[audio] Pull service permissions into libaudioperm
Test: compiles
Bug: 355498020
Flag: EXEMPT safe build change
Change-Id: Idf516a36596c3f5d3cd52745c951189c83264e2b
diff --git a/services/audioflinger/Android.bp b/services/audioflinger/Android.bp
index 01bde42..add8a43 100644
--- a/services/audioflinger/Android.bp
+++ b/services/audioflinger/Android.bp
@@ -149,7 +149,7 @@
"audio-permission-aidl-cpp",
"audioclient-types-aidl-cpp",
"audioflinger-aidl-cpp",
- "audiopermissioncontroller",
+ "libaudiopermission",
"av-types-aidl-cpp",
"com.android.media.audio-aconfig-cc",
"com.android.media.audioserver-aconfig-cc",
diff --git a/services/audiopolicy/permission/Android.bp b/services/audiopolicy/permission/Android.bp
deleted file mode 100644
index cfbeaae..0000000
--- a/services/audiopolicy/permission/Android.bp
+++ /dev/null
@@ -1,111 +0,0 @@
-package {
- default_team: "trendy_team_android_media_audio_framework",
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-cc_library_headers {
- name: "audiopermissioncontroller_headers",
- host_supported: true,
- export_include_dirs: ["include"],
-}
-
-cc_library {
- name: "audiopermissioncontroller",
-
- srcs: [
- "NativePermissionController.cpp",
- "ValidatedAttributionSourceState.cpp",
- ],
- export_include_dirs: [
- "include",
- ],
-
- header_libs: [
- "libcutils_headers",
- "liberror_headers",
- ],
- export_header_lib_headers: [
- "liberror_headers",
- ],
- static_libs: [
- "audio-permission-aidl-cpp",
- "framework-permission-aidl-cpp",
- ],
- shared_libs: [
- "libbase",
- "libbinder",
- "liblog",
- "libutils",
- ],
-
- host_supported: true,
- sanitize: {
- integer_overflow: true,
- },
- cflags: [
- "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION",
- "-DANDROID_UTILS_REF_BASE_DISABLE_IMPLICIT_CONSTRUCTION",
- "-Wall",
- "-Wconditional-uninitialized",
- "-Wdeprecated",
- "-Werror",
- "-Werror=format",
- "-Werror=reorder-init-list",
- "-Wextra",
- "-Wextra-semi",
- "-Wimplicit-fallthrough",
- "-Wreorder-init-list",
- "-Wshadow-all",
- "-Wthread-safety",
- "-Wunreachable-code-aggressive",
- ],
- tidy: true,
- tidy_checks: [
- "android-*",
- "bugprone-*",
- "cert-*",
- "clang-analyzer-security*",
- "google-*",
- "misc-*",
- "modernize-*",
- "performance-*",
- ],
- tidy_checks_as_errors: [
- "android-*",
- "bugprone-*",
- "cert-*",
- "clang-analyzer-security*",
- "google-*",
- "misc-*",
- "modernize-*",
- "performance-*",
- ],
-}
-
-cc_test {
- name: "audiopermissioncontroller_test",
- host_supported: true,
- defaults: [
- "libmediautils_tests_config",
- ],
- static_libs: [
- "audio-permission-aidl-cpp",
- "audiopermissioncontroller",
- "framework-permission-aidl-cpp",
- "libgmock",
- ],
- shared_libs: [
- "libbase",
- "libbinder",
- "liblog",
- "libutils",
- ],
- srcs: [
- "tests/NativePermissionControllerTest.cpp",
- "tests/ValidatedAttributionSourceStateTest.cpp",
- ],
- test_options: {
- unit_test: true,
- },
- test_suites: ["general-tests"],
-}
diff --git a/services/audiopolicy/permission/NativePermissionController.cpp b/services/audiopolicy/permission/NativePermissionController.cpp
deleted file mode 100644
index 5743076..0000000
--- a/services/audiopolicy/permission/NativePermissionController.cpp
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <media/NativePermissionController.h>
-
-#include <algorithm>
-#include <optional>
-#include <utility>
-
-#include <android-base/expected.h>
-#include <cutils/android_filesystem_config.h>
-#include <utils/Errors.h>
-
-using ::android::binder::Status;
-using ::android::error::BinderResult;
-using ::android::error::unexpectedExceptionCode;
