Revert "ACL based on getCallingSid"

This reverts commit a76f673f9cd20cf1d722dfdd10e49b8defc1c48b.

Reason for revert: Breaks QCOM prebuilts.

Bug: 122551831
Bug: 121035042
Change-Id: Icc2540319076b1fd919038d34725e20eee088ad1
Test: reverting stops cnd crashing on crosshatch
(cherry picked from commit 17ef8885d95fbd683ef628190274960aea63e625)
diff --git a/AccessControl.cpp b/AccessControl.cpp
index aa5d43e..0c73dc6 100644
--- a/AccessControl.cpp
+++ b/AccessControl.cpp
@@ -14,11 +14,11 @@
 
 struct audit_data {
     const char* interfaceName;
-    const char* sid;
     pid_t       pid;
 };
 
 using android::FQName;
+using Context = AccessControl::Context;
 
 AccessControl::AccessControl() {
     mSeHandle = selinux_android_hw_service_context_handle();
@@ -37,7 +37,7 @@
     selinux_set_callback(SELINUX_CB_LOG, mSeCallbacks);
 }
 
-bool AccessControl::canAdd(const std::string& fqName, const CallingContext& callingContext) {
+bool AccessControl::canAdd(const std::string& fqName, const Context &context, pid_t pid) {
     FQName fqIface;
 
     if (!FQName::parse(fqName, &fqIface)) {
@@ -45,10 +45,10 @@
     }
     const std::string checkName = fqIface.package() + "::" + fqIface.name();
 
-    return checkPermission(callingContext, kPermissionAdd, checkName.c_str());
+    return checkPermission(context, pid, kPermissionAdd, checkName.c_str());
 }
 
-bool AccessControl::canGet(const std::string& fqName, const CallingContext& callingContext) {
+bool AccessControl::canGet(const std::string& fqName, pid_t pid) {
     FQName fqIface;
 
     if (!FQName::parse(fqName, &fqIface)) {
@@ -56,45 +56,42 @@
     }
     const std::string checkName = fqIface.package() + "::" + fqIface.name();
 
-    return checkPermission(callingContext, kPermissionGet, checkName.c_str());
+    return checkPermission(getContext(pid), pid, kPermissionGet, checkName.c_str());
 }
 
-bool AccessControl::canList(const CallingContext& callingContext) {
-    return checkPermission(callingContext, mSeContext, kPermissionList, nullptr);
+bool AccessControl::canList(pid_t pid) {
+    return checkPermission(getContext(pid), pid, mSeContext, kPermissionList, nullptr);
 }
 
-AccessControl::CallingContext AccessControl::getCallingContext(pid_t sourcePid) {
+Context AccessControl::getContext(pid_t sourcePid) {
     char *sourceContext = nullptr;
 
     if (getpidcon(sourcePid, &sourceContext) < 0) {
         ALOGE("SELinux: failed to retrieve process context for pid %d", sourcePid);
-        return { false, "", sourcePid };
+        return Context(nullptr, freecon);
     }
 
-    std::string context = sourceContext;
-    freecon(sourceContext);
-    return { true, context, sourcePid };
+    return Context(sourceContext, freecon);
 }
 
-bool AccessControl::checkPermission(const CallingContext& source, const char *targetContext, const char *perm, const char *interface) {
-    if (!source.sidPresent) {
+bool AccessControl::checkPermission(const Context &context, pid_t sourceAuditPid, const char *targetContext, const char *perm, const char *interface) {
+    if (context == nullptr) {
         return false;
     }
 
     bool allowed = false;
-
     struct audit_data ad;
-    ad.pid = source.pid;
-    ad.sid = source.sid.c_str();
+
+    ad.pid = sourceAuditPid;
     ad.interfaceName = interface;
 
-    allowed = (selinux_check_access(source.sid.c_str(), targetContext, "hwservice_manager",
+    allowed = (selinux_check_access(context.get(), targetContext, "hwservice_manager",
                                     perm, (void *) &ad) == 0);
 
     return allowed;
 }
 
-bool AccessControl::checkPermission(const CallingContext& source, const char *perm, const char *interface) {
+bool AccessControl::checkPermission(const Context &context, pid_t sourceAuditPid, const char *perm, const char *interface) {
     char *targetContext = nullptr;
     bool allowed = false;
 
@@ -104,7 +101,7 @@
         return false;
     }
 
-    allowed = checkPermission(source, targetContext, perm, interface);
+    allowed = checkPermission(context, sourceAuditPid, targetContext, perm, interface);
 
     freecon(targetContext);
 
@@ -119,9 +116,7 @@
         return 0;
     }
 
-    const char* sid = ad->sid ? ad->sid : "N/A";
-
-    snprintf(buf, len, "interface=%s sid=%s pid=%d", ad->interfaceName, sid, ad->pid);
+    snprintf(buf, len, "interface=%s pid=%d", ad->interfaceName, ad->pid);
     return 0;
 }
 
diff --git a/AccessControl.h b/AccessControl.h
index 877df99..63a2098 100644
--- a/AccessControl.h
+++ b/AccessControl.h
@@ -9,21 +9,17 @@
 public:
     AccessControl();
 
