1 /*
2  * Copyright (C) 2010 The Android Open Source Project
3  * Copyright (C) 2012-2014, The Linux Foundation. All rights reserved.
4  *
5  * Not a Contribution, Apache license notifications and license are
6  * retained for attribution purposes only.
7 
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  *      http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 
21 #include <fcntl.h>
22 #include <stdint.h>
23 #include <sys/types.h>
24 #include <binder/Parcel.h>
25 #include <binder/IBinder.h>
26 #include <binder/IInterface.h>
27 #include <binder/IPCThreadState.h>
28 #include <utils/Errors.h>
29 #include <private/android_filesystem_config.h>
30 #include <IQService.h>
31 
32 #define QSERVICE_DEBUG 0
33 
34 using namespace android;
35 using namespace qClient;
36 
37 // ---------------------------------------------------------------------------
38 
39 namespace qService {
40 
41 class BpQService : public BpInterface<IQService>
42 {
43 public:
BpQService(const sp<IBinder> & impl)44     BpQService(const sp<IBinder>& impl)
45         : BpInterface<IQService>(impl) {}
46 
connect(const sp<IQClient> & client)47     virtual void connect(const sp<IQClient>& client) {
48         ALOGD_IF(QSERVICE_DEBUG, "%s: connect client", __FUNCTION__);
49         Parcel data, reply;
50         data.writeInterfaceToken(IQService::getInterfaceDescriptor());
51         data.writeStrongBinder(IInterface::asBinder(client));
52         remote()->transact(CONNECT, data, &reply);
53     }
54 
dispatch(uint32_t command,const Parcel * inParcel,Parcel * outParcel)55     virtual android::status_t dispatch(uint32_t command, const Parcel* inParcel,
56             Parcel* outParcel) {
57         ALOGD_IF(QSERVICE_DEBUG, "%s: dispatch in:%p", __FUNCTION__, inParcel);
58         status_t err = (status_t) android::FAILED_TRANSACTION;
59         Parcel data;
60         Parcel *reply = outParcel;
61         data.writeInterfaceToken(IQService::getInterfaceDescriptor());
62         if (inParcel && inParcel->dataSize() > 0)
63             data.appendFrom(inParcel, 0, inParcel->dataSize());
64         err = remote()->transact(command, data, reply);
65         return err;
66     }
67 };
68 
69 IMPLEMENT_META_INTERFACE(QService, "android.display.IQService");
70 
71 // ----------------------------------------------------------------------
72 
73 static void getProcName(int pid, char *buf, int size);
74 
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)75 status_t BnQService::onTransact(
76     uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
77 {
78     ALOGD_IF(QSERVICE_DEBUG, "%s: code: %d", __FUNCTION__, code);
79     // IPC should be from certain processes only
80     IPCThreadState* ipc = IPCThreadState::self();
81     const int callerPid = ipc->getCallingPid();
82     const int callerUid = ipc->getCallingUid();
83     const int MAX_BUF_SIZE = 1024;
84     char callingProcName[MAX_BUF_SIZE] = {0};
85 
86     getProcName(callerPid, callingProcName, MAX_BUF_SIZE);
87 
88     const bool permission = (callerUid == AID_MEDIA ||
89             callerUid == AID_GRAPHICS ||
90             callerUid == AID_ROOT ||
91             callerUid == AID_SYSTEM);
92 
93     if (code == CONNECT) {
94         CHECK_INTERFACE(IQService, data, reply);
95         if(callerUid != AID_GRAPHICS) {
96             ALOGE("display.qservice CONNECT access denied: \
97                     pid=%d uid=%d process=%s",
98                     callerPid, callerUid, callingProcName);
99             return PERMISSION_DENIED;
100         }
101         sp<IQClient> client =
102                 interface_cast<IQClient>(data.readStrongBinder());
103         connect(client);
104         return NO_ERROR;
105     } else if (code > COMMAND_LIST_START && code < COMMAND_LIST_END) {
106         if(!permission) {
107             ALOGE("display.qservice access denied: command=%d\
108                   pid=%d uid=%d process=%s", code, callerPid,
109                   callerUid, callingProcName);
110             return PERMISSION_DENIED;
111         }
112         CHECK_INTERFACE(IQService, data, reply);
113         dispatch(code, &data, reply);
114         return NO_ERROR;
115     } else {
116         return BBinder::onTransact(code, data, reply, flags);
117     }
118 }
119 
120 //Helper
getProcName(int pid,char * buf,int size)121 static void getProcName(int pid, char *buf, int size) {
122     int fd = -1;
123     snprintf(buf, size, "/proc/%d/cmdline", pid);
124     fd = open(buf, O_RDONLY);
125     if (fd < 0) {
126         strlcpy(buf, "Unknown", size);
127     } else {
128         ssize_t len = read(fd, buf, size - 1);
129         if (len >= 0)
130            buf[len] = 0;
131 
132         close(fd);
133     }
134 }
135 
136 }; // namespace qService
137