From 8e2f3858d5a06dae5a543d9428278f59120f7f8c Mon Sep 17 00:00:00 2001
From: Siva Velusamy <vsiva@google.com>
Date: Thu, 15 Mar 2012 16:18:38 -0700
Subject: [PATCH] gltrace: Only accept connections from the shell.

Only accept incoming connections from the shell user.

Change-Id: Ibef1a796d794d45f73db59949b39cb1ce68542b4
---
 opengl/libs/GLES_trace/src/gltrace_transport.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/opengl/libs/GLES_trace/src/gltrace_transport.cpp b/opengl/libs/GLES_trace/src/gltrace_transport.cpp
index 5251b12ce..5c7345631 100644
--- a/opengl/libs/GLES_trace/src/gltrace_transport.cpp
+++ b/opengl/libs/GLES_trace/src/gltrace_transport.cpp
@@ -23,6 +23,7 @@
 #include <netinet/in.h>
 
 #include <cutils/log.h>
+#include <private/android_filesystem_config.h>
 
 #include "gltrace_transport.h"
 
@@ -67,6 +68,19 @@ int acceptClientConnection(char *sockname) {
         return -1;
     }
 
+    struct ucred cr;
+    socklen_t cr_len = sizeof(cr);
+    if (getsockopt(clientSocket, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) != 0) {
+        ALOGE("Error obtaining credentials of peer");
+        return -1;
+    }
+
+    // Only accept connects from the shell (adb forward comes to us as shell user)
+    if (cr.uid != AID_SHELL) {
+        ALOGE("Unknown peer type (%d), expected shell to be the peer", cr.uid);
+        return -1;
+    }
+
     ALOGD("gltrace::waitForClientConnection: client connected.");
 
     // do not accept any more incoming connections