Switch media fw permissions checks to AttributionSource (av)
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
bug: 158792096
Test: atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Change-Id: I1c5a4321dd3b2d458372058c99604a6ec208717c
diff --git a/services/oboeservice/AAudioEndpointManager.cpp b/services/oboeservice/AAudioEndpointManager.cpp
index 3224cfc..20e4cc5 100644
--- a/services/oboeservice/AAudioEndpointManager.cpp
+++ b/services/oboeservice/AAudioEndpointManager.cpp
@@ -184,7 +184,7 @@
// An app can avoid having this happen by closing their streams when
// the app is paused.
pid_t pid = VALUE_OR_FATAL(
- aidl2legacy_int32_t_pid_t(request.getIdentity().pid));
+ aidl2legacy_int32_t_pid_t(request.getAttributionSource().pid));
AAudioClientTracker::getInstance().setExclusiveEnabled(pid, false);
endpointToSteal = endpoint; // return it to caller
}
diff --git a/services/oboeservice/AAudioService.cpp b/services/oboeservice/AAudioService.cpp
index 0b69bf6..40a664e 100644
--- a/services/oboeservice/AAudioService.cpp
+++ b/services/oboeservice/AAudioService.cpp
@@ -22,7 +22,7 @@
#include <iostream>
#include <sstream>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <aaudio/AAudio.h>
#include <media/AidlConversion.h>
#include <mediautils/ServiceUtilities.h>
@@ -47,18 +47,18 @@
std::move(_tmp.value()); })
using android::AAudioService;
-using android::media::permission::Identity;
+using android::content::AttributionSourceState;
using binder::Status;
android::AAudioService::AAudioService()
: BnAAudioService(),
mAdapter(this) {
// TODO consider using geteuid()
- // TODO b/182392769: use identity util
- mAudioClient.identity.uid = VALUE_OR_FATAL(legacy2aidl_uid_t_int32_t(getuid()));
- mAudioClient.identity.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(getpid()));
- mAudioClient.identity.packageName = std::nullopt;
- mAudioClient.identity.attributionTag = std::nullopt;
+ // TODO b/182392769: use attribution source util
+ mAudioClient.attributionSource.uid = VALUE_OR_FATAL(legacy2aidl_uid_t_int32_t(getuid()));
+ mAudioClient.attributionSource.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(getpid()));
+ mAudioClient.attributionSource.packageName = std::nullopt;
+ mAudioClient.attributionSource.attributionTag = std::nullopt;
AAudioClientTracker::getInstance().setAAudioService(this);
}
@@ -115,13 +115,14 @@
aaudio_sharing_mode_t sharingMode = configurationInput.getSharingMode();
// Enforce limit on client processes.
- Identity callingIdentity = request.getIdentity();
+ AttributionSourceState attributionSource = request.getAttributionSource();
pid_t pid = IPCThreadState::self()->getCallingPid();
- callingIdentity.pid = VALUE_OR_RETURN_ILLEGAL_ARG_STATUS(
+ attributionSource.pid = VALUE_OR_RETURN_ILLEGAL_ARG_STATUS(
legacy2aidl_pid_t_int32_t(pid));
- callingIdentity.uid = VALUE_OR_RETURN_ILLEGAL_ARG_STATUS(
+ attributionSource.uid = VALUE_OR_RETURN_ILLEGAL_ARG_STATUS(
legacy2aidl_uid_t_int32_t(IPCThreadState::self()->getCallingUid()));
- if (callingIdentity.pid != mAudioClient.identity.pid) {
+ attributionSource.token = sp<BBinder>::make();
+ if (attributionSource.pid != mAudioClient.attributionSource.pid) {
int32_t count = AAudioClientTracker::getInstance().getStreamCount(pid);
if (count >= MAX_STREAMS_PER_PROCESS) {
ALOGE("openStream(): exceeded max streams per process %d >= %d",
@@ -280,8 +281,8 @@
}
bool AAudioService::isCallerInService() {