-
-namespace com::android::media::permission {
-static std::optional<std::string> getFixedPackageName(uid_t uid) {
- // These values are in sync with AppOpsService
- switch (uid % AID_USER_OFFSET) {
- case AID_ROOT:
- return "root";
- case AID_SYSTEM:
- return "system";
- case AID_SHELL:
- return "shell";
- case AID_MEDIA:
- return "media";
- case AID_AUDIOSERVER:
- return "audioserver";
- case AID_CAMERASERVER:
- return "cameraserver";
- default:
- return std::nullopt;
- }
-}
-
-// -- Begin Binder methods
-Status NativePermissionController::populatePackagesForUids(
- const std::vector<UidPackageState>& initialPackageStates) {
- std::lock_guard l{m_};
- if (!is_package_populated_) is_package_populated_ = true;
- package_map_.clear();
- std::transform(initialPackageStates.begin(), initialPackageStates.end(),
- std::inserter(package_map_, package_map_.end()),
- [](const auto& x) -> std::pair<uid_t, std::vector<std::string>> {
- return {x.uid, x.packageNames};
- });
- std::erase_if(package_map_, [](const auto& x) { return x.second.empty(); });
- return Status::ok();
-}
-
-Status NativePermissionController::updatePackagesForUid(const UidPackageState& newPackageState) {
- std::lock_guard l{m_};
- package_map_.insert_or_assign(newPackageState.uid, newPackageState.packageNames);
- const auto& cursor = package_map_.find(newPackageState.uid);
-
- if (newPackageState.packageNames.empty()) {
- if (cursor != package_map_.end()) {
- package_map_.erase(cursor);
- }
- } else {
- if (cursor != package_map_.end()) {
- cursor->second = newPackageState.packageNames;
- } else {
- package_map_.insert({newPackageState.uid, newPackageState.packageNames});
- }
- }
- return Status::ok();
-}
-
-Status NativePermissionController::populatePermissionState(PermissionEnum perm,
- const std::vector<int>& uids) {
- if (perm >= PermissionEnum::ENUM_SIZE || static_cast<int>(perm) < 0) {
- return Status::fromExceptionCode(Status::EX_ILLEGAL_ARGUMENT);
- }
- std::lock_guard l{m_};
- auto& cursor = permission_map_[static_cast<size_t>(perm)];
- cursor = std::vector<uid_t>{uids.begin(), uids.end()};
- // should be sorted
- std::sort(cursor.begin(), cursor.end());
- return Status::ok();
-}
-
-// -- End Binder methods
-
-BinderResult<std::vector<std::string>> NativePermissionController::getPackagesForUid(
- uid_t uid) const {
- uid = uid % AID_USER_OFFSET;
- const auto fixed_package_opt = getFixedPackageName(uid);
- if (fixed_package_opt.has_value()) {
- return BinderResult<std::vector<std::string>>{std::in_place_t{},
- {fixed_package_opt.value()}};
- }
- std::lock_guard l{m_};
- if (!is_package_populated_) {
- return unexpectedExceptionCode(
- Status::EX_ILLEGAL_STATE,
- "NPC::getPackagesForUid: controller never populated by system_server");
- }
- const auto cursor = package_map_.find(uid);
- if (cursor != package_map_.end()) {
- return cursor->second;
- } else {
- return unexpectedExceptionCode(
- Status::EX_ILLEGAL_ARGUMENT,
- ("NPC::getPackagesForUid: uid not found: " + std::to_string(uid)).c_str());
- }
-}
-
-BinderResult<bool> NativePermissionController::validateUidPackagePair(
- uid_t uid, const std::string& packageName) const {
- if (uid == AID_ROOT || uid == AID_SYSTEM) return true;
- uid = uid % AID_USER_OFFSET;
- const auto fixed_package_opt = getFixedPackageName(uid);
- if (fixed_package_opt.has_value()) {
- return (uid == AID_ROOT || uid == AID_SYSTEM) ? true :
- packageName == fixed_package_opt.value();
- }
- std::lock_guard l{m_};
- if (!is_package_populated_) {
- return unexpectedExceptionCode(
- Status::EX_ILLEGAL_STATE,
