commit b18227c8faf3cfdc7824308e3990a451b961d6d9
author Ahaan Ugale <augale@google.com> Mon Jun 07 11:52:54 2021 -0700
committer Ahaan Ugale <augale@google.com> Mon Jun 07 12:13:04 2021 -0700
tree a8b0a7a9f488f844154bbd9016b1f1db0706c223
parent 69124fa313937e442c387f1bfe4ed6407800715a

Switch media fw hotword permission check to PermissionChecker (av)

PermissionChecker now includes some higher level logic for allowing the
HotwordDetectionService to access hotword audio.

Bug: 190011174
Test: manual - sample app can read audio (with a few other wip changes)
Change-Id: Id1b7755844c370c9465cd2180e5f03463186ef7b

media/utils/ServiceUtilities.cpp

diff --git a/media/utils/ServiceUtilities.cpp b/media/utils/ServiceUtilities.cpp
index bc413d1..9c7b863 100644
--- a/media/utils/ServiceUtilities.cpp
+++ b/media/utils/ServiceUtilities.cpp
@@ -215,14 +215,17 @@
 }
 
 bool captureHotwordAllowed(const AttributionSourceState& attributionSource) {
-    uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid));
-    uid_t pid = VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(attributionSource.pid));
     // CAPTURE_AUDIO_HOTWORD permission implies RECORD_AUDIO permission
     bool ok = recordingAllowed(attributionSource);
 
     if (ok) {
         static const String16 sCaptureHotwordAllowed("android.permission.CAPTURE_AUDIO_HOTWORD");
-        ok = PermissionCache::checkPermission(sCaptureHotwordAllowed, pid, uid);
+        // Use PermissionChecker, which includes some logic for allowing the isolated
+        // HotwordDetectionService to hold certain permissions.
+        permission::PermissionChecker permissionChecker;
+        ok = (permissionChecker.checkPermissionForPreflight(
+                sCaptureHotwordAllowed, attributionSource, String16(),
+                AppOpsManager::OP_NONE) != permission::PermissionChecker::PERMISSION_HARD_DENIED);
     }
     if (!ok) ALOGV("android.permission.CAPTURE_AUDIO_HOTWORD");
     return ok;