- pid_t clientPid = VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mAudioClient.identity.pid));
- uid_t clientUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mAudioClient.identity.uid));
+ pid_t clientPid = VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mAudioClient.attributionSource.pid));
+ uid_t clientUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mAudioClient.attributionSource.uid));
return clientPid == IPCThreadState::self()->getCallingPid() &&
clientUid == IPCThreadState::self()->getCallingUid();
}
@@ -307,7 +308,7 @@
const uid_t callingUserId = IPCThreadState::self()->getCallingUid();
const uid_t ownerUserId = serviceStream->getOwnerUserId();
const uid_t clientUid = VALUE_OR_FATAL(
- aidl2legacy_int32_t_uid_t(mAudioClient.identity.uid));
+ aidl2legacy_int32_t_uid_t(mAudioClient.attributionSource.uid));
bool callerOwnsIt = callingUserId == ownerUserId;
bool serverCalling = callingUserId == clientUid;
bool serverOwnsIt = ownerUserId == clientUid;
diff --git a/services/oboeservice/AAudioServiceEndpointMMAP.cpp b/services/oboeservice/AAudioServiceEndpointMMAP.cpp
index b4efd1a..117218a 100644
--- a/services/oboeservice/AAudioServiceEndpointMMAP.cpp
+++ b/services/oboeservice/AAudioServiceEndpointMMAP.cpp
@@ -71,11 +71,11 @@
aaudio_result_t AAudioServiceEndpointMMAP::open(const aaudio::AAudioStreamRequest &request) {
aaudio_result_t result = AAUDIO_OK;
copyFrom(request.getConstantConfiguration());
- mMmapClient.identity = request.getIdentity();
- // TODO b/182392769: use identity util
- mMmapClient.identity.uid = VALUE_OR_FATAL(
+ mMmapClient.attributionSource = request.getAttributionSource();
+ // TODO b/182392769: use attribution source util
+ mMmapClient.attributionSource.uid = VALUE_OR_FATAL(
legacy2aidl_uid_t_int32_t(IPCThreadState::self()->getCallingUid()));
- mMmapClient.identity.pid = VALUE_OR_FATAL(
+ mMmapClient.attributionSource.pid = VALUE_OR_FATAL(
legacy2aidl_pid_t_int32_t(IPCThreadState::self()->getCallingPid()));
audio_format_t audioFormat = getFormat();
@@ -165,8 +165,8 @@
this, // callback
mMmapStream,
&mPortHandle);
- ALOGD("%s() mMapClient.identity = %s => portHandle = %d\n",
- __func__, mMmapClient.identity.toString().c_str(), mPortHandle);
+ ALOGD("%s() mMapClient.attributionSource = %s => portHandle = %d\n",
+ __func__, mMmapClient.attributionSource.toString().c_str(), mPortHandle);
if (status != OK) {
// This can happen if the resource is busy or the config does
// not match the hardware.
@@ -216,7 +216,7 @@
// Exclusive mode can only be used by the service because the FD cannot be shared.
int32_t audioServiceUid =
VALUE_OR_FATAL(legacy2aidl_uid_t_int32_t(getuid()));
- if ((mMmapClient.identity.uid != audioServiceUid) &&
+ if ((mMmapClient.attributionSource.uid != audioServiceUid) &&
getSharingMode() == AAUDIO_SHARING_MODE_EXCLUSIVE) {
ALOGW("%s() - exclusive FD cannot be used by client", __func__);
result = AAUDIO_ERROR_UNAVAILABLE;
diff --git a/services/oboeservice/AAudioServiceStreamBase.cpp b/services/oboeservice/AAudioServiceStreamBase.cpp
index dbacd75..34ddd4d 100644
--- a/services/oboeservice/AAudioServiceStreamBase.cpp
+++ b/services/oboeservice/AAudioServiceStreamBase.cpp
@@ -39,7 +39,7 @@
using namespace android; // TODO just import names needed
using namespace aaudio; // TODO just import names needed
-using media::permission::Identity;
+using content::AttributionSourceState;
/**
* Base class for streams in the service.
