Pass full context AttributionSource to permission checker during connect Prior to this change, the root AttributionSource uid/pid/packageName were passed through to validateClientPermissionsLocked and checkPermissionForPreflight This means that subsequent AttributionSources in the chain were not checked. This change plumbs the full AttributionSource to permission checker for the purposes of opening a camera connection. If any app in the chain does not have permissions, then the connect attempt will be blocked. Bug: 190657833 Bug: 369841571 Test: CtsSecurityTestCases:CameraPermissionTest, VDM tests Flag: com.android.internal.camera.flags.check_full_attribution_source_chain Change-Id: I43d0e59e984131639833dc7c2f2013aabedf510e

commit: 236944363488554ff497999a844035c1300f94f2 [log] [tgz]
author: Austin Borger <borgera@google.com> Mon Oct 07 19:28:01 2024 -0700
committer: Austin Borger <borgera@google.com> Tue Oct 15 16:57:43 2024 -0700
tree: f3bbc413fd870c6c39efe7bce005ca3cf28c7996
parent: aa7d9130c7dc22f3975d4846101fddcd6d1fb140 [diff] [blame]
diff --git a/camera/camera_platform.aconfig b/camera/camera_platform.aconfig
index db33dd7..8e53ca0 100644
--- a/camera/camera_platform.aconfig
+++ b/camera/camera_platform.aconfig

@@ -171,3 +171,10 @@
     description: "Use the context-provided AttributionSource when checking for client permissions"
     bug: "190657833"
 }
+
+flag {
+    namespace: "camera_platform"
+    name: "check_full_attribution_source_chain"
+    description: "Pass the full AttributionSource chain to PermissionChecker"
+    bug: "190657833"
+}
commit	236944363488554ff497999a844035c1300f94f2	[log] [tgz]
author	Austin Borger <borgera@google.com>	Mon Oct 07 19:28:01 2024 -0700
committer	Austin Borger <borgera@google.com>	Tue Oct 15 16:57:43 2024 -0700
tree	f3bbc413fd870c6c39efe7bce005ca3cf28c7996
parent	aa7d9130c7dc22f3975d4846101fddcd6d1fb140 [diff] [blame]