Use data delivery permission checks
The new PermissionChecker APIs check permission for a client while also
intiating an AppOp at the same time. They are also capable of checking
permissions for the full AttributionSource chain in the process.
In this change, we switch out the legacy AppOpsManager APIs for the
new PermissionChecker APIs. Some details may need to be ironed out,
particularly when it comes to prioritization of clients. This will be
handled in a future CL.
Bug: 190657833
Bug: 369841571
Test: Ran CameraPermissionTest with 10 iterations for all flag permutations
Flag: com.android.internal.camera.flags.check_full_attribution_source_chain
Change-Id: If6a777bcb9af4f7004a45a2aac35a404be8d9db1
diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.cpp b/services/camera/libcameraservice/common/Camera2ClientBase.cpp
index 1f13492..f6b1e80 100644
--- a/services/camera/libcameraservice/common/Camera2ClientBase.cpp
+++ b/services/camera/libcameraservice/common/Camera2ClientBase.cpp
@@ -131,10 +131,10 @@
return NO_INIT;
}
- // Verify ops permissions
- res = TClientBase::startCameraOps();
+ // Notify camera opening (check op if check_full_attribution_source_chain flag is off).
+ res = TClientBase::notifyCameraOpening();
if (res != OK) {
- TClientBase::finishCameraOps();
+ TClientBase::notifyCameraClosing();
return res;
}
@@ -142,7 +142,7 @@
if (res != OK) {
ALOGE("%s: Camera %s: unable to initialize device: %s (%d)",
__FUNCTION__, TClientBase::mCameraIdStr.c_str(), strerror(-res), res);
- TClientBase::finishCameraOps();
+ TClientBase::notifyCameraClosing();
return res;
}