- "NPC::validatedUidPackagePair: controller never populated by system_server");
- }
- const auto cursor = package_map_.find(uid);
- return (cursor != package_map_.end()) &&
- (std::find(cursor->second.begin(), cursor->second.end(), packageName) !=
- cursor->second.end());
-}
-
-BinderResult<bool> NativePermissionController::checkPermission(PermissionEnum perm,
- uid_t uid) const {
- if (uid == AID_ROOT || uid == AID_SYSTEM || uid == getuid()) return true;
- std::lock_guard l{m_};
- const auto& uids = permission_map_[static_cast<size_t>(perm)];
- if (!uids.empty()) {
- return std::binary_search(uids.begin(), uids.end(), uid);
- } else {
- return unexpectedExceptionCode(
- Status::EX_ILLEGAL_STATE,
- "NPC::checkPermission: controller never populated by system_server");
- }
-}
-
-} // namespace com::android::media::permission
diff --git a/services/audiopolicy/permission/ValidatedAttributionSourceState.cpp b/services/audiopolicy/permission/ValidatedAttributionSourceState.cpp
deleted file mode 100644
index f313422..0000000
--- a/services/audiopolicy/permission/ValidatedAttributionSourceState.cpp
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <media/ValidatedAttributionSourceState.h>
-
-#include <binder/IPCThreadState.h>
-#include <error/expected_utils.h>
-#include <utils/Log.h>
-
-using ::android::binder::Status;
-using ::android::error::BinderResult;
-using ::android::error::unexpectedExceptionCode;
-
-namespace com::android::media::permission {
-
-BinderResult<ValidatedAttributionSourceState>
-ValidatedAttributionSourceState::createFromBinderContext(AttributionSourceState attr,
- const IPermissionProvider& provider) {
- attr.pid = ::android::IPCThreadState::self()->getCallingPid();
- attr.uid = ::android::IPCThreadState::self()->getCallingUid();
- return createFromTrustedUidNoPackage(std::move(attr), provider);
-}
-
-BinderResult<ValidatedAttributionSourceState>
-ValidatedAttributionSourceState::createFromTrustedUidNoPackage(
- AttributionSourceState attr, const IPermissionProvider& provider) {
- if (attr.packageName.has_value() && attr.packageName->size() != 0) {
- if (VALUE_OR_RETURN(provider.validateUidPackagePair(attr.uid, attr.packageName.value()))) {
- return ValidatedAttributionSourceState{std::move(attr)};
- } else {
- return unexpectedExceptionCode(Status::EX_SECURITY,
- attr.toString()
- .insert(0, ": invalid attr ")
- .insert(0, __PRETTY_FUNCTION__)
- .c_str());
- }
- } else {
- // For APIs which don't appropriately pass attribution sources or packages, we need
- // to populate the package name with our best guess.
- const auto packageNames = VALUE_OR_RETURN(provider.getPackagesForUid(attr.uid));
- LOG_ALWAYS_FATAL_IF(packageNames.empty(), "%s BUG: empty package list from controller",
- __PRETTY_FUNCTION__);
- attr.packageName = std::move(packageNames[0]);
- return ValidatedAttributionSourceState{std::move(attr)};
- }
-}
-
-} // namespace com::android::media::permission
diff --git a/services/audiopolicy/permission/include/media/IPermissionProvider.h b/services/audiopolicy/permission/include/media/IPermissionProvider.h
deleted file mode 100644
index 8d90543..0000000
--- a/services/audiopolicy/permission/include/media/IPermissionProvider.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <sys/types.h>
-
-#include <optional>
-#include <vector>
-
-#include <com/android/media/permission/PermissionEnum.h>
-#include <error/BinderResult.h>
-
-namespace com::android::media::permission {
-
-class IPermissionProvider {
- public:
- // Get all package names which run under a certain app-id. Returns non-empty.
