Revert "Introduce AttributionAndPermissionUtils."
This reverts commit 17e3ebe817c681973a3058c5bd38974d850a16ca.
Reason for revert: Local testing + debugging
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f075f08d80497aafc2b3ee1c4358f5e8559b5c99)
Merged-In: I2e8a8cd456d1fb7f8d12072f6f0aaa12e6dc6e6c
Change-Id: I2e8a8cd456d1fb7f8d12072f6f0aaa12e6dc6e6c
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index ebe771e..2d55f39 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -38,6 +38,7 @@
#include <aidl/AidlCameraService.h>
#include <android-base/macros.h>
#include <android-base/parseint.h>
+#include <android/permission/PermissionChecker.h>
#include <binder/ActivityManager.h>
#include <binder/AppOpsManager.h>
#include <binder/IPCThreadState.h>
@@ -128,16 +129,20 @@
// ----------------------------------------------------------------------------
-// Permission strings (references to AttributionAndPermissionUtils for brevity)
-static const std::string &sDumpPermission =
- AttributionAndPermissionUtils::sDumpPermission;
-static const std::string &sManageCameraPermission =
- AttributionAndPermissionUtils::sManageCameraPermission;
-static const std::string &sCameraSendSystemEventsPermission =
- AttributionAndPermissionUtils::sCameraSendSystemEventsPermission;
-static const std::string &sCameraInjectExternalCameraPermission =
- AttributionAndPermissionUtils::sCameraInjectExternalCameraPermission;
-
+static const std::string sDumpPermission("android.permission.DUMP");
+static const std::string sManageCameraPermission("android.permission.MANAGE_CAMERA");
+static const std::string sCameraPermission("android.permission.CAMERA");
+static const std::string sSystemCameraPermission("android.permission.SYSTEM_CAMERA");
+static const std::string sCameraHeadlessSystemUserPermission(
+ "android.permission.CAMERA_HEADLESS_SYSTEM_USER");
+static const std::string sCameraPrivacyAllowlistPermission(
+ "android.permission.CAMERA_PRIVACY_ALLOWLIST");
+static const std::string
+ sCameraSendSystemEventsPermission("android.permission.CAMERA_SEND_SYSTEM_EVENTS");
+static const std::string sCameraOpenCloseListenerPermission(
+ "android.permission.CAMERA_OPEN_CLOSE_LISTENER");
+static const std::string
+ sCameraInjectExternalCameraPermission("android.permission.CAMERA_INJECT_EXTERNAL_CAMERA");
// Constant integer for FGS Logging, used to denote the API type for logger
static const int LOG_FGS_CAMERA_API = 1;
const char *sFileName = "lastOpenSessionDumpFile";
@@ -153,13 +158,9 @@
static std::set<std::string> sServiceErrorEventSet;
CameraService::CameraService(
- std::shared_ptr<CameraServiceProxyWrapper> cameraServiceProxyWrapper,
- std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils) :
+ std::shared_ptr<CameraServiceProxyWrapper> cameraServiceProxyWrapper) :
mCameraServiceProxyWrapper(cameraServiceProxyWrapper == nullptr ?
std::make_shared<CameraServiceProxyWrapper>() : cameraServiceProxyWrapper),
- mAttributionAndPermissionUtils(attributionAndPermissionUtils == nullptr ?
- std::make_shared<AttributionAndPermissionUtils>(this)\
- : attributionAndPermissionUtils),
mEventLog(DEFAULT_EVENT_LOG_LENGTH),
mNumberOfCameras(0),
mNumberOfCamerasWithoutSystemCamera(0),
@@ -214,7 +215,7 @@
mUidPolicy = new UidPolicy(this);
mUidPolicy->registerSelf();
- mSensorPrivacyPolicy = new SensorPrivacyPolicy(this, mAttributionAndPermissionUtils);
+ mSensorPrivacyPolicy = new SensorPrivacyPolicy(this);
mSensorPrivacyPolicy->registerSelf();
mInjectionStatusListener = new InjectionStatusListener(this);
@@ -707,15 +708,34 @@
broadcastTorchModeStatus(cameraId, newStatus, systemCameraKind);
}
-bool CameraService::isAutomotiveDevice() const {
- return mAttributionAndPermissionUtils->isAutomotiveDevice();
+static bool isAutomotiveDevice() {
+ // Checks the property ro.hardware.type and returns true if it is
+ // automotive.
