MidiService: protect private service info

Check for callers UID before returning MidiDeviceInfo. Bug: 185796676 Test: see bug for repro steps Test: atest CtsMidiTestCases Test: https://source.android.com/devices/audio/midi_test.html Change-Id: I4d5b8eca7457fa9b772e30e2f641bddb766177ee
2021-04-28 00:30:17 +00:00
parent cbfb5f4584
commit 45b773a96d
1 changed files with 8 additions and 1 deletions
--- a/services/midi/java/com/android/server/midi/MidiService.java
+++ b/services/midi/java/com/android/server/midi/MidiService.java
@@ -43,6 +43,7 @@ import android.os.IBinder;
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.UserHandle;
+import android.util.EventLog;
 import android.util.Log;

 import com.android.internal.content.PackageMonitor;
@@ -736,13 +737,19 @@ public class MidiService extends IMidiManager.Stub {

    @Override
    public MidiDeviceInfo getServiceDeviceInfo(String packageName, String className) {
+        int uid = Binder.getCallingUid();
        synchronized (mDevicesByInfo) {
            for (Device device : mDevicesByInfo.values()) {
                 ServiceInfo serviceInfo = device.getServiceInfo();
                 if (serviceInfo != null &&
                        packageName.equals(serviceInfo.packageName) &&
                        className.equals(serviceInfo.name)) {
-                    return device.getDeviceInfo();
+                    if (device.isUidAllowed(uid)) {
+                        return device.getDeviceInfo();
+                    } else {
+                        EventLog.writeEvent(0x534e4554, "185796676", -1, "");
+                        return null;
+                    }
                }
            }
            return null;