- // Not user specific, since packages are across users. Special app-ids (system,
- // shell, etc.) are handled. Fails if the provider does not know about the
- // app-id or if the provider has not been initialized.
- virtual ::android::error::BinderResult<std::vector<std::string>> getPackagesForUid(
- uid_t uid) const = 0;
- // True iff the provided package name runs under the app-id of uid.
- // Special app-ids (system, shell, etc.) are handled.
- // Fails if the provider does not know about the app-id or if the provider has not been
- // initialized.
- virtual ::android::error::BinderResult<bool> validateUidPackagePair(
- uid_t uid, const std::string& packageName) const = 0;
-
- // True iff the uid holds the permission (user aware).
- // Fails with NO_INIT if cache hasn't been populated.
- virtual ::android::error::BinderResult<bool> checkPermission(PermissionEnum permission,
- uid_t uid) const = 0;
- virtual ~IPermissionProvider() = default;
-};
-} // namespace com::android::media::permission
diff --git a/services/audiopolicy/permission/include/media/NativePermissionController.h b/services/audiopolicy/permission/include/media/NativePermissionController.h
deleted file mode 100644
index a81c7a2..0000000
--- a/services/audiopolicy/permission/include/media/NativePermissionController.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <mutex>
-#include <optional>
-#include <unordered_map>
-
-#include "IPermissionProvider.h"
-
-#include <android-base/thread_annotations.h>
-#include <com/android/media/permission/BnNativePermissionController.h>
-#include <error/BinderResult.h>
-
-namespace com::android::media::permission {
-
-class NativePermissionController : public BnNativePermissionController, public IPermissionProvider {
- using Status = ::android::binder::Status;
-
- public:
- Status populatePackagesForUids(const std::vector<UidPackageState>& initialPackageStates) final;
- Status updatePackagesForUid(const UidPackageState& newPackageState) final;
- Status populatePermissionState(PermissionEnum permission, const std::vector<int>& uids) final;
- // end binder methods
-
- ::android::error::BinderResult<std::vector<std::string>> getPackagesForUid(
- uid_t uid) const final;
- ::android::error::BinderResult<bool> validateUidPackagePair(
- uid_t uid, const std::string& packageName) const final;
- ::android::error::BinderResult<bool> checkPermission(PermissionEnum permission,
- uid_t uid) const final;
-
- private:
- mutable std::mutex m_;
- // map of app_ids to the set of packages names which could run in them (should be 1)
- std::unordered_map<uid_t, std::vector<std::string>> package_map_ GUARDED_BY(m_);
- bool is_package_populated_ GUARDED_BY(m_);
- // (logical) map of PermissionEnum to list of uids (not appid) which hold the perm
- std::array<std::vector<uid_t>, static_cast<size_t>(PermissionEnum::ENUM_SIZE)> permission_map_
- GUARDED_BY(m_);
-};
-} // namespace com::android::media::permission
diff --git a/services/audiopolicy/permission/include/media/ValidatedAttributionSourceState.h b/services/audiopolicy/permission/include/media/ValidatedAttributionSourceState.h
deleted file mode 100644
index 46f7d0a..0000000
--- a/services/audiopolicy/permission/include/media/ValidatedAttributionSourceState.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <android/content/AttributionSourceState.h>
-#include <error/BinderResult.h>
-
-#include "IPermissionProvider.h"
-
-namespace com::android::media::permission {
-
-using ::android::content::AttributionSourceState;
-
-class ValidatedAttributionSourceState {
- public:
- /**
- * Validates an attribution source from within the context of a binder transaction.
- * Overwrites the uid/pid and validates the packageName.
- * Returns EX_SECURITY on package validation fail.
- */
- static ::android::error::BinderResult<ValidatedAttributionSourceState> createFromBinderContext(
- AttributionSourceState attr, const IPermissionProvider& provider);
-
- /**
- * Creates a ValidatedAttributionSourceState in cases where the source is passed from a
- * trusted entity which already performed validation.
