diff options
author | Eric Laurent <elaurent@google.com> | 2017-06-15 18:43:46 -0700 |
---|---|---|
committer | Andreas Blaesius <skate4life@gmx.de> | 2017-09-17 22:11:05 +0200 |
commit | 62677c87d461b11af3a25f808dbed4c21d2a48b8 (patch) | |
tree | 9b8da310205e80e72a3ccf01420bd3f6bddbf319 | |
parent | 38d8804de3b81655da7c079e1bcecef3a98cc44c (diff) | |
download | frameworks_av-62677c87d461b11af3a25f808dbed4c21d2a48b8.tar.gz frameworks_av-62677c87d461b11af3a25f808dbed4c21d2a48b8.tar.bz2 frameworks_av-62677c87d461b11af3a25f808dbed4c21d2a48b8.zip |
audio effects: filter reserved effect commands
Block effect commands reserved for framework use when
received on server side IAudioEffect. Applications have no reason
to use these commands and they present a unnecessary attack surface.
Bug: 62019992
Test: run CTS tests for audio effects
Change-Id: Ie680d5d5650f99dbabf93891703e1cde2c2e852d
(cherry picked from commit c7ab309ecbb289cd1296430f724166a26bd45afe)
CVE-2017-0768
-rw-r--r-- | services/audioflinger/Effects.cpp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/services/audioflinger/Effects.cpp b/services/audioflinger/Effects.cpp index 8a8b05b3b1..58df3bd385 100644 --- a/services/audioflinger/Effects.cpp +++ b/services/audioflinger/Effects.cpp @@ -1284,6 +1284,24 @@ status_t AudioFlinger::EffectHandle::command(uint32_t cmdCode, ALOGVV("command(), cmdCode: %d, mHasControl: %d, mEffect: %p", cmdCode, mHasControl, mEffect.unsafe_get()); + // reject commands reserved for internal use by audio framework if coming from outside + // of audioserver + switch(cmdCode) { + case EFFECT_CMD_ENABLE: + case EFFECT_CMD_DISABLE: + case EFFECT_CMD_SET_PARAM: + case EFFECT_CMD_SET_PARAM_DEFERRED: + case EFFECT_CMD_SET_PARAM_COMMIT: + case EFFECT_CMD_GET_PARAM: + break; + default: + if (cmdCode >= EFFECT_CMD_FIRST_PROPRIETARY) { + break; + } + android_errorWriteLog(0x534e4554, "62019992"); + return BAD_VALUE; + } + if (cmdCode == EFFECT_CMD_ENABLE) { if (*replySize < sizeof(int)) { android_errorWriteLog(0x534e4554, "32095713"); |