Camera: Move app ops to start/stop of streaming
A camera can be open but not streaming data. While most applications
immediately start streaming data, it can be useful to simply open the
camera early to hide some of the startup latency.
Historically, the camera service has reported camera app ops as
starting when the device is open, and stopping when the device closes.
With camera app op state becoming more directly visible to end users
via camera muting and camera usage notifications, it's useful to
narrow the scope of appops reporting to when the camera is actually
streaming frames, which is the time that's privacy-sensitive.
Here, the device-level status tracker is used to report idle and
active state to the client class, which then reports to appops
accordingly. The same source is used for both idle and active to
ensure that there's no race condition possible that might cause
desynchronization of client state.
Bug: 185798362
Test: Manual testing with TestingCamera1 and 2, Camera CTS continues to pass
Change-Id: Ie2537e66603acfead20d69cf0fc5299462c0e9e4
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 6efb90b..c6172f1 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -2770,19 +2770,20 @@
const String8& cameraIdStr, int cameraFacing, int sensorOrientation,
int clientPid, uid_t clientUid,
int servicePid):
+ mDestructionStarted(false),
mCameraIdStr(cameraIdStr), mCameraFacing(cameraFacing), mOrientation(sensorOrientation),
mClientPackageName(clientPackageName), mClientFeatureId(clientFeatureId),
mClientPid(clientPid), mClientUid(clientUid),
mServicePid(servicePid),
mDisconnected(false), mUidIsTrusted(false),
mAudioRestriction(hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_NONE),
- mRemoteBinder(remoteCallback)
+ mRemoteBinder(remoteCallback),
+ mOpsActive(false),
+ mOpsStreaming(false)
{
if (sCameraService == nullptr) {
sCameraService = cameraService;
}
- mOpsActive = false;
- mDestructionStarted = false;
// In some cases the calling code has no access to the package it runs under.
// For example, NDK camera API.
@@ -2917,6 +2918,29 @@
}
}
+status_t CameraService::BasicClient::handleAppOpMode(int32_t mode) {
+ if (mode == AppOpsManager::MODE_ERRORED) {
+ ALOGI("Camera %s: Access for \"%s\" has been revoked",
+ mCameraIdStr.string(), String8(mClientPackageName).string());
+ return PERMISSION_DENIED;
+ } else if (!mUidIsTrusted && mode == AppOpsManager::MODE_IGNORED) {
+ // If the calling Uid is trusted (a native service), the AppOpsManager could
+ // return MODE_IGNORED. Do not treat such case as error.
+ bool isUidActive = sCameraService->mUidPolicy->isUidActive(mClientUid,
+ mClientPackageName);
+ bool isCameraPrivacyEnabled =
+ sCameraService->mSensorPrivacyPolicy->isCameraPrivacyEnabled(
+ multiuser_get_user_id(mClientUid));
+ if (!isUidActive || !isCameraPrivacyEnabled) {
+ ALOGI("Camera %s: Access for \"%s\" has been restricted",
+ mCameraIdStr.string(), String8(mClientPackageName).string());
+ // Return the same error as for device policy manager rejection
+ return -EACCES;
+ }
+ }
+ return OK;
+}
+
status_t CameraService::BasicClient::startCameraOps() {
ATRACE_CALL();
@@ -2927,33 +2951,16 @@
if (mAppOpsManager != nullptr) {
// Notify app ops that the camera is not available
mOpsCallback = new OpsCallback(this);
- int32_t res;
mAppOpsManager->startWatchingMode(AppOpsManager::OP_CAMERA,
mClientPackageName, mOpsCallback);
- res = mAppOpsManager->startOpNoThrow(AppOpsManager::OP_CAMERA, mClientUid,
- mClientPackageName, /*startIfModeDefault*/ false, mClientFeatureId,
- String16("start camera ") + String16(mCameraIdStr));
- if (res == AppOpsManager::MODE_ERRORED) {
- ALOGI("Camera %s: Access for \"%s\" has been revoked",
- mCameraIdStr.string(), String8(mClientPackageName).string());
- return PERMISSION_DENIED;
- }
-
- // If the calling Uid is trusted (a native service), the AppOpsManager could
- // return MODE_IGNORED. Do not treat such case as error.
