From c558c0c15a80c72322ff76fe65110a83a94433fd Mon Sep 17 00:00:00 2001 From: Cody Northrop Date: Tue, 28 May 2019 11:56:37 -0600 Subject: [PATCH 1/2] Revert "GraphicsEnvironment: Allow profileable apps to load layers" This reverts commit 3832aa99061e737ed8bd91b5a0b7388a0ec855b3. Loading layers for apps that have opted for "profileable" breaks the Android security model. They have only consented to exposing profiling information, not exposing data under its control. Layers have access to everything in the API calls. Bug: 128637647 Test: atest CtsGpuToolsHostTestCases Change-Id: I5aed181c3cec616c3ce98a1a30287b30f190ba9b --- core/java/android/os/GraphicsEnvironment.java | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/core/java/android/os/GraphicsEnvironment.java b/core/java/android/os/GraphicsEnvironment.java index 5039b31ed9ffd..21701346c97c3 100644 --- a/core/java/android/os/GraphicsEnvironment.java +++ b/core/java/android/os/GraphicsEnvironment.java @@ -230,13 +230,6 @@ public class GraphicsEnvironment { return (context.getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) > 0; } - /** - * Check whether application is profileable - */ - private static boolean isProfileable(Context context) { - return context.getApplicationInfo().isProfileableByShell(); - } - /** * Store the layer paths available to the loader. */ @@ -287,11 +280,11 @@ public class GraphicsEnvironment { String layerPaths = ""; // Only enable additional debug functionality if the following conditions are met: - // 1. App is debuggable, profileable, or device is rooted + // 1. App is debuggable or device is rooted // 2. ENABLE_GPU_DEBUG_LAYERS is true // 3. Package name is equal to GPU_DEBUG_APP - if (isDebuggable(context) || isProfileable(context) || (getCanLoadSystemLibraries() == 1)) { + if (isDebuggable(context) || (getCanLoadSystemLibraries() == 1)) { final int enable = coreSettings.getInt(Settings.Global.ENABLE_GPU_DEBUG_LAYERS, 0); From 32adba453789b2e7f274302e40af30d1f81aca0c Mon Sep 17 00:00:00 2001 From: Cody Northrop Date: Tue, 28 May 2019 12:18:44 -0600 Subject: [PATCH 2/2] GraphicsEnvironment: No debug ANGLE packages for profileable apps An app opting in to "profileable" does not mean we should allow it to load ANGLE libraries from the debug package. Bug: 128637647 Test: atest CtsGpuToolsHostTestCases Change-Id: I5c6ea33a1e1624e006bc4865bc0a06ea92d9d806 --- core/java/android/os/GraphicsEnvironment.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/core/java/android/os/GraphicsEnvironment.java b/core/java/android/os/GraphicsEnvironment.java index 21701346c97c3..24a1477836690 100644 --- a/core/java/android/os/GraphicsEnvironment.java +++ b/core/java/android/os/GraphicsEnvironment.java @@ -466,9 +466,8 @@ public class GraphicsEnvironment { */ private String getAngleDebugPackage(Context context, Bundle coreSettings) { final boolean appIsDebuggable = isDebuggable(context); - final boolean appIsProfileable = isProfileable(context); final boolean deviceIsDebuggable = getCanLoadSystemLibraries() == 1; - if (appIsDebuggable || appIsProfileable || deviceIsDebuggable) { + if (appIsDebuggable || deviceIsDebuggable) { String debugPackage; if (coreSettings != null) {