From 45b773a96dcffed2ee327c7353693266f472eb04 Mon Sep 17 00:00:00 2001 From: Phil Burk Date: Wed, 28 Apr 2021 00:30:17 +0000 Subject: [PATCH] MidiService: protect private service info Check for callers UID before returning MidiDeviceInfo. Bug: 185796676 Test: see bug for repro steps Test: atest CtsMidiTestCases Test: https://source.android.com/devices/audio/midi_test.html Change-Id: I4d5b8eca7457fa9b772e30e2f641bddb766177ee --- .../midi/java/com/android/server/midi/MidiService.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/services/midi/java/com/android/server/midi/MidiService.java b/services/midi/java/com/android/server/midi/MidiService.java index 47505a398a6f3..e31be82bcff7d 100644 --- a/services/midi/java/com/android/server/midi/MidiService.java +++ b/services/midi/java/com/android/server/midi/MidiService.java @@ -43,6 +43,7 @@ import android.os.IBinder; import android.os.Process; import android.os.RemoteException; import android.os.UserHandle; +import android.util.EventLog; import android.util.Log; import com.android.internal.content.PackageMonitor; @@ -736,13 +737,19 @@ public class MidiService extends IMidiManager.Stub { @Override public MidiDeviceInfo getServiceDeviceInfo(String packageName, String className) { + int uid = Binder.getCallingUid(); synchronized (mDevicesByInfo) { for (Device device : mDevicesByInfo.values()) { ServiceInfo serviceInfo = device.getServiceInfo(); if (serviceInfo != null && packageName.equals(serviceInfo.packageName) && className.equals(serviceInfo.name)) { - return device.getDeviceInfo(); + if (device.isUidAllowed(uid)) { + return device.getDeviceInfo(); + } else { + EventLog.writeEvent(0x534e4554, "185796676", -1, ""); + return null; + } } } return null;