Switch media fw permissions checks to AttributionSource (av)
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
bug: 158792096
Test: atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Change-Id: I1c5a4321dd3b2d458372058c99604a6ec208717c
diff --git a/media/libmedia/Android.bp b/media/libmedia/Android.bp
index e471c7b..e98d7d8 100644
--- a/media/libmedia/Android.bp
+++ b/media/libmedia/Android.bp
@@ -365,7 +365,7 @@
"libaudioclient",
"libmedia_codeclist",
"libmedia_omx",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
export_shared_lib_headers: [
@@ -374,17 +374,17 @@
"libandroidicu",
//"libsonivox",
"libmedia_omx",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
static_libs: [
"resourcemanager_aidl_interface-ndk_platform",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
export_static_lib_headers: [
"resourcemanager_aidl_interface-ndk_platform",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
export_include_dirs: [
diff --git a/media/libmedia/IMediaPlayerService.cpp b/media/libmedia/IMediaPlayerService.cpp
index 0f189ee..07c0ac5 100644
--- a/media/libmedia/IMediaPlayerService.cpp
+++ b/media/libmedia/IMediaPlayerService.cpp
@@ -35,7 +35,7 @@
namespace android {
-using media::permission::Identity;
+using android::content::AttributionSourceState;
enum {
CREATE = IBinder::FIRST_CALL_TRANSACTION,
@@ -65,22 +65,22 @@
virtual sp<IMediaPlayer> create(
const sp<IMediaPlayerClient>& client, audio_session_t audioSessionId,
- const Identity& identity) {
+ const AttributionSourceState& attributionSource) {
Parcel data, reply;
data.writeInterfaceToken(IMediaPlayerService::getInterfaceDescriptor());
data.writeStrongBinder(IInterface::asBinder(client));
data.writeInt32(audioSessionId);
- data.writeParcelable(identity);
+ data.writeParcelable(attributionSource);
remote()->transact(CREATE, data, &reply);
return interface_cast<IMediaPlayer>(reply.readStrongBinder());
}
- virtual sp<IMediaRecorder> createMediaRecorder(const Identity& identity)
+ virtual sp<IMediaRecorder> createMediaRecorder(const AttributionSourceState& attributionSource)
{
Parcel data, reply;
data.writeInterfaceToken(IMediaPlayerService::getInterfaceDescriptor());
- data.writeParcelable(identity);
+ data.writeParcelable(attributionSource);
remote()->transact(CREATE_MEDIA_RECORDER, data, &reply);
return interface_cast<IMediaRecorder>(reply.readStrongBinder());
}
@@ -131,23 +131,23 @@
sp<IMediaPlayerClient> client =
interface_cast<IMediaPlayerClient>(data.readStrongBinder());
audio_session_t audioSessionId = (audio_session_t) data.readInt32();
- Identity identity;
- status_t status = data.readParcelable(&identity);
+ AttributionSourceState attributionSource;
+ status_t status = data.readParcelable(&attributionSource);
if (status != NO_ERROR) {
return status;
}
- sp<IMediaPlayer> player = create(client, audioSessionId, identity);
+ sp<IMediaPlayer> player = create(client, audioSessionId, attributionSource);
reply->writeStrongBinder(IInterface::asBinder(player));
return NO_ERROR;
} break;
case CREATE_MEDIA_RECORDER: {
CHECK_INTERFACE(IMediaPlayerService, data, reply);
- Identity identity;
- status_t status = data.readParcelable(&identity);
+ AttributionSourceState attributionSource;
+ status_t status = data.readParcelable(&attributionSource);
if (status != NO_ERROR) {
return status;
}
- sp<IMediaRecorder> recorder = createMediaRecorder(identity);
+ sp<IMediaRecorder> recorder = createMediaRecorder(attributionSource);
reply->writeStrongBinder(IInterface::asBinder(recorder));
return NO_ERROR;
} break;
