Replace use_context_attribution_source / check_full_attribution_source_chain flags with read-only flag
The VDM team needs the data delivery permission checks to be enabled in
trunkfood to move forward. Due to b/373966108, enabling the flags through
teamfood is a risk. Replace these runtime flags with a single compile-time
flag, which does not carry that risk.
Bug: 190657833
Test: Ran CameraPermissionTest
Flag: com.android.internal.camera.flags.data_delivery_permission_checks
Change-Id: Ic870ba644f0aee0de4e562f7ef750fcd021be24c
diff --git a/camera/camera_platform.aconfig b/camera/camera_platform.aconfig
index 4e36e01..227420c 100644
--- a/camera/camera_platform.aconfig
+++ b/camera/camera_platform.aconfig
@@ -175,16 +175,10 @@
flag {
namespace: "camera_platform"
- name: "use_context_attribution_source"
- description: "Use the context-provided AttributionSource when checking for client permissions"
+ name: "data_delivery_permission_checks"
+ description: "Pass the full AttributionSource chain to PermissionChecker for data delivery"
bug: "190657833"
-}
-
-flag {
- namespace: "camera_platform"
- name: "check_full_attribution_source_chain"
- description: "Pass the full AttributionSource chain to PermissionChecker"
- bug: "190657833"
+ is_fixed_read_only: true
}
flag {
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index bdd7cbc..8d44e06 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -2275,7 +2275,7 @@
bool isNonSystemNdk = clientPackageNameMaybe.size() == 0;
- if (!flags::use_context_attribution_source()) {
+ if (!flags::data_delivery_permission_checks()) {
resolvedClientAttribution.pid = USE_CALLING_PID;
}
@@ -4281,7 +4281,7 @@
ATRACE_CALL();
// Don't start watching until we're streaming when using permissionChecker for data delivery
- if (!flags::check_full_attribution_source_chain()) {
+ if (!flags::data_delivery_permission_checks()) {
ALOGD("%s: Start camera ops, package name = %s, client UID = %d", __FUNCTION__,
getPackageName().c_str(), getClientUid());
@@ -4303,7 +4303,7 @@
}
}
} else {
- // TODO: Remove when removing the check_full_attribution_source_chain flag
+ // TODO: Remove when removing the data_delivery_permission_checks flag
ALOGD("%s: Bypassing checkOp for uid %d", __FUNCTION__, getClientUid());
}
@@ -4337,7 +4337,7 @@
getPackageName().c_str(), getClientUid());
if (mAppOpsManager != nullptr) {
- if (flags::check_full_attribution_source_chain()) {
+ if (flags::data_delivery_permission_checks()) {
ALOGD("%s: Start data delivery for uid %d", __FUNCTION__, getClientUid());
const PermissionChecker::PermissionResult result =
@@ -4381,7 +4381,7 @@
// noteAppOp is only used for when camera mute is not supported, in order
// to trigger the sensor privacy "Unblock" dialog
- if (flags::check_full_attribution_source_chain()) {
+ if (flags::data_delivery_permission_checks()) {
// Ignore the result, since we're only triggering the dialog
ALOGD("%s: Check data delivery permissions for uid %d", __FUNCTION__, getClientUid());
hasPermissionsForCameraForDataDelivery(std::string(), mClientAttribution);
@@ -4413,7 +4413,7 @@
}
if (mAppOpsManager != nullptr) {
- if (flags::check_full_attribution_source_chain()) {
+ if (flags::data_delivery_permission_checks()) {
ALOGD("%s: finishDataDelivery for uid %d", __FUNCTION__, getClientUid());
finishDataDelivery(mClientAttribution);
@@ -4458,7 +4458,7 @@
}
// When using the data delivery permission checks, the open state does not involve AppOps
- if (!flags::check_full_attribution_source_chain()) {
+ if (!flags::data_delivery_permission_checks()) {
// Always stop watching, even if no camera op is active
if (mOpsCallback != nullptr && mAppOpsManager != nullptr) {
mAppOpsManager->stopWatchingMode(mOpsCallback);
@@ -4486,7 +4486,7 @@
}
PermissionChecker::PermissionResult res;
- if (flags::check_full_attribution_source_chain()) {
+ if (flags::data_delivery_permission_checks()) {
int32_t appOpMode = AppOpsManager::MODE_ALLOWED;
std::for_each(AttrSourceItr{mClientAttribution}, AttrSourceItr::end(),
[&](const auto& attr) {
@@ -4522,7 +4522,7 @@
// Uid may be active, but not visible to the user (e.g. PROCESS_STATE_FOREGROUND_SERVICE).
// If not visible, but still active, then we want to block instead of muting the camera.
int32_t procState = ActivityManager::PROCESS_STATE_NONEXISTENT;
- if (flags::check_full_attribution_source_chain()) {
+ if (flags::data_delivery_permission_checks()) {
// Use the proc state of the last uid in the chain (ultimately receiving the data)
// when determining whether to mute or block
int32_t uid = -1;
diff --git a/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.cpp b/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.cpp
index 4b63704..80af140 100644
--- a/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.cpp
+++ b/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.cpp
@@ -138,7 +138,7 @@
int32_t attributedOpCode, bool forDataDelivery, bool startDataDelivery,
bool checkAutomotive) {
AttributionSourceState clientAttribution = attributionSource;
- if (!flags::check_full_attribution_source_chain() && !clientAttribution.next.empty()) {
+ if (!flags::data_delivery_permission_checks() && !clientAttribution.next.empty()) {
clientAttribution.next.clear();
}
@@ -408,7 +408,7 @@
clientUid = callingUid;
} else {
validUid = isTrustedCallingUid(callingUid);
- if (flags::use_context_attribution_source()) {
+ if (flags::data_delivery_permission_checks()) {
validUid = validUid || (clientUid == callingUid);
}
}
@@ -426,7 +426,7 @@
clientPid = callingPid;
} else {
validPid = isTrustedCallingUid(callingUid);
- if (flags::use_context_attribution_source()) {
+ if (flags::data_delivery_permission_checks()) {
validPid = validPid || (clientPid == callingPid);
}
}
diff --git a/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h b/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h
index 8b2804d..1c5d6da 100644
--- a/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h
+++ b/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h
@@ -92,8 +92,8 @@
virtual void restoreCallingIdentity(int64_t token);
/**
- * If flag::use_context_attribution_source() is enabled, check the calling attribution source
- * and resolve its package name, or fill in the pid/uid/package name if necessary.
+ * If flags::data_delivery_permission_checks() is enabled, check the calling attribution
+ * source and resolve its package name, or fill in the pid/uid/package name if necessary.
*
* @param resolvedAttributionSource The resolved attribution source.
* @param methodName The name of the method calling this function (for logging only).