Resolve client package name and log connect early.
As a part of the effort to integrate AttributionSource into the camera
server and to avoid flag checks in too many locations, this change
approaches clustering resolution of the client's identity in a single
location. This will lead to a single flag check in a future CL whether
to rely on the AttributionSourceState data or to check for
USE_CALLING_*.
Flag: EXEMPT Strict mechanical refactor
Bug: 190657833
Test: atest CtsCameraTestCases, Camera1 + Camera2 apps
Change-Id: Ia07451da7926db7aff476f35974cbe31781045ad
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index f7afeab..ff364a4 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -1611,13 +1611,16 @@
std::string cameraIdStr = std::to_string(cameraId);
Status ret = Status::ok();
sp<Client> tmp = nullptr;
+
+ logConnectionAttempt(getCallingPid(), kServiceName, cameraIdStr, API_1);
+
if (!(ret = connectHelper<ICameraClient,Client>(
sp<ICameraClient>{nullptr}, cameraIdStr, cameraId,
kServiceName, /*systemNativeClient*/ false, {}, uid, USE_CALLING_PID,
API_1, /*shimUpdateOnly*/ true, /*oomScoreOffset*/ 0,
/*targetSdkVersion*/ __ANDROID_API_FUTURE__,
/*rotationOverride*/hardware::ICameraService::ROTATION_OVERRIDE_OVERRIDE_TO_PORTRAIT,
- /*forceSlowJpegMode*/false, cameraIdStr, /*out*/ tmp)
+ /*forceSlowJpegMode*/false, cameraIdStr, /*isNonSystemNdk*/ false, /*out*/ tmp)
).isOk()) {
ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().c_str());
}
@@ -2147,12 +2150,18 @@
return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
}
+ std::string clientPackageNameMaybe = clientAttribution.packageName.value_or("");
+ bool isNonSystemNdk = clientPackageNameMaybe.size() == 0;
+ std::string clientPackageName = resolvePackageName(clientAttribution.uid,
+ clientPackageNameMaybe);
+ logConnectionAttempt(clientAttribution.pid, clientPackageName, cameraIdStr, API_1);
+
sp<Client> client = nullptr;
ret = connectHelper<ICameraClient,Client>(cameraClient, cameraIdStr, api1CameraId,
- clientAttribution.packageName.value_or(""), /*systemNativeClient*/ false, {},
+ clientPackageName, /*systemNativeClient*/ false, {},
clientAttribution.uid, clientAttribution.pid, API_1,
/*shimUpdateOnly*/ false, /*oomScoreOffset*/ 0, targetSdkVersion,
- rotationOverride, forceSlowJpegMode, cameraIdStr, /*out*/client);
+ rotationOverride, forceSlowJpegMode, cameraIdStr, isNonSystemNdk, /*out*/client);
if (!ret.isOk()) {
logRejected(cameraIdStr, getCallingPid(), clientAttribution.packageName.value_or(""),
@@ -2241,13 +2250,13 @@
RunThreadWithRealtimePriority priorityBump;
Status ret = Status::ok();
sp<CameraDeviceClient> client = nullptr;
- std::string clientPackageNameAdj = clientAttribution.packageName.value_or("");
+ std::string clientPackageNameMaybe = clientAttribution.packageName.value_or("");
int callingPid = getCallingPid();
int callingUid = getCallingUid();
bool systemNativeClient = false;
- if (callerHasSystemUid() && (clientPackageNameAdj.size() == 0)) {
+ if (callerHasSystemUid() && (clientPackageNameMaybe.size() == 0)) {
std::string systemClient = fmt::sprintf("client.pid<%d>", callingPid);
- clientPackageNameAdj = systemClient;
+ clientPackageNameMaybe = systemClient;
systemNativeClient = true;
}
@@ -2261,10 +2270,15 @@
}
std::string cameraId = cameraIdOptional.value();
+ bool isNonSystemNdk = clientPackageNameMaybe.size() == 0;
+ std::string clientPackageName = resolvePackageName(clientAttribution.uid,
+ clientPackageNameMaybe);
+ logConnectionAttempt(clientAttribution.pid, clientPackageName, cameraId, API_2);
+
if (oomScoreOffset < 0) {
std::string msg =
fmt::sprintf("Cannot increase the priority of a client %s pid %d for "
- "camera id %s", clientPackageNameAdj.c_str(), callingPid,
+ "camera id %s", clientPackageName.c_str(), callingPid,
cameraId.c_str());
ALOGE("%s: %s", __FUNCTION__, msg.c_str());
return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.c_str());
@@ -2291,19 +2305,19 @@
&& !isTrustedCallingUid(callingUid)) {
std::string msg = fmt::sprintf("Cannot change the priority of a client %s pid %d for "
"camera id %s without SYSTEM_CAMERA permissions",
- clientPackageNameAdj.c_str(), callingPid, cameraId.c_str());
+ clientPackageName.c_str(), callingPid, cameraId.c_str());
ALOGE("%s: %s", __FUNCTION__, msg.c_str());
return STATUS_ERROR(ERROR_PERMISSION_DENIED, msg.c_str());