- */
- static ValidatedAttributionSourceState createFromTrustedSource(AttributionSourceState attr) {
- return ValidatedAttributionSourceState(attr);
- }
-
- /**
- * Create a ValidatedAttribubtionSourceState in cases where the uid/pid is trusted, but the
- * packages have not been validated. Proper use of the previous two methods should avoid the
- * necessity of this, but it is useful for migration purposes as well as testing this class.
- * Returns EX_SECURITY on package validation fail.
- */
- static ::android::error::BinderResult<ValidatedAttributionSourceState>
- createFromTrustedUidNoPackage(AttributionSourceState attr, const IPermissionProvider& provider);
-
- operator AttributionSourceState() const { return state_; }
-
- operator const AttributionSourceState&() const { return state_; }
-
- AttributionSourceState unwrapInto() && { return std::move(state_); }
-
- bool operator==(const ValidatedAttributionSourceState& other) const {
- return operator==(other.state_);
- }
-
- bool operator==(const AttributionSourceState& other) const { return state_ == other; }
-
- private:
- ValidatedAttributionSourceState(AttributionSourceState attr) : state_(attr) {}
-
- AttributionSourceState state_;
-};
-} // namespace com::android::media::permission
diff --git a/services/audiopolicy/permission/tests/NativePermissionControllerTest.cpp b/services/audiopolicy/permission/tests/NativePermissionControllerTest.cpp
deleted file mode 100644
index f2423c1..0000000
--- a/services/audiopolicy/permission/tests/NativePermissionControllerTest.cpp
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <media/NativePermissionController.h>
-
-#include <gmock/gmock.h>
-#include <gtest/gtest.h>
-
-#include <error/BinderStatusMatcher.h>
-#include <error/ExpectedMatchers.h>
-
-using android::binder::Status::EX_ILLEGAL_ARGUMENT;
-using android::binder::Status::EX_ILLEGAL_STATE;
-using android::error::BinderStatusMatcher;
-using android::error::IsErrorAnd;
-using android::error::IsOkAnd;
-using com::android::media::permission::NativePermissionController;
-using com::android::media::permission::PermissionEnum;
-using com::android::media::permission::UidPackageState;
-
-using ::testing::ElementsAre;
-using ::testing::IsFalse;
-using ::testing::IsTrue;
-
-class NativePermissionControllerTest : public ::testing::Test {
- protected:
- android::sp<NativePermissionController> holder_ =
- android::sp<NativePermissionController>::make();
- NativePermissionController& controller_ = *holder_;
-};
-static UidPackageState createState(uid_t uid, std::vector<std::string> packagesNames) {
- UidPackageState out{};
- out.uid = uid;
- out.packageNames = std::move(packagesNames);
- return out;
-}
-
-// --- Tests for non-populated ----
-TEST_F(NativePermissionControllerTest, getPackagesForUid_NotPopulated) {
- // Verify errors are returned
- EXPECT_THAT(controller_.getPackagesForUid(10000),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_STATE)));
- EXPECT_THAT(controller_.getPackagesForUid(10001),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_STATE)));
-
- // fixed uids should work
- EXPECT_THAT(controller_.getPackagesForUid(1000), IsOkAnd(ElementsAre(std::string{"system"})));
-}
-
-TEST_F(NativePermissionControllerTest, validateUidPackagePair_NotPopulated) {
- // Verify errors are returned
- EXPECT_THAT(controller_.validateUidPackagePair(10000, "com.package"),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_STATE)));
-
- // fixed uids should work
- EXPECT_THAT(controller_.validateUidPackagePair(1000, "system"), IsOkAnd(IsTrue()));
-}
-
-// --- Tests for populatePackagesForUids ----
-TEST_F(NativePermissionControllerTest, populatePackages_EmptyInput) {