diff --git a/media/libmedia/include/media/IMediaPlayerService.h b/media/libmedia/include/media/IMediaPlayerService.h
index 243e9c7..6070673 100644
--- a/media/libmedia/include/media/IMediaPlayerService.h
+++ b/media/libmedia/include/media/IMediaPlayerService.h
@@ -27,7 +27,7 @@
#include <media/IMediaPlayerClient.h>
#include <media/IMediaMetadataRetriever.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <string>
@@ -48,12 +48,12 @@
DECLARE_META_INTERFACE(MediaPlayerService);
virtual sp<IMediaRecorder> createMediaRecorder(
- const android::media::permission::Identity &identity) = 0;
+ const android::content::AttributionSourceState &attributionSource) = 0;
virtual sp<IMediaMetadataRetriever> createMetadataRetriever() = 0;
virtual sp<IMediaPlayer> create(const sp<IMediaPlayerClient>& client,
audio_session_t audioSessionId = AUDIO_SESSION_ALLOCATE,
- const android::media::permission::Identity& identity =
- android::media::permission::Identity()) = 0;
+ const android::content::AttributionSourceState &attributionSource =
+ android::content::AttributionSourceState()) = 0;
virtual sp<IMediaCodecList> getCodecList() const = 0;
// Connects to a remote display.
diff --git a/media/libmedia/include/media/MediaRecorderBase.h b/media/libmedia/include/media/MediaRecorderBase.h
index b5325ce..2b7818d 100644
--- a/media/libmedia/include/media/MediaRecorderBase.h
+++ b/media/libmedia/include/media/MediaRecorderBase.h
@@ -21,7 +21,7 @@
#include <media/AudioSystem.h>
#include <media/MicrophoneInfo.h>
#include <media/mediarecorder.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <system/audio.h>
@@ -34,8 +34,8 @@
struct PersistentSurface;
struct MediaRecorderBase {
- explicit MediaRecorderBase(const media::permission::Identity &client)
- : mClient(client) {}
+ explicit MediaRecorderBase(const android::content::AttributionSourceState &attributionSource)
+ : mAttributionSource(attributionSource) {}
virtual ~MediaRecorderBase() {}
virtual status_t init() = 0;
@@ -84,7 +84,7 @@
protected:
- media::permission::Identity mClient;
+ android::content::AttributionSourceState mAttributionSource;
private:
MediaRecorderBase(const MediaRecorderBase &);
diff --git a/media/libmedia/include/media/mediaplayer.h b/media/libmedia/include/media/mediaplayer.h
index fbba398..de4c7db 100644
--- a/media/libmedia/include/media/mediaplayer.h
+++ b/media/libmedia/include/media/mediaplayer.h
@@ -29,7 +29,7 @@
#include <media/IMediaPlayer.h>
#include <media/IMediaDeathNotifier.h>
#include <media/IStreamSource.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <utils/KeyedVector.h>
#include <utils/String8.h>
@@ -212,8 +212,8 @@
public virtual IMediaDeathNotifier
{
public:
- explicit MediaPlayer(const android::media::permission::Identity& mIdentity =
- android::media::permission::Identity());
+ explicit MediaPlayer(const android::content::AttributionSourceState& mAttributionSource =
+ android::content::AttributionSourceState());
~MediaPlayer();
void died();
void disconnect();
@@ -317,7 +317,7 @@
float mSendLevel;
struct sockaddr_in mRetransmitEndpoint;
bool mRetransmitEndpointValid;
- const android::media::permission::Identity mIdentity;
+ const android::content::AttributionSourceState mAttributionSource;
};
}; // namespace android
diff --git a/media/libmedia/include/media/mediarecorder.h b/media/libmedia/include/media/mediarecorder.h
index 96a3293..d54ff32 100644
--- a/media/libmedia/include/media/mediarecorder.h
+++ b/media/libmedia/include/media/mediarecorder.h
@@ -25,7 +25,7 @@
#include <media/IMediaRecorderClient.h>