+ char value[PROPERTY_VALUE_MAX] = {0};
+ property_get("ro.hardware.type", value, "");
+ return strncmp(value, "automotive", PROPERTY_VALUE_MAX) == 0;
}
-bool CameraService::isAutomotivePrivilegedClient(int32_t uid) const {
- return mAttributionAndPermissionUtils->isAutomotivePrivilegedClient(uid);
+static bool isHeadlessSystemUserMode() {
+ // Checks if the device is running in headless system user mode
+ // by checking the property ro.fw.mu.headless_system_user.
+ char value[PROPERTY_VALUE_MAX] = {0};
+ property_get("ro.fw.mu.headless_system_user", value, "");
+ return strncmp(value, "true", PROPERTY_VALUE_MAX) == 0;
}
-bool CameraService::isAutomotiveExteriorSystemCamera(const std::string& cam_id) const {
+static bool isAutomotivePrivilegedClient(int32_t uid) {
+ // Returns false if this is not an automotive device type.
+ if (!isAutomotiveDevice())
+ return false;
+
+ // Returns true if the uid is AID_AUTOMOTIVE_EVS which is a
+ // privileged client uid used for safety critical use cases such as
+ // rear view and surround view.
+ return uid == AID_AUTOMOTIVE_EVS;
+}
+
+bool CameraService::isAutomotiveExteriorSystemCamera(const std::string& cam_id) const{
// Returns false if this is not an automotive device type.
if (!isAutomotiveDevice())
return false;
@@ -760,47 +780,54 @@
return true;
}
-static AttributionSourceState attributionSourceFromPidAndUid(int callingPid, int callingUid) {
- AttributionSourceState attributionSource{};
- attributionSource.pid = callingPid;
- attributionSource.uid = callingUid;
- return attributionSource;
-}
+bool CameraService::checkPermission(const std::string& cameraId, const std::string& permission,
+ const AttributionSourceState& attributionSource, const std::string& message,
+ int32_t attributedOpCode) const{
+ if (isAutomotivePrivilegedClient(attributionSource.uid)) {
+ // If cameraId is empty, then it means that this check is not used for the
+ // purpose of accessing a specific camera, hence grant permission just
+ // based on uid to the automotive privileged client.
+ if (cameraId.empty())
+ return true;
+ // If this call is used for accessing a specific camera then cam_id must be provided.
+ // In that case, only pre-grants the permission for accessing the exterior system only
+ // camera.
+ return isAutomotiveExteriorSystemCamera(cameraId);
+ }
-bool CameraService::hasPermissionsForCamera(int callingPid, int callingUid) const {
- return hasPermissionsForCamera(std::string(), callingPid, callingUid);
-}
-
-bool CameraService::hasPermissionsForCamera(const std::string& cameraId, int callingPid,
- int callingUid) const {
- auto attributionSource = attributionSourceFromPidAndUid(callingPid, callingUid);
- return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
+ permission::PermissionChecker permissionChecker;
+ return permissionChecker.checkPermissionForPreflight(toString16(permission), attributionSource,
+ toString16(message), attributedOpCode)
+ != permission::PermissionChecker::PERMISSION_HARD_DENIED;
}
bool CameraService::hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid,
- int callingUid, bool checkCameraPermissions) const {
- auto attributionSource = attributionSourceFromPidAndUid(callingPid, callingUid);
- return mAttributionAndPermissionUtils->hasPermissionsForSystemCamera(
- cameraId, attributionSource, checkCameraPermissions);
+ int callingUid) const{
+ AttributionSourceState attributionSource{};
+ attributionSource.pid = callingPid;
+ attributionSource.uid = callingUid;
+ bool checkPermissionForSystemCamera = checkPermission(cameraId,
+ sSystemCameraPermission, attributionSource, std::string(), AppOpsManager::OP_NONE);
+ bool checkPermissionForCamera = checkPermission(cameraId,
+ sCameraPermission, attributionSource, std::string(), AppOpsManager::OP_NONE);
+ return checkPermissionForSystemCamera && checkPermissionForCamera;
}
bool CameraService::hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId,
- int callingPid, int callingUid) const {
- auto attributionSource = attributionSourceFromPidAndUid(callingPid, callingUid);
- return mAttributionAndPermissionUtils->hasPermissionsForCameraHeadlessSystemUser(