- std::vector<UidPackageState> input;
-
- // succeeds
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
-
- // Verify unknown uid behavior
- EXPECT_THAT(controller_.getPackagesForUid(10000),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_ARGUMENT)));
-}
-
-TEST_F(NativePermissionControllerTest, populatePackages_ValidInput) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1", "com.example.app2"}),
- createState(10001, {"com.example2.app1"}),
- };
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
-
- EXPECT_THAT(controller_.getPackagesForUid(10000),
- IsOkAnd(ElementsAre("com.example.app1", "com.example.app2")));
- EXPECT_THAT(controller_.getPackagesForUid(10001), IsOkAnd(ElementsAre("com.example2.app1")));
-}
-
-// --- Tests for updatePackagesForUid ---
-TEST_F(NativePermissionControllerTest, updatePackages_NewUid) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1", "com.example.app2"}),
- createState(10001, {"com.example2.app1"}),
- };
- UidPackageState newState = createState(12000, {"com.example.other"});
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
- EXPECT_THAT(controller_.updatePackagesForUid(newState), BinderStatusMatcher::isOk());
-
- // Verify the results: only the updated package should be changed
- EXPECT_THAT(controller_.getPackagesForUid(10000),
- IsOkAnd(ElementsAre("com.example.app1", "com.example.app2")));
- EXPECT_THAT(controller_.getPackagesForUid(10001), IsOkAnd(ElementsAre("com.example2.app1")));
- EXPECT_THAT(controller_.getPackagesForUid(12000), IsOkAnd(ElementsAre("com.example.other")));
-}
-
-TEST_F(NativePermissionControllerTest, updatePackages_ExistingUid) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1", "com.example.app2", "com.example.app3"}),
- createState(10001, {"com.example2.app1"}),
- };
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
- // Update packages for existing uid
- UidPackageState newState = createState(10000, {"com.example.other", "com.example.new"});
- EXPECT_THAT(controller_.updatePackagesForUid(newState), BinderStatusMatcher::isOk());
-
- // Verify update
- EXPECT_THAT(controller_.getPackagesForUid(10000),
- IsOkAnd(ElementsAre("com.example.other", "com.example.new")));
-}
-
-TEST_F(NativePermissionControllerTest, updatePackages_EmptyRemovesEntry) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1"}),
- };
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
-
- UidPackageState newState{}; // Empty package list
- newState.uid = 10000;
- EXPECT_THAT(controller_.updatePackagesForUid(newState), BinderStatusMatcher::isOk());
- // getPackages for unknown UID should error out
- EXPECT_THAT(controller_.getPackagesForUid(10000),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_ARGUMENT)));
-}
-
-TEST_F(NativePermissionControllerTest, validateUidPackagePair_ValidPair) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1", "com.example.app2"}),
- };
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
-
- EXPECT_THAT(controller_.validateUidPackagePair(10000, "com.example.app1"), IsOkAnd(IsTrue()));
-}
-
-TEST_F(NativePermissionControllerTest, validateUidPackagePair_InvalidPackage) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1", "com.example.app2"}),
- };
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
-
- EXPECT_THAT(controller_.validateUidPackagePair(10000, "com.example.other"), IsOkAnd(IsFalse()));
-}
-
-TEST_F(NativePermissionControllerTest, validateUidPackagePair_UnknownUid) {
- std::vector<UidPackageState> input{
- createState(10000, {"com.example.app1", "com.example.app2"}),
- };
-
- EXPECT_THAT(controller_.populatePackagesForUids(input), BinderStatusMatcher::isOk());
-