-    struct CallingContext {
-        bool sidPresent;
-        std::string sid;
-        pid_t pid;
-    };
-    static CallingContext getCallingContext(pid_t sourcePid);
+    using Context = std::unique_ptr<char, decltype(&freecon)>;
+    Context getContext(pid_t sourcePid);
 
-    bool canAdd(const std::string& fqName, const CallingContext& callingContext);
-    bool canGet(const std::string& fqName, const CallingContext& callingContext);
-    bool canList(const CallingContext& callingContext);
+    bool canAdd(const std::string& fqName, const Context &context, pid_t pid);
+    bool canGet(const std::string& fqName, pid_t pid);
+    bool canList(pid_t pid);
 
 private:
 
-    bool checkPermission(const CallingContext& source, const char *targetContext, const char *perm, const char *interface);
-    bool checkPermission(const CallingContext& source, const char *perm, const char *interface);
+    bool checkPermission(const Context &context, pid_t sourceAuditPid, const char *targetContext, const char *perm, const char *interface);
+    bool checkPermission(const Context &context, pid_t sourcePid, const char *perm, const char *interface);
 
     static int auditCallback(void *data, security_class_t cls, char *buf, size_t len);
 
diff --git a/HidlService.cpp b/HidlService.cpp
index 6dd02cc..87b15c9 100644
--- a/HidlService.cpp
+++ b/HidlService.cpp
@@ -36,7 +36,7 @@
     sendRegistrationNotifications();
 }
 
-pid_t HidlService::getDebugPid() const {
+pid_t HidlService::getPid() const {
     return mPid;
 }
 const std::string &HidlService::getInterfaceName() const {
diff --git a/HidlService.h b/HidlService.h
index 6315ac2..290c934 100644
--- a/HidlService.h
+++ b/HidlService.h
@@ -42,7 +42,7 @@
      */
     sp<IBase> getService() const;
     void setService(sp<IBase> service, pid_t pid);
-    pid_t getDebugPid() const;
+    pid_t getPid() const;
     const std::string &getInterfaceName() const;
     const std::string &getInstanceName() const;
 
diff --git a/ServiceManager.cpp b/ServiceManager.cpp
index b23b8ab..0257edb 100644
--- a/ServiceManager.cpp
+++ b/ServiceManager.cpp
@@ -20,23 +20,6 @@
 namespace manager {
 namespace implementation {
 
-AccessControl::CallingContext getBinderCallingContext() {
-    const auto& self = IPCThreadState::self();
-
-    pid_t pid = self->getCallingPid();
-    const char* sid = self->getCallingSid();
-
-    if (sid == nullptr) {
-        if (pid != getpid()) {
-            android_errorWriteLog(0x534e4554, "121035042");
-        }
-
-        return AccessControl::getCallingContext(pid);
-    } else {
-        return { true, sid, pid };
-    }
-}
-
 static constexpr uint64_t kServiceDiedCookie = 0;
 static constexpr uint64_t kPackageListenerDiedCookie = 1;
 static constexpr uint64_t kServiceListenerDiedCookie = 2;
@@ -232,7 +215,8 @@
     const std::string fqName = hidlFqName;
     const std::string name = hidlName;
 
-    if (!mAcl.canGet(fqName, getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canGet(fqName, pid)) {
         return nullptr;
     }
 
@@ -281,10 +265,11 @@
         return false;
     }
 
-    auto pidcon = getBinderCallingContext();
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    auto context = mAcl.getContext(pid);
 
     auto ret = service->interfaceChain([&](const auto &interfaceChain) {
-        addSuccess = addImpl(name, service, interfaceChain, pidcon);
+        addSuccess = addImpl(name, service, interfaceChain, context, pid);
     });
 
     if (!ret.isOk()) {
@@ -298,7 +283,8 @@
 bool ServiceManager::addImpl(const hidl_string& name,
                              const sp<IBase>& service,
                              const hidl_vec<hidl_string>& interfaceChain,
-                             const AccessControl::CallingContext& callingContext) {
+                             const AccessControl::Context &context,
+                             pid_t pid) {
     if (interfaceChain.size() == 0) {
         LOG(WARNING) << "Empty interface chain for " << name;
         return false;
@@ -308,7 +294,7 @@
     for(size_t i = 0; i < interfaceChain.size(); i++) {
         const std::string fqName = interfaceChain[i];
 
-        if (!mAcl.canAdd(fqName, callingContext)) {
+        if (!mAcl.canAdd(fqName, context, pid)) {
             return false;
         }
     }
@@ -341,9 +327,9 @@
 
         if (hidlService == nullptr) {
             ifaceMap.insertService(
-                std::make_unique<HidlService>(fqName, name, service, callingContext.pid));
+                std::make_unique<HidlService>(fqName, name, service, pid));
         } else {
-            hidlService->setService(service, callingContext.pid);
+            hidlService->setService(service, pid);
         }
 
         ifaceMap.sendPackageRegistrationNotification(fqName, name);
@@ -361,7 +347,8 @@
                                                                const hidl_string& name) {
     using ::android::hardware::getTransport;
 
