Use data delivery permission checks
The new PermissionChecker APIs check permission for a client while also
intiating an AppOp at the same time. They are also capable of checking
permissions for the full AttributionSource chain in the process.
In this change, we switch out the legacy AppOpsManager APIs for the
new PermissionChecker APIs. Some details may need to be ironed out,
particularly when it comes to prioritization of clients. This will be
handled in a future CL.
Bug: 190657833
Bug: 369841571
Test: Ran CameraPermissionTest with 10 iterations for all flag permutations
Flag: com.android.internal.camera.flags.check_full_attribution_source_chain
Change-Id: If6a777bcb9af4f7004a45a2aac35a404be8d9db1
diff --git a/services/camera/libcameraservice/api2/CameraOfflineSessionClient.cpp b/services/camera/libcameraservice/api2/CameraOfflineSessionClient.cpp
index 277a8cf..e783cbc 100644
--- a/services/camera/libcameraservice/api2/CameraOfflineSessionClient.cpp
+++ b/services/camera/libcameraservice/api2/CameraOfflineSessionClient.cpp
@@ -34,8 +34,8 @@
return OK;
}
- // Verify ops permissions
- auto res = startCameraOps();
+ // Verify ops permissions and/or open camera
+ auto res = notifyCameraOpening();
if (res != OK) {
return res;
}
@@ -184,7 +184,7 @@
mFrameProcessor->requestExit();
mFrameProcessor->join();
- finishCameraOps();
+ notifyCameraClosing();
ALOGI("%s: Disconnected client for offline camera %s for PID %d", __FUNCTION__,
mCameraIdStr.c_str(), mCallingPid);
@@ -227,10 +227,10 @@
}
}
-status_t CameraOfflineSessionClient::startCameraOps() {
+status_t CameraOfflineSessionClient::notifyCameraOpening() {
ATRACE_CALL();
{
- ALOGV("%s: Start camera ops, package name = %s, client UID = %d", __FUNCTION__,
+ ALOGV("%s: Notify camera opening, package name = %s, client UID = %d", __FUNCTION__,
getPackageName().c_str(), getClientUid());
}
@@ -262,7 +262,7 @@
}
}
- mOpsActive = true;
+ mCameraOpen = true;
// Transition device state to OPEN
sCameraService->mUidPolicy->registerMonitorUid(getClientUid(), /*openCamera*/ true);
@@ -270,17 +270,17 @@
return OK;
}
-status_t CameraOfflineSessionClient::finishCameraOps() {
+status_t CameraOfflineSessionClient::notifyCameraClosing() {
ATRACE_CALL();
- // Check if startCameraOps succeeded, and if so, finish the camera op
- if (mOpsActive) {
+ // Check if notifyCameraOpening succeeded, and if so, finish the camera op if necessary
+ if (mCameraOpen) {
// Notify app ops that the camera is available again
if (mAppOpsManager != nullptr) {
// TODO : possibly change this to OP_OFFLINE_CAMERA_SESSION
mAppOpsManager->finishOp(AppOpsManager::OP_CAMERA, getClientUid(),
toString16(getPackageName()));
- mOpsActive = false;
+ mCameraOpen = false;
}
}
// Always stop watching, even if no camera op is active
diff --git a/services/camera/libcameraservice/api2/CameraOfflineSessionClient.h b/services/camera/libcameraservice/api2/CameraOfflineSessionClient.h
index 29dd72c..574ff9a 100644
--- a/services/camera/libcameraservice/api2/CameraOfflineSessionClient.h
+++ b/services/camera/libcameraservice/api2/CameraOfflineSessionClient.h
@@ -98,8 +98,8 @@
status_t setZoomOverride(int32_t zoomOverride) override;
// permissions management
- status_t startCameraOps() override;
- status_t finishCameraOps() override;
+ status_t notifyCameraOpening() override;
+ status_t notifyCameraClosing() override;
// FilteredResultListener API
void onResultAvailable(const CaptureResult& result) override;