Skip to content

Commit 0cc4d67

Browse files
hao-yaohao-yao
committed
CameraShm: Fix semaphore permission issue
When user created semaphore with mode 777, the actual mode of it may not be expected because of umask. In this case, another non-root user calling sem_open will get error EACCES then mSemLock is 0, which can cause later segment fault. To avoid this, we directly change the semaphore file mode to 0666 by chmod and add null check in lock(). Signed-off-by: Hao Yao <hao.yao@intel.com>
1 parent 8af98c0 commit 0cc4d67

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

src/iutils/CameraShm.cpp

+11-3
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ static const int CAMERA_IPCKEY = 0x43414D;
3131
static const int CAMERA_SHM_LOCK_TIME = 2;
3232

3333
#define SEM_NAME "/camlock"
34+
#define SEM_FD_NAME "/dev/shm/sem.camlock"
3435

3536
CameraSharedMemory::CameraSharedMemory()
3637
: mSemLock(nullptr),
@@ -211,7 +212,7 @@ bool CameraSharedMemory::processExist(pid_t pid, const char* storedName) {
211212
}
212213

213214
void CameraSharedMemory::openSemLock() {
214-
mSemLock = sem_open(SEM_NAME, O_CREAT | O_EXCL, 0777, 1);
215+
mSemLock = sem_open(SEM_NAME, O_CREAT | O_EXCL, 0644, 1);
215216
if (mSemLock == SEM_FAILED) {
216217
mSemLock = sem_open(SEM_NAME, O_RDWR);
217218
if (mSemLock == SEM_FAILED) {
@@ -221,6 +222,7 @@ void CameraSharedMemory::openSemLock() {
221222
LOG1("Open the sem lock");
222223
}
223224
} else {
225+
chmod(SEM_FD_NAME, 0666);
224226
LOG1("Create the sem lock");
225227
return;
226228
}
@@ -244,7 +246,12 @@ void CameraSharedMemory::openSemLock() {
244246
LOG1("Lock timed out, process holding it may have crashed. Re-create the semaphore.");
245247
sem_close(mSemLock);
246248
sem_unlink(SEM_NAME);
247-
mSemLock = sem_open(SEM_NAME, O_CREAT | O_EXCL, 0777, 1);
249+
mSemLock = sem_open(SEM_NAME, O_CREAT | O_EXCL, 0644, 1);
250+
if (mSemLock == SEM_FAILED) {
251+
LOGE("failed to re-create sem lock, errno: %s\n", strerror(errno));
252+
} else {
253+
chmod(SEM_FD_NAME, 0666);
254+
}
248255
}
249256
}
250257

@@ -255,9 +262,10 @@ void CameraSharedMemory::closeSemLock() {
255262
int CameraSharedMemory::lock() {
256263
int ret = OK;
257264
struct timespec ts;
258-
CLEAR(ts);
265+
CheckAndLogError(mSemLock == SEM_FAILED, BAD_VALUE, "invalid sem lock");
259266

260267
// Wait the semaphore lock for 2 seconds
268+
CLEAR(ts);
261269
clock_gettime(CLOCK_REALTIME, &ts);
262270
ts.tv_sec += CAMERA_SHM_LOCK_TIME;
263271
while (((ret = sem_timedwait(mSemLock, &ts)) == -1) && errno == EINTR) {

0 commit comments

Comments
 (0)