From 03cba65b91c44ea2b08f198d165724b60b0518e8 Mon Sep 17 00:00:00 2001 From: Jaewan Kim Date: Wed, 4 Apr 2018 16:25:35 +0900 Subject: [PATCH] MediaSessionManager: Apply API council review Here's the comments from the review - RemoteUserInfo needs to override .hashCode() as well - Verify package name and the UID in the RemoteUserInfo - Docs: Document how to get RemoteUserInfo - Docs: Document that RemoteUserInfo is only valid on thread that the command is being called from * It's already documented in the MediaSession#getCurrentControllerInfo() and MediaBrowserService#getCurrentBrowserInfo(). Bug: 77507337 Test: Run following CtsMediaTestCases - MediaBrowserTest - MediaBrowserServiceTest - MediaControllerTest Change-Id: If37560a7bc59d1ef5517ec1f3e0a8b74c2bb2980 --- .../media/session/MediaSessionManager.java | 14 ++++++++++++-- .../server/media/MediaSessionService.java | 18 ++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/media/java/android/media/session/MediaSessionManager.java b/media/java/android/media/session/MediaSessionManager.java index 519af1ba14a5a..fbc143845509e 100644 --- a/media/java/android/media/session/MediaSessionManager.java +++ b/media/java/android/media/session/MediaSessionManager.java @@ -47,6 +47,7 @@ import android.view.KeyEvent; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Objects; import java.util.concurrent.Executor; /** @@ -342,12 +343,16 @@ public final class MediaSessionManager { } /** - * Returns whether the app is trusted. + * Checks whether the remote user is a trusted app. *

* An app is trusted if the app holds the android.Manifest.permission.MEDIA_CONTENT_CONTROL * permission or has an enabled notification listener. * - * @param userInfo The remote user info + * @param userInfo The remote user info from either + * {@link MediaSession#getCurrentControllerInfo()} or + * {@link MediaBrowserService#getCurrentBrowserInfo()}. + * @return {@code true} if the remote user is trusted and its package name matches with the UID. + * {@code false} otherwise. */ public boolean isTrustedForMediaControl(RemoteUserInfo userInfo) { if (userInfo.getPackageName() == null) { @@ -814,6 +819,11 @@ public final class MediaSessionManager { && mPid == otherUserInfo.mPid && mUid == otherUserInfo.mUid; } + + @Override + public int hashCode() { + return Objects.hash(mPackageName, mPid, mUid); + } } private static final class SessionsChangedWrapper { diff --git a/services/core/java/com/android/server/media/MediaSessionService.java b/services/core/java/com/android/server/media/MediaSessionService.java index 6413ba986eaed..a3c6c80c75aa2 100644 --- a/services/core/java/com/android/server/media/MediaSessionService.java +++ b/services/core/java/com/android/server/media/MediaSessionService.java @@ -1515,6 +1515,24 @@ public class MediaSessionService extends SystemService implements Monitor { final int uid = Binder.getCallingUid(); final long token = Binder.clearCallingIdentity(); try { + int controllerUserId = UserHandle.getUserId(controllerUid); + int controllerUidFromPackageName; + try { + controllerUidFromPackageName = getContext().getPackageManager() + .getPackageUidAsUser(controllerPackageName, controllerUserId); + } catch (NameNotFoundException e) { + if (DEBUG) { + Log.d(TAG, "Package " + controllerPackageName + " doesn't exist"); + } + return false; + } + if (controllerUidFromPackageName != controllerUid) { + if (DEBUG) { + Log.d(TAG, "Package name " + controllerPackageName + + " doesn't match with the uid " + controllerUid); + } + return false; + } return hasMediaControlPermission(UserHandle.getUserId(uid), controllerPackageName, controllerPid, controllerUid); } finally {