UID and PID identification in Android IPC Communication

 

The ipcthreadstate object maintains two variables.

Pid_t mcallingpid;

Uid_t mcallinguid;

From the variable name, the two variables Save the PID and uid of the process, and since these two variables are maintained by the ipcthreadstate object, they are related to IPC. They are stored as the PID and uid of the IPC sender, as well as the IPD and uid of the current process, depending on the situation.

During the IPC call process, the caller needs to know the UID and PID of the caller so that the caller can detect permissions. Therefore, a method is required to provide the caller's UID and PID, therefore, the above two variables are mainly used for permission detection.

So let's imagine which UID and PID should the mcallingpid and mcallinguid save in the following scenario? If there are two processes, process a and process B, we can analyze them from the perspective of process B. process a IPC calls process B, while process B calls the service interface that is also in process B (although it is not a remote call at this time and the developer knows it, but for the binder call mechanism, it does not know whether the current call is a remote call. previous articlesArticleHow does the analysis system determine whether a remote call is performed?
In driver), should mcallingpid and mcallinguid be saved to UID and PID of process B?

1. when process B is called by process a IPC, process B needs to know the UID and PID of process a to check the access permission of process, mcallinguid and mcallingpid Save the UID and PID of process.

2. in the process of Remote Call of process B by IPC, process B calls the service interface in the same process. process B is both the caller and the called party. Although this process is boring, however, in view of the opacity of the IPC process, process B still needs to perform permission detection.

 

As analyzed in the previous article, the binder driver will determine whether the current binder call is a remote call. If it is a same process call, BD will no longer provide the PID and uid of the process to the application. Therefore, the current PID and uid must be displayed in process B.

To implement the above case, Android provides a set of functions

Public static final native long clearcallingidentity ();

Public static final native void restorecallingidentity (long token );

Before the process B method calls the service interface in the same process, the clearcallingidentity () method clears the UID and PID of process a and resets it to the UID and PID of process B.

After the process B method calls the service interface in the same process, it is still in the process of process a remote call of process B. In this case, the UID and PID of restore process a are required.

The case described in this article is not common in application development, but is common in system_server. For example, the client calls the activitymanagerservice method, and the activitymanagerservice calls the packagemanagerservice method, activitymanagerservice and packagemanagerservice both run in the system_server process.