zhxt/fix-permission-for-sf

## fix-permission-for-sf
From 4b8e9bd44fb423f4d81d1d6b937c50a77176c76f Mon Sep 17 00:00:00 2001
From: Zhang Xingtao <xingtao.zhang@yahoo.com>
Date: Sun, 5 Nov 2017 22:02:58 +0800
Subject: [PATCH 1/1] ignore permission check for user nemo when rendering with
 surfaceflinger

Error: surfaceflinger:   E SurfaceFlinger: Permission Denial: can't access
SurfaceFlinger pid=2822, uid=100000

Change-Id: I06763bdd72eafdda3f672e296b143ad22638e52d
---
 libs/binder/IServiceManager.cpp            | 5 +++++
 libs/binder/PermissionCache.cpp            | 3 ++-
 services/surfaceflinger/SurfaceFlinger.cpp | 4 ++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/libs/binder/IServiceManager.cpp b/libs/binder/IServiceManager.cpp
index 44d235f0f..cc9d15073 100644
--- a/libs/binder/IServiceManager.cpp
+++ b/libs/binder/IServiceManager.cpp
@@ -72,6 +72,11 @@ bool checkPermission(const String16& permission, pid_t pid, uid_t uid)
     return true;
 #endif

+    // For Mer
+    if (uid == 100000) {
+        ALOGI("Mer: Enabled permission for nemo user. uid=%d  pid=%d", uid, pid);
+        return true;
+    }
     sp<IPermissionController> pc;
     gDefaultServiceManagerLock.lock();
     pc = gPermissionController;
diff --git a/libs/binder/PermissionCache.cpp b/libs/binder/PermissionCache.cpp
index a503be8cd..13d455dd8 100644
--- a/libs/binder/PermissionCache.cpp
+++ b/libs/binder/PermissionCache.cpp
@@ -90,7 +90,8 @@ bool PermissionCache::checkCallingPermission(

 bool PermissionCache::checkPermission(
         const String16& permission, pid_t pid, uid_t uid) {
-    if ((uid == 0) || (pid == getpid())) {
+    // uid 100000 is user nemo
+    if ((uid == 0) || (pid == getpid()) || (uid == 100000)) {
         // root and ourselves is always okay
         return true;
     }
diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index d71baf9f2..dda1375a5 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -3249,12 +3249,14 @@ status_t SurfaceFlinger::onTransact(
             IPCThreadState* ipc = IPCThreadState::self();
             const int pid = ipc->getCallingPid();
             const int uid = ipc->getCallingUid();
+            /*
             if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
                     !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
                 ALOGE("Permission Denial: "
                         "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
                 return PERMISSION_DENIED;
             }
+            */
             break;
         }
         case CAPTURE_SCREEN:
@@ -3276,6 +3278,7 @@ status_t SurfaceFlinger::onTransact(
     status_t err = BnSurfaceComposer::onTransact(code, data, reply, flags);
     if (err == UNKNOWN_TRANSACTION || err == PERMISSION_DENIED) {
         CHECK_INTERFACE(ISurfaceComposer, data, reply);
+        /*
         if (CC_UNLIKELY(!PermissionCache::checkCallingPermission(sHardwareTest))) {
             IPCThreadState* ipc = IPCThreadState::self();
             const int pid = ipc->getCallingPid();
@@ -3284,6 +3287,7 @@ status_t SurfaceFlinger::onTransact(
                     "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
             return PERMISSION_DENIED;
         }
+        */
         int n;
         switch (code) {
             case 1000: // SHOW_CPU, NOT SUPPORTED ANYMORE
--
2.12.0
	From 4b8e9bd44fb423f4d81d1d6b937c50a77176c76f Mon Sep 17 00:00:00 2001
	From: Zhang Xingtao <xingtao.zhang@yahoo.com>
	Date: Sun, 5 Nov 2017 22:02:58 +0800
	Subject: [PATCH 1/1] ignore permission check for user nemo when rendering with
	surfaceflinger

	Error: surfaceflinger: E SurfaceFlinger: Permission Denial: can't access
	SurfaceFlinger pid=2822, uid=100000

	Change-Id: I06763bdd72eafdda3f672e296b143ad22638e52d
	---
	libs/binder/IServiceManager.cpp \| 5 +++++
	libs/binder/PermissionCache.cpp \| 3 ++-
	services/surfaceflinger/SurfaceFlinger.cpp \| 4 ++++
	3 files changed, 11 insertions(+), 1 deletion(-)

	diff --git a/libs/binder/IServiceManager.cpp b/libs/binder/IServiceManager.cpp
	index 44d235f0f..cc9d15073 100644
	--- a/libs/binder/IServiceManager.cpp
	+++ b/libs/binder/IServiceManager.cpp
	@@ -72,6 +72,11 @@ bool checkPermission(const String16& permission, pid_t pid, uid_t uid)
	return true;
	#endif

	+ // For Mer
	+ if (uid == 100000) {
	+ ALOGI("Mer: Enabled permission for nemo user. uid=%d pid=%d", uid, pid);
	+ return true;
	+ }
	sp<IPermissionController> pc;
	gDefaultServiceManagerLock.lock();
	pc = gPermissionController;
	diff --git a/libs/binder/PermissionCache.cpp b/libs/binder/PermissionCache.cpp
	index a503be8cd..13d455dd8 100644
	--- a/libs/binder/PermissionCache.cpp
	+++ b/libs/binder/PermissionCache.cpp
	@@ -90,7 +90,8 @@ bool PermissionCache::checkCallingPermission(

	bool PermissionCache::checkPermission(
	const String16& permission, pid_t pid, uid_t uid) {
	- if ((uid == 0) \|\| (pid == getpid())) {
	+ // uid 100000 is user nemo
	+ if ((uid == 0) \|\| (pid == getpid()) \|\| (uid == 100000)) {
	// root and ourselves is always okay
	return true;
	}
	diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
	index d71baf9f2..dda1375a5 100644
	--- a/services/surfaceflinger/SurfaceFlinger.cpp
	+++ b/services/surfaceflinger/SurfaceFlinger.cpp
	@@ -3249,12 +3249,14 @@ status_t SurfaceFlinger::onTransact(
	IPCThreadState* ipc = IPCThreadState::self();
	const int pid = ipc->getCallingPid();
	const int uid = ipc->getCallingUid();
	+ /*
	if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
	!PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
	ALOGE("Permission Denial: "
	"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
	return PERMISSION_DENIED;
	}
	+ */
	break;
	}
	case CAPTURE_SCREEN:
	@@ -3276,6 +3278,7 @@ status_t SurfaceFlinger::onTransact(
	status_t err = BnSurfaceComposer::onTransact(code, data, reply, flags);
	if (err == UNKNOWN_TRANSACTION \|\| err == PERMISSION_DENIED) {
	CHECK_INTERFACE(ISurfaceComposer, data, reply);
	+ /*
	if (CC_UNLIKELY(!PermissionCache::checkCallingPermission(sHardwareTest))) {
	IPCThreadState* ipc = IPCThreadState::self();
	const int pid = ipc->getCallingPid();
	@@ -3284,6 +3287,7 @@ status_t SurfaceFlinger::onTransact(
	"can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);
	return PERMISSION_DENIED;
	}
	+ */
	int n;
	switch (code) {
	case 1000: // SHOW_CPU, NOT SUPPORTED ANYMORE
	--
	2.12.0