diff options
author | paulhu <paulhu@google.com> | 2022-02-09 18:37:27 +0800 |
---|---|---|
committer | paulhu <paulhu@google.com> | 2022-03-31 13:59:59 +0000 |
commit | c8a58ffa4269bf6925b469aa27bc714b1d072ea6 (patch) | |
tree | ffe6a2c965ddfffc0c43980974c4a5611b353e94 /server/NetdNativeService.cpp | |
parent | b791bd6f3896403ae48f10323a615cc88ac5ec4e (diff) | |
download | netd-c8a58ffa4269bf6925b469aa27bc714b1d072ea6.tar.gz |
Add MDnsService
- Register MDnsService as a native system service "mdns" which
can be used by NsdService to commnuicate with mdnsresponder.
This service is used to replace the NDC design between
NsdService and MDnsSdListener.
- A binder call interface for calling to MDnsSdListener.
- Move checkAnyPermssion() to BinderUtil.h which can be used by
any component.
Bug: 209894875
Test: cd system/netd ; atest
Change-Id: I3543c0ac8ac8da0030ad05baef4d0847730fcae8
Diffstat (limited to 'server/NetdNativeService.cpp')
-rw-r--r-- | server/NetdNativeService.cpp | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp index 317d830d..e1e14cf2 100644 --- a/server/NetdNativeService.cpp +++ b/server/NetdNativeService.cpp @@ -67,48 +67,6 @@ namespace net { namespace { const char OPT_SHORT[] = "--short"; -// The input permissions should be equivalent that this function would return ok if any of them is -// granted. -binder::Status checkAnyPermission(const std::vector<const char*>& permissions) { - pid_t pid = IPCThreadState::self()->getCallingPid(); - uid_t uid = IPCThreadState::self()->getCallingUid(); - - // TODO: Do the pure permission check in this function. Have another method - // (e.g. checkNetworkStackPermission) to wrap AID_SYSTEM and - // AID_NETWORK_STACK uid check. - // If the caller is the system UID, don't check permissions. - // Otherwise, if the system server's binder thread pool is full, and all the threads are - // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492 - // - // From a security perspective, there is currently no difference, because: - // 1. The system server has the NETWORK_STACK permission, which grants access to all the - // IPCs in this file. - // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission. - if (uid == AID_SYSTEM) { - return binder::Status::ok(); - } - // AID_NETWORK_STACK own MAINLINE_NETWORK_STACK permission, don't IPC to system server to check - // MAINLINE_NETWORK_STACK permission. Cross-process(netd, networkstack and system server) - // deadlock: http://b/149766727 - if (uid == AID_NETWORK_STACK) { - for (const char* permission : permissions) { - if (std::strcmp(permission, PERM_MAINLINE_NETWORK_STACK) == 0) { - return binder::Status::ok(); - } - } - } - - for (const char* permission : permissions) { - if (checkPermission(String16(permission), pid, uid)) { - return binder::Status::ok(); - } - } - - auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s", - uid, pid, android::base::Join(permissions, ',').c_str()); - return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str()); -} - #define ENFORCE_ANY_PERMISSION(...) \ do { \ binder::Status status = checkAnyPermission({__VA_ARGS__}); \ |