audio policy: call redirection permission
Add specific permission check for audio capture and playback associated
to call audio redirection.
Bug: 189472651
Test: make
Change-Id: Ie1b63dabef36a9931f4809b8200dc0b18e5230ec
diff --git a/media/libaudioclient/AidlConversion.cpp b/media/libaudioclient/AidlConversion.cpp
index 4c83406..9cc3d5d 100644
--- a/media/libaudioclient/AidlConversion.cpp
+++ b/media/libaudioclient/AidlConversion.cpp
@@ -2301,6 +2301,8 @@
return AUDIO_FLAG_CONTENT_SPATIALIZED;
case media::AudioFlag::NEVER_SPATIALIZE:
return AUDIO_FLAG_NEVER_SPATIALIZE;
+ case media::AudioFlag::CALL_REDIRECTION:
+ return AUDIO_FLAG_CALL_REDIRECTION;
}
return unexpected(BAD_VALUE);
}
@@ -2342,6 +2344,8 @@
return media::AudioFlag::CONTENT_SPATIALIZED;
case AUDIO_FLAG_NEVER_SPATIALIZE:
return media::AudioFlag::NEVER_SPATIALIZE;
+ case AUDIO_FLAG_CALL_REDIRECTION:
+ return media::AudioFlag::CALL_REDIRECTION;
}
return unexpected(BAD_VALUE);
}
diff --git a/media/libaudioclient/aidl/android/media/AudioFlag.aidl b/media/libaudioclient/aidl/android/media/AudioFlag.aidl
index 91361fb..acf4e6d 100644
--- a/media/libaudioclient/aidl/android/media/AudioFlag.aidl
+++ b/media/libaudioclient/aidl/android/media/AudioFlag.aidl
@@ -36,4 +36,5 @@
CAPTURE_PRIVATE = 13,
CONTENT_SPATIALIZED = 14,
NEVER_SPATIALIZE = 15,
+ CALL_REDIRECTION = 16,
}
diff --git a/media/utils/ServiceUtilities.cpp b/media/utils/ServiceUtilities.cpp
index 4f0909b..3ee7626 100644
--- a/media/utils/ServiceUtilities.cpp
+++ b/media/utils/ServiceUtilities.cpp
@@ -45,6 +45,7 @@
static const String16 sAndroidPermissionRecordAudio("android.permission.RECORD_AUDIO");
static const String16 sModifyPhoneState("android.permission.MODIFY_PHONE_STATE");
static const String16 sModifyAudioRouting("android.permission.MODIFY_AUDIO_ROUTING");
+static const String16 sCallAudioInterception("android.permission.CALL_AUDIO_INTERCEPTION");
static String16 resolveCallingPackage(PermissionController& permissionController,
const std::optional<String16> opPackageName, uid_t uid) {
@@ -309,6 +310,17 @@
return ok;
}
+bool callAudioInterceptionAllowed(const AttributionSourceState& attributionSource) {
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid));
+ pid_t pid = VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(attributionSource.pid));
+
+ // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
+ bool ok = PermissionCache::checkPermission(sCallAudioInterception, pid, uid);
+ if (!ok) ALOGE("%s(): android.permission.CALL_AUDIO_INTERCEPTION denied for uid %d",
+ __func__, uid);
+ return ok;
+}
+
AttributionSourceState getCallingAttributionSource() {
AttributionSourceState attributionSource = AttributionSourceState();
attributionSource.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(
diff --git a/media/utils/include/mediautils/ServiceUtilities.h b/media/utils/include/mediautils/ServiceUtilities.h
index 734313c..2fe2451 100644
--- a/media/utils/include/mediautils/ServiceUtilities.h
+++ b/media/utils/include/mediautils/ServiceUtilities.h
@@ -104,6 +104,7 @@
bool dumpAllowed();
bool modifyPhoneStateAllowed(const AttributionSourceState& attributionSource);
bool bypassInterruptionPolicyAllowed(const AttributionSourceState& attributionSource);
+bool callAudioInterceptionAllowed(const AttributionSourceState& attributionSource);
void purgePermissionCache();
int32_t getOpForSource(audio_source_t source);