}
ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb,
- cameraId, /*api1CameraId*/-1, clientPackageNameAdj, systemNativeClient,
+ cameraId, /*api1CameraId*/-1, clientPackageName, systemNativeClient,
clientAttribution.attributionTag, clientAttribution.uid, USE_CALLING_PID, API_2,
/*shimUpdateOnly*/ false, oomScoreOffset, targetSdkVersion, rotationOverride,
- /*forceSlowJpegMode*/false, unresolvedCameraId, /*out*/client);
+ /*forceSlowJpegMode*/false, unresolvedCameraId, isNonSystemNdk, /*out*/client);
if (!ret.isOk()) {
- logRejected(cameraId, callingPid, clientPackageNameAdj, toStdString(ret.toString8()));
+ logRejected(cameraId, callingPid, clientPackageName, toStdString(ret.toString8()));
return ret;
}
@@ -2363,7 +2377,7 @@
return false;
}
-std::string CameraService::getPackageNameFromUid(int clientUid) {
+std::string CameraService::getPackageNameFromUid(int clientUid) const {
std::string packageName("");
sp<IPermissionController> permCtrl;
@@ -2408,37 +2422,44 @@
return packageName;
}
-template<class CALLBACK, class CLIENT>
-Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId,
- int api1CameraId, const std::string& clientPackageNameMaybe, bool systemNativeClient,
- const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid,
- apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion,
- int rotationOverride, bool forceSlowJpegMode,
- const std::string& originalCameraId, /*out*/sp<CLIENT>& device) {
- binder::Status ret = binder::Status::ok();
+void CameraService::logConnectionAttempt(int clientPid, const std::string& clientPackageName,
+ const std::string& cameraId, apiLevel effectiveApiLevel) const {
+ int packagePid = (clientPid == USE_CALLING_PID) ?
+ getCallingPid() : clientPid;
+ ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and "
+ "Camera API version %d", packagePid, clientPackageName.c_str(), cameraId.c_str(),
+ static_cast<int>(effectiveApiLevel));
+}
- bool isNonSystemNdk = false;
- std::string clientPackageName;
- int packageUid = (clientUid == USE_CALLING_UID) ?
- getCallingUid() : clientUid;
- int callingPid = getCallingPid();
+std::string CameraService::resolvePackageName(int clientUid,
+ const std::string& clientPackageNameMaybe) const {
if (clientPackageNameMaybe.size() <= 0) {
+ int packageUid = (clientUid == USE_CALLING_UID) ?
+ getCallingUid() : clientUid;
// NDK calls don't come with package names, but we need one for various cases.
// Generally, there's a 1:1 mapping between UID and package name, but shared UIDs
// do exist. For all authentication cases, all packages under the same UID get the
// same permissions, so picking any associated package name is sufficient. For some
// other cases, this may give inaccurate names for clients in logs.
- isNonSystemNdk = true;
- clientPackageName = getPackageNameFromUid(packageUid);
+ return getPackageNameFromUid(packageUid);
} else {
- clientPackageName = clientPackageNameMaybe;
+ return clientPackageNameMaybe;
}
+}
+template<class CALLBACK, class CLIENT>
+Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId,
+ int api1CameraId, const std::string& clientPackageName, bool systemNativeClient,
+ const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid,
+ apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion,
+ int rotationOverride, bool forceSlowJpegMode,
+ const std::string& originalCameraId, bool isNonSystemNdk, /*out*/sp<CLIENT>& device) {
+ binder::Status ret = binder::Status::ok();
+
+ int packageUid = (clientUid == USE_CALLING_UID) ?
+ getCallingUid() : clientUid;
int packagePid = (clientPid == USE_CALLING_PID) ?
- callingPid : clientPid;
- ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and "
- "Camera API version %d", packagePid, clientPackageName.c_str(), cameraId.c_str(),
- static_cast<int>(effectiveApiLevel));
+ getCallingPid() : clientPid;
nsecs_t openTimeNs = systemTime();
@@ -2528,7 +2549,7 @@
// that's connected to camera service directly.
if(!(ret = makeClient(this, cameraCb, clientPackageName, systemNativeClient,
clientFeatureId, cameraId, api1CameraId, facing,
- orientation, callingPid, clientUid, getpid(),
+ orientation, getCallingPid(), clientUid, getpid(),
deviceVersionAndTransport, effectiveApiLevel, overrideForPerfClass,
rotationOverride, forceSlowJpegMode, originalCameraId,
/*out*/&tmp)).isOk()) {