Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / 8f9a40ad4610cf59bd0a7e3fe278ca5ad4053fac^! / . / media / audioaidlconversion / AidlConversionCppNdk.cpp
commit8f9a40ad4610cf59bd0a7e3fe278ca5ad4053fac[log] [tgz]
authorEric Laurent <elaurent@google.com>Fri Oct 13 18:13:43 2023 +0200
committerEric Laurent <elaurent@google.com>Thu Oct 26 15:22:36 2023 +0000
treed945ccba05033d37e4ecddd23d535a0aba197e37
parent8aa8b311c37c9297c8d87b616d2756eec3dfc9f0 [diff] [blame]
Audio policy: anonymize Bluetooth MAC addresses

Make sure APIs returning audio device descriptors from the native
audioserver anonymize the Bluetooth MAC addresses because those are considered
privacy sensitive.
Only expose the full MAC address to system and apps with BLUETOOTH_CONNECT
permission.

APIs modified: listAudioPorts, listAudioPatches, getAudioPort
APIs that can only be called from system server or only convey port IDs
are not modified.

Bug: 285588444
Test: atest AudioManagerTest
Test: atest RoutingTest
Test: atest AudioCommunicationDeviceTest
Change-Id: Ia6bac184f5f39ed9d538f762ebb89bcceb44ae50
Merged-In: Ia6bac184f5f39ed9d538f762ebb89bcceb44ae50

diff --git a/media/audioaidlconversion/AidlConversionCppNdk.cpp b/media/audioaidlconversion/AidlConversionCppNdk.cpp
index 3b06245..f13cfa3 100644
--- a/media/audioaidlconversion/AidlConversionCppNdk.cpp
+++ b/media/audioaidlconversion/AidlConversionCppNdk.cpp

@@ -1052,6 +1052,13 @@
             if (mac.size() != 6) return BAD_VALUE;
             snprintf(addressBuffer, AUDIO_DEVICE_MAX_ADDRESS_LEN, "%02X:%02X:%02X:%02X:%02X:%02X",
                     mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
+            // special case for anonymized mac address:
+            // change anonymized bytes back from FD:FF:FF:FF to XX:XX:XX:XX
+            std::string address(addressBuffer);
+            if (address.compare(0, strlen("FD:FF:FF:FF"), "FD:FF:FF:FF") == 0) {
+                address.replace(0, strlen("FD:FF:FF:FF"), "XX:XX:XX:XX");
+            }
+            strcpy(addressBuffer, address.c_str());
         } break;
         case Tag::ipv4: {
             const std::vector<uint8_t>& ipv4 = aidl.address.get<AudioDeviceAddress::ipv4>();
@@ -1108,11 +1115,20 @@
     if (!legacyAddress.empty()) {
         switch (suggestDeviceAddressTag(aidl.type)) {
             case Tag::mac: {
+                // special case for anonymized mac address:
+                // change anonymized bytes so that they can be scanned as HEX bytes
+                // Use '01' for LSB bits 0 and 1 as Bluetooth MAC addresses are never multicast
+                // and universaly administered
+                std::string address = legacyAddress;
+                if (address.compare(0, strlen("XX:XX:XX:XX"), "XX:XX:XX:XX") == 0) {
+                    address.replace(0, strlen("XX:XX:XX:XX"), "FD:FF:FF:FF");
+                }
+
                 std::vector<uint8_t> mac(6);
-                int status = sscanf(legacyAddress.c_str(), "%hhX:%hhX:%hhX:%hhX:%hhX:%hhX",
+                int status = sscanf(address.c_str(), "%hhX:%hhX:%hhX:%hhX:%hhX:%hhX",
                         &mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]);
                 if (status != mac.size()) {
-                    ALOGE("%s: malformed MAC address: \"%s\"", __func__, legacyAddress.c_str());
+                    ALOGE("%s: malformed MAC address: \"%s\"", __func__, address.c_str());
                     return unexpected(BAD_VALUE);
                 }
                 aidl.address = AudioDeviceAddress::make<AudioDeviceAddress::mac>(std::move(mac));