Google Git
Sign in
android / platform / frameworks / base / 940dcda6a1e3^! / .
commit940dcda6a1e3d468145c162481b08847aa313fa7[log] [tgz]
authorCarmen Jackson <carmenjackson@google.com>Wed Jun 23 11:41:15 2021 -0700
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Jun 24 23:51:23 2021 +0000
tree4a60df9eb32ebd0eafb18623806cf8f8c0f42c6f
parent61a8024946ad0d87ffffe035e11493c295fb7722 [diff]
Add Binder.clearCallingIdentity to TracingServiceProxy

The TracingServiceProxy is called by traced, which runs as UID 9999 and
therefore doesn't have the required permissions to start a foreground service.

So, clear that calling identity so that the identity checked for this
permission is system_server, which does have the correct permissions.

We'll ensure that no other processes can utilize this path via selinux
rules.

Bug: 191391382
Test: Manually tested that before this change, I saw an
'ActivityManager: startForegroundService() not allowed' error when
taking a bugreport while a trace is running, while after this change the
bugreport was taken successfully with no errors, and the trace was
included in the bugreport.

Change-Id: I4ae68047d588dfc87225ddf41288dc4093a71313
Merged-In: I472fe8acc2e59e93afd8475f51b5f347cd3ccc5d
(cherry picked from commit 1a856d556c829c20f2891d1f6a4545aa65baedb8)

diff --git a/services/core/java/com/android/server/tracing/TracingServiceProxy.java b/services/core/java/com/android/server/tracing/TracingServiceProxy.java
index 8f22748..ff2f08b 100644
--- a/services/core/java/com/android/server/tracing/TracingServiceProxy.java
+++ b/services/core/java/com/android/server/tracing/TracingServiceProxy.java

@@ -20,6 +20,7 @@
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
+import android.os.Binder;
 import android.os.UserHandle;
 import android.tracing.ITracingServiceProxy;
 import android.util.Log;
@@ -30,6 +31,8 @@
  * TracingServiceProxy is the system_server intermediary between the Perfetto tracing daemon and the
  * system tracing app Traceur.
  *
+ * Access to this service is restricted via SELinux. Normal apps do not have access.
+ *
  * @hide
  */
 public class TracingServiceProxy extends SystemService {
@@ -87,11 +90,15 @@
                 intent.setAction(INTENT_ACTION_NOTIFY_SESSION_STOPPED);
             }
 
+            final long identity = Binder.clearCallingIdentity();
             try {
                 mContext.startForegroundServiceAsUser(intent, UserHandle.SYSTEM);
             } catch (RuntimeException e) {
                 Log.e(TAG, "Failed to notifyTraceSessionEnded", e);
+            } finally {
+                Binder.restoreCallingIdentity(identity);
             }
+
         } catch (NameNotFoundException e) {
             Log.e(TAG, "Failed to locate Traceur", e);
         }