- EXPECT_THAT(controller_.validateUidPackagePair(12000, "any.package"), IsOkAnd(IsFalse()));
-}
-
-TEST_F(NativePermissionControllerTest, populatePermissionState_InvalidPermission) {
- EXPECT_THAT(controller_.populatePermissionState(PermissionEnum::ENUM_SIZE, {}),
- BinderStatusMatcher::hasException(EX_ILLEGAL_ARGUMENT));
- EXPECT_THAT(
- controller_.populatePermissionState(
- static_cast<PermissionEnum>(static_cast<int>(PermissionEnum::ENUM_SIZE) + 1),
- {}),
- BinderStatusMatcher::hasException(EX_ILLEGAL_ARGUMENT));
-}
-
-TEST_F(NativePermissionControllerTest, populatePermissionState_HoldsPermission) {
- // Unsorted
- std::vector<int> uids{3, 1, 2, 4, 5};
-
- EXPECT_THAT(controller_.populatePermissionState(PermissionEnum::MODIFY_AUDIO_ROUTING, uids),
- BinderStatusMatcher::isOk());
-
- EXPECT_THAT(controller_.checkPermission(PermissionEnum::MODIFY_AUDIO_ROUTING, 3),
- IsOkAnd(IsTrue()));
-}
-
-TEST_F(NativePermissionControllerTest, populatePermissionState_DoesNotHoldPermission) {
- // Unsorted
- std::vector<int> uids{3, 1, 2, 4, 5};
-
- EXPECT_THAT(controller_.populatePermissionState(PermissionEnum::MODIFY_AUDIO_ROUTING, uids),
- BinderStatusMatcher::isOk());
-
- EXPECT_THAT(controller_.checkPermission(PermissionEnum::MODIFY_AUDIO_ROUTING, 6),
- IsOkAnd(IsFalse()));
-}
-
-TEST_F(NativePermissionControllerTest, populatePermissionState_NotInitialized) {
- EXPECT_THAT(controller_.checkPermission(PermissionEnum::MODIFY_AUDIO_ROUTING, 3),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_STATE)));
-}
diff --git a/services/audiopolicy/permission/tests/ValidatedAttributionSourceStateTest.cpp b/services/audiopolicy/permission/tests/ValidatedAttributionSourceStateTest.cpp
deleted file mode 100644
index 0dd8814..0000000
--- a/services/audiopolicy/permission/tests/ValidatedAttributionSourceStateTest.cpp
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (C) 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <media/ValidatedAttributionSourceState.h>
-
-#include <gmock/gmock.h>
-#include <gtest/gtest.h>
-
-#include <android-base/expected.h>
-#include <error/ExpectedMatchers.h>
-#include <media/IPermissionProvider.h>
-#include "error/BinderStatusMatcher.h"
-
-using ::android::base::unexpected;
-using ::android::binder::Status;
-using ::android::binder::Status::EX_ILLEGAL_ARGUMENT;
-using ::android::binder::Status::EX_ILLEGAL_STATE;
-using ::android::binder::Status::EX_SECURITY;
-using ::android::content::AttributionSourceState;
-using ::android::error::BinderResult;
-using ::android::error::BinderStatusMatcher;
-using ::android::error::IsErrorAnd;
-using ::android::error::IsOkAnd;
-using ::com::android::media::permission::IPermissionProvider;
-using ::com::android::media::permission::PermissionEnum;
-using ::com::android::media::permission::ValidatedAttributionSourceState;
-
-using ::testing::Eq;
-using ::testing::Return;
-
-class MockPermissionProvider : public IPermissionProvider {
- public:
- MOCK_METHOD(BinderResult<std::vector<std::string>>, getPackagesForUid, (uid_t uid),
- (override, const));
- MOCK_METHOD(BinderResult<bool>, validateUidPackagePair, (uid_t uid, const std::string&),
- (override, const));
- MOCK_METHOD(BinderResult<bool>, checkPermission, (PermissionEnum perm, uid_t),
- (override, const));
-};
-
-class ValidatedAttributionSourceStateTest : public ::testing::Test {
- protected:
- MockPermissionProvider mMockProvider;
- const uid_t mUid = 10001;
- const std::vector<std::string> mPackageList{"com.package1", "com.package2"};
-};
-
-TEST_F(ValidatedAttributionSourceStateTest, providedPackageValid) {
- const std::string package = "com.package1";
- EXPECT_CALL(mMockProvider, validateUidPackagePair(mUid, package)).WillOnce(Return(true));