- cameraId, attributionSource);
+ int callingPid, int callingUid) const{
+ AttributionSourceState attributionSource{};
+ attributionSource.pid = callingPid;
+ attributionSource.uid = callingUid;
+ return checkPermission(cameraId, sCameraHeadlessSystemUserPermission, attributionSource,
+ std::string(), AppOpsManager::OP_NONE);
}
-bool CameraService::hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const {
- auto attributionSource = attributionSourceFromPidAndUid(callingPid, callingUid);
- return mAttributionAndPermissionUtils->hasPermissionsForCameraPrivacyAllowlist(
- attributionSource);
-}
-
-bool CameraService::hasPermissionsForOpenCloseListener(int callingPid, int callingUid) const {
- auto attributionSource = attributionSourceFromPidAndUid(callingPid, callingUid);
- return mAttributionAndPermissionUtils->hasPermissionsForOpenCloseListener(
- attributionSource);
+bool CameraService::hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const{
+ AttributionSourceState attributionSource{};
+ attributionSource.pid = callingPid;
+ attributionSource.uid = callingUid;
+ return checkPermission(std::string(), sCameraPrivacyAllowlistPermission, attributionSource,
+ std::string(), AppOpsManager::OP_NONE);
}
Status CameraService::getNumberOfCameras(int32_t type, int32_t* numCameras) {
@@ -1245,9 +1272,13 @@
const std::vector<std::string> *deviceIds = &mNormalDeviceIdsWithoutSystemCamera;
auto callingPid = CameraThreadState::getCallingPid();
auto callingUid = CameraThreadState::getCallingUid();
- bool systemCameraPermissions = hasPermissionsForSystemCamera(std::to_string(cameraIdInt),
- callingPid, callingUid, /* checkCameraPermissions= */ false);
- if (systemCameraPermissions || getpid() == callingPid) {
+ AttributionSourceState attributionSource{};
+ attributionSource.pid = callingPid;
+ attributionSource.uid = callingUid;
+ bool checkPermissionForSystemCamera = checkPermission(std::to_string(cameraIdInt),
+ sSystemCameraPermission, attributionSource, std::string(),
+ AppOpsManager::OP_NONE);
+ if (checkPermissionForSystemCamera || getpid() == callingPid) {
deviceIds = &mNormalDeviceIds;
}
if (cameraIdInt < 0 || cameraIdInt >= static_cast<int>(deviceIds->size())) {
@@ -1320,7 +1351,11 @@
// If it's not calling from cameraserver, check the permission only if
// android.permission.CAMERA is required. If android.permission.SYSTEM_CAMERA was needed,
// it would've already been checked in shouldRejectSystemCameraConnection.
- bool checkPermissionForCamera = hasPermissionsForCamera(cameraId, callingPid, callingUid);
+ AttributionSourceState attributionSource{};
+ attributionSource.pid = callingPid;
+ attributionSource.uid = callingUid;
+ bool checkPermissionForCamera = checkPermission(cameraId, sCameraPermission,
+ attributionSource, std::string(), AppOpsManager::OP_NONE);
if ((callingPid != getpid()) &&
(deviceKind != SystemCameraKind::SYSTEM_ONLY_CAMERA) &&
!checkPermissionForCamera) {
@@ -1506,7 +1541,7 @@
if (effectiveApiLevel == API_1) { // Camera1 API route
sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
*client = new Camera2Client(cameraService, tmp, cameraService->mCameraServiceProxyWrapper,
- cameraService->mAttributionAndPermissionUtils, packageName, featureId, cameraId,
+ packageName, featureId, cameraId,
api1CameraId, facing, sensorOrientation,
clientPid, clientUid, servicePid, overrideForPerfClass, overrideToPortrait,
forceSlowJpegMode);
@@ -1516,8 +1551,7 @@
sp<hardware::camera2::ICameraDeviceCallbacks> tmp =
static_cast<hardware::camera2::ICameraDeviceCallbacks*>(cameraCb.get());
*client = new CameraDeviceClient(cameraService, tmp,
- cameraService->mCameraServiceProxyWrapper,
- cameraService->mAttributionAndPermissionUtils, packageName, systemNativeClient,
+ cameraService->mCameraServiceProxyWrapper, packageName, systemNativeClient,
featureId, cameraId, facing, sensorOrientation, clientPid, clientUid, servicePid,
overrideForPerfClass, overrideToPortrait, originalCameraId);
ALOGI("%s: Camera2 API, override to portrait %d", __FUNCTION__, overrideToPortrait);
@@ -1682,13 +1716,35 @@
}
// Can camera service trust the caller based on the calling UID?