@@ -50,7 +50,7 @@
: mTimestampThread("AATime")
, mAtomicStreamTimestamp()
, mAudioService(audioService) {
- mMmapClient.identity = Identity();
+ mMmapClient.attributionSource = AttributionSourceState();
}
AAudioServiceStreamBase::~AAudioServiceStreamBase() {
@@ -81,7 +81,7 @@
result << " 0x" << std::setfill('0') << std::setw(8) << std::hex << mHandle
<< std::dec << std::setfill(' ') ;
- result << std::setw(6) << mMmapClient.identity.uid;
+ result << std::setw(6) << mMmapClient.attributionSource.uid;
result << std::setw(7) << mClientHandle;
result << std::setw(4) << (isRunning() ? "yes" : " no");
result << std::setw(6) << getState();
@@ -127,11 +127,11 @@
AAudioEndpointManager &mEndpointManager = AAudioEndpointManager::getInstance();
aaudio_result_t result = AAUDIO_OK;
- mMmapClient.identity = request.getIdentity();
- // TODO b/182392769: use identity util
- mMmapClient.identity.uid = VALUE_OR_FATAL(
+ mMmapClient.attributionSource = request.getAttributionSource();
+ // TODO b/182392769: use attribution source util
+ mMmapClient.attributionSource.uid = VALUE_OR_FATAL(
legacy2aidl_uid_t_int32_t(IPCThreadState::self()->getCallingUid()));
- mMmapClient.identity.pid = VALUE_OR_FATAL(
+ mMmapClient.attributionSource.pid = VALUE_OR_FATAL(
legacy2aidl_pid_t_int32_t(IPCThreadState::self()->getCallingPid()));
// Limit scope of lock to avoid recursive lock in close().
diff --git a/services/oboeservice/AAudioServiceStreamBase.h b/services/oboeservice/AAudioServiceStreamBase.h
index c42df0f..976996d 100644
--- a/services/oboeservice/AAudioServiceStreamBase.h
+++ b/services/oboeservice/AAudioServiceStreamBase.h
@@ -160,11 +160,13 @@
}
uid_t getOwnerUserId() const {
- return VALUE_OR_FATAL(android::aidl2legacy_int32_t_uid_t(mMmapClient.identity.uid));
+ return VALUE_OR_FATAL(android::aidl2legacy_int32_t_uid_t(
+ mMmapClient.attributionSource.uid));
}
pid_t getOwnerProcessId() const {
- return VALUE_OR_FATAL(android::aidl2legacy_int32_t_pid_t(mMmapClient.identity.pid));
+ return VALUE_OR_FATAL(android::aidl2legacy_int32_t_pid_t(
+ mMmapClient.attributionSource.pid));
}
aaudio_handle_t getHandle() const {
diff --git a/services/oboeservice/Android.bp b/services/oboeservice/Android.bp
index a419dd5..4c58040 100644
--- a/services/oboeservice/Android.bp
+++ b/services/oboeservice/Android.bp
@@ -66,13 +66,13 @@
"liblog",
"libutils",
"aaudio-aidl-cpp",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
"libaudioclient_aidl_conversion",
],
export_shared_lib_headers: [
"libaaudio_internal",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
header_libs: [
diff --git a/services/oboeservice/fuzzer/Android.bp b/services/oboeservice/fuzzer/Android.bp
index f4e8a81..605ac01 100644
--- a/services/oboeservice/fuzzer/Android.bp
+++ b/services/oboeservice/fuzzer/Android.bp
@@ -46,7 +46,7 @@
"liblog",
"libutils",
"aaudio-aidl-cpp",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
"libaudioclient_aidl_conversion",
],
static_libs: [
diff --git a/services/oboeservice/fuzzer/oboeservice_fuzzer.cpp b/services/oboeservice/fuzzer/oboeservice_fuzzer.cpp
index 8e508d3..4bc661c 100644
--- a/services/oboeservice/fuzzer/oboeservice_fuzzer.cpp
+++ b/services/oboeservice/fuzzer/oboeservice_fuzzer.cpp
@@ -23,7 +23,7 @@
#include <AAudioService.h>
#include <aaudio/AAudio.h>
#include "aaudio/BnAAudioClient.h"
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#define UNUSED_PARAM __attribute__((unused))
@@ -295,11 +295,12 @@
? fdp.ConsumeIntegral<int32_t>()
: kAAudioFormats[fdp.ConsumeIntegralInRange<int32_t>(0, kNumAAudioFormats - 1)]));
- // TODO b/182392769: use identity util
- media::permission::Identity identity;
- identity.uid = getuid();
- identity.pid = getpid();
- request.setIdentity(identity);
+ // TODO b/182392769: use attribution source util
+ android::content::AttributionSourceState attributionSource;
+ attributionSource.uid = getuid();
+ attributionSource.pid = getpid();
+ attributionSource.token = sp<BBinder>::make();
+ request.setAttributionSource(attributionSource);
request.setInService(fdp.ConsumeBool());
request.getConfiguration().setDeviceId(fdp.ConsumeIntegral<int32_t>());