Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / 236944363488554ff497999a844035c1300f94f2^! / . / services / camera / libcameraservice / CameraService.h
commit236944363488554ff497999a844035c1300f94f2[log] [tgz]
authorAustin Borger <borgera@google.com>Mon Oct 07 19:28:01 2024 -0700
committerAustin Borger <borgera@google.com>Tue Oct 15 16:57:43 2024 -0700
treef3bbc413fd870c6c39efe7bce005ca3cf28c7996
parentaa7d9130c7dc22f3975d4846101fddcd6d1fb140 [diff] [blame]
Pass full context AttributionSource to permission checker during connect

Prior to this change, the root AttributionSource uid/pid/packageName were
passed through to validateClientPermissionsLocked and checkPermissionForPreflight
This means that subsequent AttributionSources in the chain were not checked.

This change plumbs the full AttributionSource to permission checker for the
purposes of opening a camera connection. If any app in the chain does not have
permissions, then the connect attempt will be blocked.

Bug: 190657833
Bug: 369841571
Test: CtsSecurityTestCases:CameraPermissionTest, VDM tests
Flag: com.android.internal.camera.flags.check_full_attribution_source_chain
Change-Id: I43d0e59e984131639833dc7c2f2013aabedf510e

diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h
index 5eb2536..07c9d00 100644
--- a/services/camera/libcameraservice/CameraService.h
+++ b/services/camera/libcameraservice/CameraService.h

@@ -927,12 +927,10 @@
     void removeStates(const std::string& id);
 
     // Check if we can connect, before we acquire the service lock.
-    // If clientPid/clientUid are USE_CALLING_PID/USE_CALLING_UID, they will be overwritten with
-    // the calling pid/uid.
-    binder::Status validateConnectLocked(const std::string& cameraId, const std::string& clientName,
-            int clientUid, int clientPid) const;
-    binder::Status validateClientPermissionsLocked(const std::string& cameraId,
-            const std::string& clientName, int clientUid, int clientPid) const;
+    binder::Status validateConnectLocked(const std::string& cameraId,
+                                         const AttributionSourceState& clientAttribution) const;
+    binder::Status validateClientPermissionsLocked(
+            const std::string& cameraId, const AttributionSourceState& clientAttribution) const;
 
     void logConnectionAttempt(int clientPid, const std::string& clientPackageName,
         const std::string& cameraId, apiLevel effectiveApiLevel) const;
@@ -974,14 +972,14 @@
     void filterAPI1SystemCameraLocked(const std::vector<std::string> &normalDeviceIds);
 
     // Single implementation shared between the various connect calls
-    template<class CALLBACK, class CLIENT>
+    template <class CALLBACK, class CLIENT>
     binder::Status connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId,
-            int api1CameraId, const std::string& clientPackageName, bool systemNativeClient,
-            const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid,
-            apiLevel effectiveApiLevel, bool shimUpdateOnly, int scoreOffset, int targetSdkVersion,
-            int rotationOverride, bool forceSlowJpegMode,
-            const std::string& originalCameraId, bool isNonSystemNdk,
-            /*out*/sp<CLIENT>& device);
+                                 int api1CameraId, const AttributionSourceState& clientAttribution,
+                                 bool systemNativeClient, apiLevel effectiveApiLevel,
+                                 bool shimUpdateOnly, int scoreOffset, int targetSdkVersion,
+                                 int rotationOverride, bool forceSlowJpegMode,
+                                 const std::string& originalCameraId, bool isNonSystemNdk,
+                                 /*out*/ sp<CLIENT>& device);
 
     // Lock guarding camera service state
     Mutex               mServiceLock;