Allow VNDK 'users' which are not foreground to connect to camera devices.
Bug: 125464062
Test: GCA (sanity)
Test: Connect to a camera device using a HAL process, change the device user and connect again;
connection is successful
Change-Id: Ia25b961baa396fd383d089e400c6d877b9875955
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index e06897f..e005398 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -972,8 +972,9 @@
userid_t clientUserId = multiuser_get_user_id(clientUid);
// Only allow clients who are being used by the current foreground device user, unless calling
- // from our own process.
- if (callingPid != getpid() && (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) {
+ // from our own process OR the caller is using the cameraserver's HIDL interface.
+ if (!hardware::IPCThreadState::self()->isServingCall() && callingPid != getpid() &&
+ (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) {
ALOGE("CameraService::connect X (PID %d) rejected (cannot connect from "
"device user %d, currently allowed device users: %s)", callingPid, clientUserId,
toString(mAllowedUsers).string());