-bool CameraService::isTrustedCallingUid(uid_t uid) const {
- return mAttributionAndPermissionUtils->isTrustedCallingUid(uid);
+static bool isTrustedCallingUid(uid_t uid) {
+ switch (uid) {
+ case AID_MEDIA: // mediaserver
+ case AID_CAMERASERVER: // cameraserver
+ case AID_RADIO: // telephony
+ return true;
+ default:
+ return false;
+ }
}
-status_t CameraService::getUidForPackage(const std::string &packageName, int userId,
- /*inout*/uid_t& uid, int err) const {
- return mAttributionAndPermissionUtils->getUidForPackage(packageName, userId, uid, err);
+static status_t getUidForPackage(const std::string &packageName, int userId, /*inout*/uid_t& uid,
+ int err) {
+ PermissionController pc;
+ uid = pc.getPackageUid(toString16(packageName), 0);
+ if (uid <= 0) {
+ ALOGE("Unknown package: '%s'", packageName.c_str());
+ dprintf(err, "Unknown package: '%s'\n", packageName.c_str());
+ return BAD_VALUE;
+ }
+
+ if (userId < 0) {
+ ALOGE("Invalid user: %d", userId);
+ dprintf(err, "Invalid user: %d\n", userId);
+ return BAD_VALUE;
+ }
+
+ uid = multiuser_get_uid(userId, uid);
+ return NO_ERROR;
}
Status CameraService::validateConnectLocked(const std::string& cameraId,
@@ -1742,6 +1798,8 @@
Status CameraService::validateClientPermissionsLocked(const std::string& cameraId,
const std::string& clientName, int& clientUid, int& clientPid,
/*out*/int& originalClientPid) const {
+ AttributionSourceState attributionSource{};
+
int callingPid = CameraThreadState::getCallingPid();
int callingUid = CameraThreadState::getCallingUid();
@@ -1788,7 +1846,11 @@
// If it's not calling from cameraserver, check the permission if the
// device isn't a system only camera (shouldRejectSystemCameraConnection already checks for
// android.permission.SYSTEM_CAMERA for system only camera devices).
- bool checkPermissionForCamera = hasPermissionsForCamera(cameraId, clientPid, clientUid);
+ attributionSource.pid = clientPid;
+ attributionSource.uid = clientUid;
+ attributionSource.packageName = clientName;
+ bool checkPermissionForCamera = checkPermission(cameraId, sCameraPermission, attributionSource,
+ std::string(), AppOpsManager::OP_NONE);
if (callingPid != getpid() &&
(deviceKind != SystemCameraKind::SYSTEM_ONLY_CAMERA) && !checkPermissionForCamera) {
ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
@@ -1844,9 +1906,8 @@
// If the System User tries to access the camera when the device is running in
// headless system user mode, ensure that client has the required permission
// CAMERA_HEADLESS_SYSTEM_USER.
- if (mAttributionAndPermissionUtils->isHeadlessSystemUserMode()
- && (clientUserId == USER_SYSTEM)
- && !hasPermissionsForCameraHeadlessSystemUser(cameraId, callingPid, callingUid)) {
+ if (isHeadlessSystemUserMode() && (clientUserId == USER_SYSTEM) &&
+ !hasPermissionsForCameraHeadlessSystemUser(cameraId, callingPid, callingUid)) {
ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
"Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" as Headless System \
@@ -2212,7 +2273,7 @@
}
// (1) Cameraserver trying to connect, accept.
