Bypass surface flinger permission check for calls from system.

Early during the boot, before activity manager is ready to handle permission checks, the system needs to be able to change the display state. Added a hardcoded exemption for AID_SYSTEM (which already has permission to talk to surface flinger anyhow). Bug: 19029490 Change-Id: I6222edcab8e394e5fb6adf7a982be446e4505a1e
2015-04-10 20:20:13 -07:00 · 2015-04-10 20:20:13 -07:00 · 3bfe51d790
commit 3bfe51d790
parent 1044367a73
2 changed files with 2 additions and 2 deletions
--- a/services/surfaceflinger/Client.cpp
+++ b/services/surfaceflinger/Client.cpp
@ -93,7 +93,7 @@ status_t Client::onTransact(
     const int pid = ipc->getCallingPid();
     const int uid = ipc->getCallingUid();
     const int self_pid = getpid();
-     if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != 0)) {
+     if (CC_UNLIKELY(pid != self_pid && uid != AID_GRAPHICS && uid != AID_SYSTEM && uid != 0)) {
         // we're called from a different process, do the real check
         if (!PermissionCache::checkCallingPermission(sAccessSurfaceFlinger))
         {
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@ -2799,7 +2799,7 @@ status_t SurfaceFlinger::onTransact(
            IPCThreadState* ipc = IPCThreadState::self();
            const int pid = ipc->getCallingPid();
            const int uid = ipc->getCallingUid();
-            if ((uid != AID_GRAPHICS) &&
+            if ((uid != AID_GRAPHICS && uid != AID_SYSTEM) &&
                    !PermissionCache::checkPermission(sAccessSurfaceFlinger, pid, uid)) {
                ALOGE("Permission Denial: "
                        "can't access SurfaceFlinger pid=%d, uid=%d", pid, uid);