Camera: Handle opChanged callback with IGNORED for shell permission
- Camera CTS assumes shell permission identity to test camera.
- An opChanged() callback can still occur during a camera session even though
the opCode remains IGNORED.
If both of the above conditions are true, the camera server shouldn't revoke the camera
access. Allow camera access if the Uid is in active state.
Test: Run FastBasicsTest with forrest
Bug: 175320666
Change-Id: I1f680337ab6f5796fe57da4d20264c224bcc50f4
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index adf8562..168f3c5 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -2932,10 +2932,21 @@
res == AppOpsManager::MODE_ERRORED ? "ERRORED" :
"UNKNOWN");
- if (res != AppOpsManager::MODE_ALLOWED) {
+ if (res == AppOpsManager::MODE_ERRORED) {
ALOGI("Camera %s: Access for \"%s\" revoked", mCameraIdStr.string(),
String8(mClientPackageName).string());
block();
+ } else if (res == AppOpsManager::MODE_IGNORED) {
+ bool isUidActive = sCameraService->mUidPolicy->isUidActive(mClientUid, mClientPackageName);
+ ALOGI("Camera %s: Access for \"%s\" has been restricted, isUidTrusted %d, isUidActive %d",
+ mCameraIdStr.string(), String8(mClientPackageName).string(),
+ mUidIsTrusted, isUidActive);
+ // If the calling Uid is trusted (a native service), or the client Uid is active (WAR for
+ // b/175320666), the AppOpsManager could return MODE_IGNORED. Do not treat such cases as
+ // error.
+ if (!mUidIsTrusted && !isUidActive) {
+ block();
+ }
}
}