- if (mAttributionAndPermissionUtils->isCallerCameraServerNotDelegating()) {
+ if (CameraThreadState::getCallingPid() == getpid()) {
return false;
}
// (2)
@@ -3262,6 +3323,22 @@
return Status::ok();
}
+bool CameraService::hasCameraPermissions() const {
+ int callingPid = CameraThreadState::getCallingPid();
+ int callingUid = CameraThreadState::getCallingUid();
+ AttributionSourceState attributionSource{};
+ attributionSource.pid = callingPid;
+ attributionSource.uid = callingUid;
+ bool res = checkPermission(std::string(), sCameraPermission,
+ attributionSource, std::string(), AppOpsManager::OP_NONE);
+
+ bool hasPermission = ((callingPid == getpid()) || res);
+ if (!hasPermission) {
+ ALOGE("%s: pid %d doesn't have camera permissions", __FUNCTION__, callingPid);
+ }
+ return hasPermission;
+}
+
Status CameraService::isConcurrentSessionConfigurationSupported(
const std::vector<CameraIdAndSessionConfiguration>& cameraIdsAndSessionConfigurations,
int targetSdkVersion, /*out*/bool* isSupported) {
@@ -3277,11 +3354,7 @@
}
// Check for camera permissions
- int callingPid = CameraThreadState::getCallingPid();
- int callingUid = CameraThreadState::getCallingUid();
- bool hasCameraPermission = ((callingPid == getpid()) ||
- hasPermissionsForCamera(callingPid, callingUid));
- if (!hasCameraPermission) {
+ if (!hasCameraPermissions()) {
return STATUS_ERROR(ERROR_PERMISSION_DENIED,
"android.permission.CAMERA needed to call"
"isConcurrentSessionConfigurationSupported");
@@ -3325,9 +3398,15 @@
return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to addListener");
}
- auto clientPid = CameraThreadState::getCallingPid();
auto clientUid = CameraThreadState::getCallingUid();
- bool openCloseCallbackAllowed = hasPermissionsForOpenCloseListener(clientPid, clientUid);
+ auto clientPid = CameraThreadState::getCallingPid();
+ AttributionSourceState attributionSource{};
+ attributionSource.uid = clientUid;
+ attributionSource.pid = clientPid;
+
+ bool openCloseCallbackAllowed = checkPermission(std::string(),
+ sCameraOpenCloseListenerPermission, attributionSource, std::string(),
+ AppOpsManager::OP_NONE);
Mutex::Autolock lock(mServiceLock);
@@ -3970,7 +4049,6 @@
CameraService::Client::Client(const sp<CameraService>& cameraService,
const sp<ICameraClient>& cameraClient,
- std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,
const std::string& clientPackageName, bool systemNativeClient,
const std::optional<std::string>& clientFeatureId,
const std::string& cameraIdStr,
@@ -3979,7 +4057,6 @@
int servicePid, bool overrideToPortrait) :
CameraService::BasicClient(cameraService,
IInterface::asBinder(cameraClient),
- attributionAndPermissionUtils,
clientPackageName, systemNativeClient, clientFeatureId,
cameraIdStr, cameraFacing, sensorOrientation,
clientPid, clientUid,
@@ -4010,12 +4087,10 @@
CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService,
const sp<IBinder>& remoteCallback,
- std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,
const std::string& clientPackageName, bool nativeClient,
const std::optional<std::string>& clientFeatureId, const std::string& cameraIdStr,
int cameraFacing, int sensorOrientation, int clientPid, uid_t clientUid,
int servicePid, bool overrideToPortrait):
- mAttributionAndPermissionUtils(attributionAndPermissionUtils),
mDestructionStarted(false),
mCameraIdStr(cameraIdStr), mCameraFacing(cameraFacing), mOrientation(sensorOrientation),
mClientPackageName(clientPackageName), mSystemNativeClient(nativeClient),
@@ -4048,7 +4123,7 @@
mAppOpsManager = std::make_unique<AppOpsManager>();
}
- mUidIsTrusted = mAttributionAndPermissionUtils->isTrustedCallingUid(mClientUid);
+ mUidIsTrusted = isTrustedCallingUid(mClientUid);
}
CameraService::BasicClient::~BasicClient() {
@@ -4787,7 +4862,7 @@
}
hasCameraPrivacyFeature(); // Called so the result is cached
mSpm.addSensorPrivacyListener(this);
- if (mAttributionAndPermissionUtils->isAutomotiveDevice()) {
+ if (isAutomotiveDevice()) {
mSpm.addToggleSensorPrivacyListener(this);
}
mSensorPrivacyEnabled = mSpm.isSensorPrivacyEnabled();
@@ -4827,7 +4902,7 @@
void CameraService::SensorPrivacyPolicy::unregisterSelf() {
Mutex::Autolock _l(mSensorPrivacyLock);
mSpm.removeSensorPrivacyListener(this);
- if (mAttributionAndPermissionUtils->isAutomotiveDevice()) {
+ if (isAutomotiveDevice()) {
mSpm.removeToggleSensorPrivacyListener(this);
}
mSpm.unlinkToDeath(this);