- if (!mUidIsTrusted && res == AppOpsManager::MODE_IGNORED) {
- bool isUidActive = sCameraService->mUidPolicy->isUidActive(mClientUid,
- mClientPackageName);
- bool isCameraPrivacyEnabled =
- sCameraService->mSensorPrivacyPolicy->isCameraPrivacyEnabled(
- multiuser_get_user_id(mClientUid));
- if (!isUidActive || !isCameraPrivacyEnabled) {
- ALOGI("Camera %s: Access for \"%s\" has been restricted",
- mCameraIdStr.string(), String8(mClientPackageName).string());
- // Return the same error as for device policy manager rejection
- return -EACCES;
- }
+ // Just check for camera acccess here on open - delay startOp until
+ // camera frames start streaming in startCameraStreamingOps
+ int32_t mode = mAppOpsManager->checkOp(AppOpsManager::OP_CAMERA, mClientUid,
+ mClientPackageName);
+ status_t res = handleAppOpMode(mode);
+ if (res != OK) {
+ return res;
}
}
@@ -2970,17 +2977,69 @@
return OK;
}
+status_t CameraService::BasicClient::startCameraStreamingOps() {
+ ATRACE_CALL();
+
+ if (!mOpsActive) {
+ ALOGE("%s: Calling streaming start when not yet active", __FUNCTION__);
+ return INVALID_OPERATION;
+ }
+ if (mOpsStreaming) {
+ ALOGV("%s: Streaming already active!", __FUNCTION__);
+ return OK;
+ }
+
+ ALOGV("%s: Start camera streaming ops, package name = %s, client UID = %d",
+ __FUNCTION__, String8(mClientPackageName).string(), mClientUid);
+
+ if (mAppOpsManager != nullptr) {
+ int32_t mode = mAppOpsManager->startOpNoThrow(AppOpsManager::OP_CAMERA, mClientUid,
+ mClientPackageName, /*startIfModeDefault*/ false, mClientFeatureId,
+ String16("start camera ") + String16(mCameraIdStr));
+ status_t res = handleAppOpMode(mode);
+ if (res != OK) {
+ return res;
+ }
+ }
+
+ mOpsStreaming = true;
+
+ return OK;
+}
+
+status_t CameraService::BasicClient::finishCameraStreamingOps() {
+ ATRACE_CALL();
+
+ if (!mOpsActive) {
+ ALOGE("%s: Calling streaming start when not yet active", __FUNCTION__);
+ return INVALID_OPERATION;
+ }
+ if (!mOpsStreaming) {
+ ALOGV("%s: Streaming not active!", __FUNCTION__);
+ return OK;
+ }
+
+ if (mAppOpsManager != nullptr) {
+ mAppOpsManager->finishOp(AppOpsManager::OP_CAMERA, mClientUid,
+ mClientPackageName, mClientFeatureId);
+ mOpsStreaming = false;
+ }
+
+ return OK;
+}
+
status_t CameraService::BasicClient::finishCameraOps() {
ATRACE_CALL();
+ if (mOpsStreaming) {
+ // Make sure we've notified everyone about camera stopping
+ finishCameraStreamingOps();
+ }
+
// Check if startCameraOps succeeded, and if so, finish the camera op
if (mOpsActive) {
- // Notify app ops that the camera is available again
- if (mAppOpsManager != nullptr) {
- mAppOpsManager->finishOp(AppOpsManager::OP_CAMERA, mClientUid,
- mClientPackageName, mClientFeatureId);
- mOpsActive = false;
- }
+ mOpsActive = false;
+
// This function is called when a client disconnects. This should
// release the camera, but actually only if it was in a proper
// functional state, i.e. with status NOT_AVAILABLE