-    if (!mAcl.canGet(fqName, getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canGet(fqName, pid)) {
         return Transport::EMPTY;
     }
 
@@ -377,7 +364,8 @@
 }
 
 Return<void> ServiceManager::list(list_cb _hidl_cb) {
-    if (!mAcl.canList(getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canList(pid)) {
         _hidl_cb({});
         return Void();
     }
@@ -398,7 +386,8 @@
 
 Return<void> ServiceManager::listByInterface(const hidl_string& fqName,
                                              listByInterface_cb _hidl_cb) {
-    if (!mAcl.canGet(fqName, getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canGet(fqName, pid)) {
         _hidl_cb({});
         return Void();
     }
@@ -441,7 +430,8 @@
         return false;
     }
 
-    if (!mAcl.canGet(fqName, getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canGet(fqName, pid)) {
         return false;
     }
 
@@ -520,9 +510,9 @@
     pid_t pid = IPCThreadState::self()->getCallingPid();
 
     HidlService* registered = nullptr;
+
     forEachExistingService([&] (HidlService *service) {
-        // This is a sanity check. Only a server should ever care if it has no clients.
-        if (service->getDebugPid() != pid) {
+        if (service->getPid() != pid) {
             return true;  // continue
         }
 
@@ -580,14 +570,16 @@
         return false;
     }
 
-    auto callingContext = getBinderCallingContext();
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    auto context = mAcl.getContext(pid);
 
-    return addImpl(name, service, chain, callingContext);
+    return addImpl(name, service, chain, context, pid);
 }
 
 Return<void> ServiceManager::listManifestByInterface(const hidl_string& fqName,
                                                      listManifestByInterface_cb _hidl_cb) {
-    if (!mAcl.canGet(fqName, getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canGet(fqName, pid)) {
         _hidl_cb({});
         return Void();
     }
@@ -600,7 +592,8 @@
 }
 
 Return<void> ServiceManager::debugDump(debugDump_cb _cb) {
-    if (!mAcl.canList(getBinderCallingContext())) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canList(pid)) {
         _cb({});
         return Void();
     }
@@ -616,7 +609,7 @@
         }
 
         list.push_back({
-            .pid = service->getDebugPid(),
+            .pid = service->getPid(),
             .interfaceName = service->getInterfaceName(),
             .instanceName = service->getInstanceName(),
             .clientPids = clientPids,
@@ -633,9 +626,8 @@
 
 Return<void> ServiceManager::registerPassthroughClient(const hidl_string &fqName,
         const hidl_string &name) {
-    auto callingContext = getBinderCallingContext();
-
-    if (!mAcl.canGet(fqName, callingContext)) {
+    pid_t pid = IPCThreadState::self()->getCallingPid();
+    if (!mAcl.canGet(fqName, pid)) {
         /* We guard this function with "get", because it's typically used in
          * the getService() path, albeit for a passthrough service in this
          * case
@@ -655,10 +647,10 @@
 
     if (service == nullptr) {
         auto adding = std::make_unique<HidlService>(fqName, name);
-        adding->registerPassthroughClient(callingContext.pid);
+        adding->registerPassthroughClient(pid);
         ifaceMap.insertService(std::move(adding));
     } else {
-        service->registerPassthroughClient(callingContext.pid);
+        service->registerPassthroughClient(pid);
     }
     return Void();
 }
diff --git a/ServiceManager.h b/ServiceManager.h
index 61e271f..8cfaeb7 100644
--- a/ServiceManager.h
+++ b/ServiceManager.h
@@ -70,7 +70,8 @@
     bool addImpl(const hidl_string& name,
                  const sp<IBase>& service,
                  const hidl_vec<hidl_string>& interfaceChain,
-                 const AccessControl::CallingContext& callingContext);
+                 const AccessControl::Context &context,
+                 pid_t pid);
 
     // if restrictToInstanceName is nullptr, remove all, otherwise only those services
     // which match this instance name. Returns whether all instances were removed.
diff --git a/service.cpp b/service.cpp
index 734588f..5b595b8 100644
--- a/service.cpp
+++ b/service.cpp
@@ -33,7 +33,6 @@
 
 // libhidl
 using android::hardware::handleTransportPoll;
-using android::hardware::setRequestingSid;
 using android::hardware::setupTransportPolling;
 using android::hardware::toBinder;
 
@@ -122,8 +121,6 @@
 
 int main() {
     sp<ServiceManager> manager = new ServiceManager();
-    setRequestingSid(manager, true);
-
     if (!manager->add(serviceName, manager)) {
         ALOGE("Failed to register hwservicemanager with itself.");
     }