#include <media/IMediaDeathNotifier.h>
#include <media/MicrophoneInfo.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
namespace android {
@@ -227,7 +227,7 @@
public virtual IMediaDeathNotifier
{
public:
- explicit MediaRecorder(const media::permission::Identity& identity);
+ explicit MediaRecorder(const android::content::AttributionSourceState& attributionSource);
~MediaRecorder();
void died();
diff --git a/media/libmedia/mediaplayer.cpp b/media/libmedia/mediaplayer.cpp
index 7504787..1c9b9e4 100644
--- a/media/libmedia/mediaplayer.cpp
+++ b/media/libmedia/mediaplayer.cpp
@@ -40,9 +40,10 @@
namespace android {
using media::VolumeShaper;
-using media::permission::Identity;
+using content::AttributionSourceState;
-MediaPlayer::MediaPlayer(const Identity& identity) : mIdentity(identity)
+MediaPlayer::MediaPlayer(const AttributionSourceState& attributionSource)
+ : mAttributionSource(attributionSource)
{
ALOGV("constructor");
mListener = NULL;
@@ -153,7 +154,7 @@
if (url != NULL) {
const sp<IMediaPlayerService> service(getMediaPlayerService());
if (service != 0) {
- sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mIdentity));
+ sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mAttributionSource));
if ((NO_ERROR != doSetRetransmitEndpoint(player)) ||
(NO_ERROR != player->setDataSource(httpService, url, headers))) {
player.clear();
@@ -170,7 +171,7 @@
status_t err = UNKNOWN_ERROR;
const sp<IMediaPlayerService> service(getMediaPlayerService());
if (service != 0) {
- sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mIdentity));
+ sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mAttributionSource));
if ((NO_ERROR != doSetRetransmitEndpoint(player)) ||
(NO_ERROR != player->setDataSource(fd, offset, length))) {
player.clear();
@@ -186,7 +187,7 @@
status_t err = UNKNOWN_ERROR;
const sp<IMediaPlayerService> service(getMediaPlayerService());
if (service != 0) {
- sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mIdentity));
+ sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mAttributionSource));
if ((NO_ERROR != doSetRetransmitEndpoint(player)) ||
(NO_ERROR != player->setDataSource(source))) {
player.clear();
@@ -202,7 +203,7 @@
status_t err = UNKNOWN_ERROR;
const sp<IMediaPlayerService> service(getMediaPlayerService());
if (service != 0) {
- sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mIdentity));
+ sp<IMediaPlayer> player(service->create(this, mAudioSessionId, mAttributionSource));
if ((NO_ERROR != doSetRetransmitEndpoint(player)) ||
(NO_ERROR != player->setDataSource(rtpParams))) {
player.clear();
diff --git a/media/libmedia/mediarecorder.cpp b/media/libmedia/mediarecorder.cpp
index da2b190..cf12c36 100644
--- a/media/libmedia/mediarecorder.cpp
+++ b/media/libmedia/mediarecorder.cpp
@@ -33,7 +33,7 @@
namespace android {
-using media::permission::Identity;
+using content::AttributionSourceState;
status_t MediaRecorder::setCamera(const sp<hardware::ICamera>& camera,
const sp<ICameraRecordingProxy>& proxy)
@@ -760,13 +760,14 @@
return INVALID_OPERATION;
}
-MediaRecorder::MediaRecorder(const Identity &identity) : mSurfaceMediaSource(NULL)
+MediaRecorder::MediaRecorder(const AttributionSourceState &attributionSource)
+ : mSurfaceMediaSource(NULL)
{
ALOGV("constructor");
const sp<IMediaPlayerService> service(getMediaPlayerService());
if (service != NULL) {
- mMediaRecorder = service->createMediaRecorder(identity);
+ mMediaRecorder = service->createMediaRecorder(attributionSource);
}
if (mMediaRecorder != NULL) {
mCurrentState = MEDIA_RECORDER_IDLE;