- AttributionSourceState attr;
- attr.uid = mUid;
- attr.packageName = package;
- EXPECT_THAT(ValidatedAttributionSourceState::createFromTrustedUidNoPackage(attr, mMockProvider),
- IsOkAnd(Eq(attr)));
-}
-
-TEST_F(ValidatedAttributionSourceStateTest, providedPackageInvalid) {
- const std::string package = "com.package.spoof";
- EXPECT_CALL(mMockProvider, validateUidPackagePair(mUid, package)).WillOnce(Return(false));
- AttributionSourceState attr;
- attr.uid = mUid;
- attr.packageName = package;
- EXPECT_THAT(ValidatedAttributionSourceState::createFromTrustedUidNoPackage(attr, mMockProvider),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_SECURITY)));
-}
-
-TEST_F(ValidatedAttributionSourceStateTest, packageLookup_whenMissingPackage) {
- EXPECT_CALL(mMockProvider, getPackagesForUid(mUid)).WillOnce(Return(mPackageList));
- AttributionSourceState attr;
- attr.uid = mUid;
- AttributionSourceState expectedAttr;
- expectedAttr.uid = mUid;
- expectedAttr.packageName = "com.package1";
- EXPECT_THAT(ValidatedAttributionSourceState::createFromTrustedUidNoPackage(attr, mMockProvider),
- IsOkAnd(Eq(expectedAttr)));
-}
-
-TEST_F(ValidatedAttributionSourceStateTest, packageLookup_whenEmptyPackage) {
- EXPECT_CALL(mMockProvider, getPackagesForUid(mUid)).WillOnce(Return(mPackageList));
- AttributionSourceState attr;
- attr.uid = mUid;
- attr.packageName = std::string{};
- AttributionSourceState expectedAttr;
- expectedAttr.uid = mUid;
- expectedAttr.packageName = "com.package1";
- EXPECT_THAT(ValidatedAttributionSourceState::createFromTrustedUidNoPackage(attr, mMockProvider),
- IsOkAnd(Eq(expectedAttr)));
-}
-
-TEST_F(ValidatedAttributionSourceStateTest, controllerNotInitialized) {
- EXPECT_CALL(mMockProvider, getPackagesForUid(mUid))
- .WillOnce(Return(unexpected{Status::fromExceptionCode(EX_ILLEGAL_STATE)}));
- AttributionSourceState attr;
- attr.uid = mUid;
- attr.packageName = std::string{};
- AttributionSourceState expectedAttr;
- expectedAttr.uid = mUid;
- expectedAttr.packageName = "com.package1";
- EXPECT_THAT(ValidatedAttributionSourceState::createFromTrustedUidNoPackage(attr, mMockProvider),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_STATE)));
-}
-
-TEST_F(ValidatedAttributionSourceStateTest, uidNotFound) {
- EXPECT_CALL(mMockProvider, getPackagesForUid(mUid))
- .WillOnce(Return(unexpected{Status::fromExceptionCode(EX_ILLEGAL_ARGUMENT)}));
- AttributionSourceState attr;
- attr.uid = mUid;
- attr.packageName = std::string{};
- EXPECT_THAT(ValidatedAttributionSourceState::createFromTrustedUidNoPackage(attr, mMockProvider),
- IsErrorAnd(BinderStatusMatcher::hasException(EX_ILLEGAL_ARGUMENT)));
-}
diff --git a/services/audiopolicy/service/Android.bp b/services/audiopolicy/service/Android.bp
index 79e328e..f415a41 100644
--- a/services/audiopolicy/service/Android.bp
+++ b/services/audiopolicy/service/Android.bp
@@ -25,7 +25,6 @@
"audio-permission-aidl-cpp",
"audioclient-types-aidl-cpp",
"audioflinger-aidl-cpp",
- "audiopermissioncontroller",
"audiopolicy-aidl-cpp",
"audiopolicy-types-aidl-cpp",
"capture_state_listener-aidl-cpp",
@@ -37,6 +36,7 @@
"libaudioclient_aidl_conversion",
"libaudiofoundation",
"libaudiohal",
+ "libaudiopermission",
"libaudiopolicy",
"libaudiopolicycomponents",
"libaudiopolicymanagerdefault",
@@ -118,6 +118,6 @@
name: "audiopolicyservicelocal_headers",
host_supported: true,
export_include_dirs: ["include"],
- header_libs: ["audiopermissioncontroller_headers"],
- export_header_lib_headers: ["audiopermissioncontroller_headers"],
+ header_libs: ["libaudiopermission_headers"],
+ export_header_lib_headers: ["libaudiopermission_headers"],
}