Created
November 5, 2017 14:06
-
-
Save zhxt/19d6aa64c59ec5ca769cfeca9df4a40d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 4b8e9bd44fb423f4d81d1d6b937c50a77176c76f Mon Sep 17 00:00:00 2001 | |
From: Zhang Xingtao <xingtao.zhang@yahoo.com> | |
Date: Sun, 5 Nov 2017 22:02:58 +0800 | |
Subject: [PATCH 1/1] ignore permission check for user nemo when rendering with | |
surfaceflinger | |
Error: surfaceflinger: E SurfaceFlinger: Permission Denial: can't access | |
SurfaceFlinger pid=2822, uid=100000 | |
Change-Id: I06763bdd72eafdda3f672e296b143ad22638e52d | |
--- | |
libs/binder/IServiceManager.cpp | 5 +++++ | |
libs/binder/PermissionCache.cpp | 3 ++- | |
services/surfaceflinger/SurfaceFlinger.cpp | 4 ++++ | |
3 files changed, 11 insertions(+), 1 deletion(-) | |
diff --git a/libs/binder/IServiceManager.cpp b/libs/binder/IServiceManager.cpp | |
index 44d235f0f..cc9d15073 100644 | |
--- a/libs/binder/IServiceManager.cpp | |
+++ b/libs/binder/IServiceManager.cpp | |
@@ -72,6 +72,11 @@ bool checkPermission(const String16& permission, pid_t pid, uid_t uid) | |
return true; | |
#endif | |
+ // For Mer | |
+ if (uid == 100000) { | |
+ ALOGI("Mer: Enabled permission for nemo user. uid=%d pid=%d", uid, pid); | |
+ return true; | |
+ } | |
sp<IPermissionController> pc; | |
gDefaultServiceManagerLock.lock(); | |
pc = gPermissionController; | |
diff --git a/libs/binder/PermissionCache.cpp b/libs/binder/PermissionCache.cpp | |
index a503be8cd..13d455dd8 100644 | |
--- a/libs/binder/PermissionCache.cpp | |
+++ b/libs/binder/PermissionCache.cpp | |
@@ -90,7 +90,8 @@ bool PermissionCache::checkCallingPermission( | |
bool PermissionCache::checkPermission( | |
const String16& permission, pid_t pid, uid_t uid) { | |
- if ((uid == 0) || (pid == getpid())) { | |
+ // uid 100000 is user nemo | |
+ if ((uid == 0) || (pid == getpid()) || (uid == 100000)) { | |
// root and ourselves is always okay | |
return true; | |
} | |
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp | |
index d71baf9f2..dda1375a5 100644 | |
--- a/services/surfaceflinger/SurfaceFlinger.cpp | |
+++ b/services/surfaceflinger/SurfaceFlinger.cpp | |
@@ -3249,12 +3249,14 @@ status_t SurfaceFlinger::onTransact( | |
IPCThreadState* ipc = IPCThreadState::self(); | |
const int pid = ipc->getCallingPid(); | |
const int uid = ipc->getCallingUid(); | |
+ /* | |
if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) && | |
!PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) { | |
ALOGE("Permission Denial: " | |
"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid); | |
return PERMISSION_DENIED; | |
} | |
+ */ | |
break; | |
} | |
case CAPTURE_SCREEN: | |
@@ -3276,6 +3278,7 @@ status_t SurfaceFlinger::onTransact( | |
status_t err = BnSurfaceComposer::onTransact(code, data, reply, flags); | |
if (err == UNKNOWN_TRANSACTION || err == PERMISSION_DENIED) { | |
CHECK_INTERFACE(ISurfaceComposer, data, reply); | |
+ /* | |
if (CC_UNLIKELY(!PermissionCache::checkCallingPermission(sHardwareTest))) { | |
IPCThreadState* ipc = IPCThreadState::self(); | |
const int pid = ipc->getCallingPid(); | |
@@ -3284,6 +3287,7 @@ status_t SurfaceFlinger::onTransact( | |
"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid); | |
return PERMISSION_DENIED; | |
} | |
+ */ | |
int n; | |
switch (code) { | |
case 1000: // SHOW_CPU, NOT SUPPORTED ANYMORE | |
-- | |
2.12.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment