayerservice/tests/DrmSessionManager_test.cpp
index de350a1..ef4c833 100644
--- a/media/libmediaplayerservice/tests/DrmSessionManager_test.cpp
+++ b/media/libmediaplayerservice/tests/DrmSessionManager_test.cpp
@@ -39,6 +39,10 @@
return true;
}
+ virtual bool isValidPid(int /* pid */) {
+ return true;
+ }
+
private:
DISALLOW_EVIL_CONSTRUCTORS(FakeProcessInfo);
};
diff --git a/media/libstagefright/ProcessInfo.cpp b/media/libstagefright/ProcessInfo.cpp
index 353f108..27f1a79 100644
--- a/media/libstagefright/ProcessInfo.cpp
+++ b/media/libstagefright/ProcessInfo.cpp
@@ -20,6 +20,7 @@
#include <media/stagefright/ProcessInfo.h>
+#include <binder/IPCThreadState.h>
#include <binder/IProcessInfoService.h>
#include <binder/IServiceManager.h>
@@ -52,6 +53,12 @@
return true;
}
+bool ProcessInfo::isValidPid(int pid) {
+ int callingPid = IPCThreadState::self()->getCallingPid();
+ // Trust it if this is called from the same process otherwise pid has to match the calling pid.
+ return (callingPid == getpid()) || (callingPid == pid);
+}
+
ProcessInfo::~ProcessInfo() {}
} // namespace android
diff --git a/services/mediaresourcemanager/ResourceManagerService.cpp b/services/mediaresourcemanager/ResourceManagerService.cpp
index 4f99860..3d4e0b5 100644
--- a/services/mediaresourcemanager/ResourceManagerService.cpp
+++ b/services/mediaresourcemanager/ResourceManagerService.cpp
@@ -206,6 +206,10 @@
mServiceLog->add(log);
Mutex::Autolock lock(mLock);
+ if (!mProcessInfo->isValidPid(pid)) {
+ ALOGE("Rejected addResource call with invalid pid.");
+ return;
+ }
ResourceInfos& infos = getResourceInfosForEdit(pid, mMap);
ResourceInfo& info = getResourceInfoForEdit(clientId, client, infos);
// TODO: do the merge instead of append.
@@ -220,6 +224,10 @@
mServiceLog->add(log);
Mutex::Autolock lock(mLock);
+ if (!mProcessInfo->isValidPid(pid)) {
+ ALOGE("Rejected removeResource call with invalid pid.");
+ return;
+ }
ssize_t index = mMap.indexOfKey(pid);
if (index < 0) {
ALOGV("removeResource: didn't find pid %d for clientId %lld", pid, (long long) clientId);
@@ -259,6 +267,10 @@
Vector<sp<IResourceManagerClient>> clients;
{
Mutex::Autolock lock(mLock);
+ if (!mProcessInfo->isValidPid(callingPid)) {
+ ALOGE("Rejected reclaimResource call with invalid callingPid.");
+ return false;
+ }
const MediaResource *secureCodec = NULL;
const MediaResource *nonSecureCodec = NULL;
const MediaResource *graphicMemory = NULL;
diff --git a/services/mediaresourcemanager/test/ResourceManagerService_test.cpp b/services/mediaresourcemanager/test/ResourceManagerService_test.cpp
index df49ddc..cffedc6 100644
--- a/services/mediaresourcemanager/test/ResourceManagerService_test.cpp
+++ b/services/mediaresourcemanager/test/ResourceManagerService_test.cpp
@@ -44,6 +44,10 @@
return true;
}
+ virtual bool isValidPid(int /* pid */) {
+ return true;
+ }
+
private:
DISALLOW_EVIL_CONSTRUCTORS(TestProcessInfo);
};