1/*
2 * Copyright (C) 2010 The Android Open Source Project
3 * Copyright (C) 2012-2014, The Linux Foundation. All rights reserved.
4 *
5 * Not a Contribution, Apache license notifications and license are
6 * retained for attribution purposes only.
7
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 *      http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include <fcntl.h>
22#include <stdint.h>
23#include <sys/types.h>
24#include <binder/Parcel.h>
25#include <binder/IBinder.h>
26#include <binder/IInterface.h>
27#include <binder/IPCThreadState.h>
28#include <utils/Errors.h>
29#include <private/android_filesystem_config.h>
30#include <IQService.h>
31
32#define QSERVICE_DEBUG 0
33
34using namespace android;
35using namespace qClient;
36
37// ---------------------------------------------------------------------------
38
39namespace qService {
40
41class BpQService : public BpInterface<IQService>
42{
43public:
44    BpQService(const sp<IBinder>& impl)
45        : BpInterface<IQService>(impl) {}
46
47    virtual void connect(const sp<IQClient>& client) {
48        ALOGD_IF(QSERVICE_DEBUG, "%s: connect HWC client", __FUNCTION__);
49        Parcel data, reply;
50        data.writeInterfaceToken(IQService::getInterfaceDescriptor());
51        data.writeStrongBinder(IInterface::asBinder(client));
52        remote()->transact(CONNECT_HWC_CLIENT, data, &reply);
53    }
54
55    virtual void connect(const sp<IQHDMIClient>& client) {
56        ALOGD_IF(QSERVICE_DEBUG, "%s: connect HDMI client", __FUNCTION__);
57        Parcel data, reply;
58        data.writeInterfaceToken(IQService::getInterfaceDescriptor());
59        data.writeStrongBinder(IInterface::asBinder(client));
60        remote()->transact(CONNECT_HDMI_CLIENT, data, &reply);
61    }
62
63
64    virtual android::status_t dispatch(uint32_t command, const Parcel* inParcel,
65            Parcel* outParcel) {
66        ALOGD_IF(QSERVICE_DEBUG, "%s: dispatch in:%p", __FUNCTION__, inParcel);
67        status_t err = (status_t) android::FAILED_TRANSACTION;
68        Parcel data;
69        Parcel *reply = outParcel;
70        data.writeInterfaceToken(IQService::getInterfaceDescriptor());
71        if (inParcel && inParcel->dataSize() > 0)
72            data.appendFrom(inParcel, 0, inParcel->dataSize());
73        err = remote()->transact(command, data, reply);
74        return err;
75    }
76};
77
78IMPLEMENT_META_INTERFACE(QService, "android.display.IQService");
79
80// ----------------------------------------------------------------------
81
82static void getProcName(int pid, char *buf, int size);
83
84status_t BnQService::onTransact(
85    uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
86{
87    ALOGD_IF(QSERVICE_DEBUG, "%s: code: %d", __FUNCTION__, code);
88    // IPC should be from certain processes only
89    IPCThreadState* ipc = IPCThreadState::self();
90    const int callerPid = ipc->getCallingPid();
91    const int callerUid = ipc->getCallingUid();
92    const int MAX_BUF_SIZE = 1024;
93    char callingProcName[MAX_BUF_SIZE] = {0};
94
95    getProcName(callerPid, callingProcName, MAX_BUF_SIZE);
96
97    const bool permission = (callerUid == AID_MEDIA ||
98            callerUid == AID_GRAPHICS ||
99            callerUid == AID_ROOT ||
100            callerUid == AID_SYSTEM);
101
102    if (code == CONNECT_HWC_CLIENT) {
103        CHECK_INTERFACE(IQService, data, reply);
104        if(callerUid != AID_GRAPHICS) {
105            ALOGE("display.qservice CONNECT_HWC_CLIENT access denied: \
106                    pid=%d uid=%d process=%s",
107                    callerPid, callerUid, callingProcName);
108            return PERMISSION_DENIED;
109        }
110        sp<IQClient> client =
111                interface_cast<IQClient>(data.readStrongBinder());
112        connect(client);
113        return NO_ERROR;
114    } else if(code == CONNECT_HDMI_CLIENT) {
115        CHECK_INTERFACE(IQService, data, reply);
116        if(callerUid != AID_SYSTEM && callerUid != AID_ROOT) {
117            ALOGE("display.qservice CONNECT_HDMI_CLIENT access denied: \
118                    pid=%d uid=%d process=%s",
119                    callerPid, callerUid, callingProcName);
120            return PERMISSION_DENIED;
121        }
122        sp<IQHDMIClient> client =
123                interface_cast<IQHDMIClient>(data.readStrongBinder());
124        connect(client);
125        return NO_ERROR;
126    } else if (code > COMMAND_LIST_START && code < COMMAND_LIST_END) {
127        if(!permission) {
128            ALOGE("display.qservice access denied: command=%d\
129                  pid=%d uid=%d process=%s", code, callerPid,
130                  callerUid, callingProcName);
131            return PERMISSION_DENIED;
132        }
133        CHECK_INTERFACE(IQService, data, reply);
134        dispatch(code, &data, reply);
135        return NO_ERROR;
136    } else {
137        return BBinder::onTransact(code, data, reply, flags);
138    }
139}
140
141//Helper
142static void getProcName(int pid, char *buf, int size) {
143    int fd = -1;
144    snprintf(buf, size, "/proc/%d/cmdline", pid);
145    fd = open(buf, O_RDONLY);
146    if (fd < 0) {
147        strlcpy(buf, "Unknown", size);
148    } else {
149        ssize_t len = read(fd, buf, size - 1);
150        if (len >= 0)
151           buf[len] = 0;
152
153        close(fd);
154    }
155}
156
157}; // namespace qService
158