Reland 'Check /dev/binder access before calling defaultServiceManager()'
Vendor processes do not have access to /dev/binder. Calling
defaultServiceManager() without RW permission will crash the process
with error message "Binder driver could not be opened. Terminating."
Normally, VNDK version of libcutils.so would not have the codepath of
ashmemd. However, on non-VNDK this codepath is exercised.
We check if the current process has permissions to /dev/binder before
calling defaultServiceManager() to avoid crashing. The calling code in
libcutils.so handles inability to connect ashmemd correctly. It will
fall back to opening /dev/ashmem directly. Vendor code should already
have permissions for that.
This SELinux denial shows which permissions need to be checked for:
avc: denied { read write } for name="binder" dev="tmpfs" ino=5570
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:binder_device:s0
tclass=chr_file permissive=0
Note that the problem only manifests on non-VNDK devices.
Bug: 129073672
Test: ashmemd_test
Test: VtsHalSensorsV1_0TargetTest
--gtest_filter=SensorsHidlTest.AccelerometerAshmemDirectReportOperationNormal
Test: atest CtsOsTestCases:android.os.cts.SeccompTest#testIsolatedServicePolicy
Change-Id: I23bef7986298811ce2bd84c3fdc9c9e22837c368
Merged-In: I23bef7986298811ce2bd84c3fdc9c9e22837c368
(cherry picked from commit febe203d835f89eede3979e44bb80b2cda523047)
1 file changed
