Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / a8672abd54aa7345f71e589095325543d9b15230^1..a8672abd54aa7345f71e589095325543d9b15230 / .
commita8672abd54aa7345f71e589095325543d9b15230[log] [tgz]
authorTreeHugger Robot <treehugger-gerrit@google.com>Tue Feb 09 19:26:28 2021 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Tue Feb 09 19:26:28 2021 +0000
treeaddf5f872ca09a3fb41a9a49d1e17df29125e17a
parentd4977d4420b42e8cc302158ee903b1b668ec9eb6 [diff]
parent6490085dd665b2c0b08799421ac33ce6d06b1aad [diff]
Merge "Camera: Handle opChanged callback with IGNORED for shell permission" into sc-dev
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 641e463..1234dfd 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp

@@ -2937,10 +2937,21 @@
             res == AppOpsManager::MODE_ERRORED ? "ERRORED" :
             "UNKNOWN");
 
-    if (res != AppOpsManager::MODE_ALLOWED) {
+    if (res == AppOpsManager::MODE_ERRORED) {
         ALOGI("Camera %s: Access for \"%s\" revoked", mCameraIdStr.string(),
               String8(mClientPackageName).string());
         block();
+    } else if (res == AppOpsManager::MODE_IGNORED) {
+        bool isUidActive = sCameraService->mUidPolicy->isUidActive(mClientUid, mClientPackageName);
+        ALOGI("Camera %s: Access for \"%s\" has been restricted, isUidTrusted %d, isUidActive %d",
+                mCameraIdStr.string(), String8(mClientPackageName).string(),
+                mUidIsTrusted, isUidActive);
+        // If the calling Uid is trusted (a native service), or the client Uid is active (WAR for
+        // b/175320666), the AppOpsManager could return MODE_IGNORED. Do not treat such cases as
+        // error.
+        if (!mUidIsTrusted && !isUidActive) {
+            block();
+        }
     }
 }