Enforce CREATE_VIRTUAL_DEVICE permission for virtual camera service
Bug: 301023410
Test: atest
Change-Id: Ia3850ef0ace096dcda6c1d2fe8d3c5fd39e0a271
diff --git a/services/camera/virtualcamera/tests/VirtualCameraServiceTest.cc b/services/camera/virtualcamera/tests/VirtualCameraServiceTest.cc
index f931cb4..f4d5042 100644
--- a/services/camera/virtualcamera/tests/VirtualCameraServiceTest.cc
+++ b/services/camera/virtualcamera/tests/VirtualCameraServiceTest.cc
@@ -29,6 +29,7 @@
#include "binder/Binder.h"
#include "gmock/gmock.h"
#include "gtest/gtest.h"
+#include "util/Permissions.h"
#include "utils/Errors.h"
namespace android {
@@ -50,10 +51,13 @@
using ::testing::IsEmpty;
using ::testing::IsNull;
using ::testing::Not;
+using ::testing::Return;
using ::testing::SizeIs;
constexpr int kVgaWidth = 640;
constexpr int kVgaHeight = 480;
+constexpr char kCreateVirtualDevicePermissions[] =
+ "android.permission.CREATE_VIRTUAL_DEVICE";
const VirtualCameraConfiguration kEmptyVirtualCameraConfiguration;
@@ -76,6 +80,12 @@
(override));
};
+class MockPermissionsProxy : public PermissionsProxy {
+ public:
+ MOCK_METHOD(bool, checkCallingPermission, (const std::string&),
+ (const override));
+};
+
class VirtualCameraServiceTest : public ::testing::Test {
public:
void SetUp() override {
@@ -87,8 +97,11 @@
return ndk::ScopedAStatus::ok();
});
mCameraProvider->setCallback(mMockCameraProviderCallback);
- mCameraService =
- ndk::SharedRefBase::make<VirtualCameraService>(mCameraProvider);
+ mCameraService = ndk::SharedRefBase::make<VirtualCameraService>(
+ mCameraProvider, mMockPermissionsProxy);
+
+ ON_CALL(mMockPermissionsProxy, checkCallingPermission)
+ .WillByDefault(Return(true));
mDevNullFd = open("/dev/null", O_RDWR);
ASSERT_THAT(mDevNullFd, Ge(0));
@@ -129,6 +142,7 @@
std::shared_ptr<VirtualCameraProvider> mCameraProvider;
std::shared_ptr<MockCameraProviderCallback> mMockCameraProviderCallback =
ndk::SharedRefBase::make<MockCameraProviderCallback>();
+ MockPermissionsProxy mMockPermissionsProxy;
sp<BBinder> mOwnerToken;
ndk::SpAIBinder mNdkOwnerToken;
@@ -242,6 +256,40 @@
EXPECT_THAT(mCameraService->getCamera(mNdkOwnerToken), IsNull());
}
+TEST_F(VirtualCameraServiceTest, RegisterCameraWithoutPermissionFails) {
+ bool aidlRet;
+ EXPECT_CALL(mMockPermissionsProxy,
+ checkCallingPermission(kCreateVirtualDevicePermissions))
+ .WillOnce(Return(false));
+
+ EXPECT_THAT(mCameraService
+ ->registerCamera(mNdkOwnerToken, mVgaYUV420OnlyConfiguration,
+ &aidlRet)
+ .getExceptionCode(),
+ Eq(EX_SECURITY));
+}
+
+TEST_F(VirtualCameraServiceTest, UnregisterCameraWithoutPermissionFails) {
+ EXPECT_CALL(mMockPermissionsProxy,
+ checkCallingPermission(kCreateVirtualDevicePermissions))
+ .WillOnce(Return(false));
+
+ EXPECT_THAT(
+ mCameraService->unregisterCamera(mNdkOwnerToken).getExceptionCode(),
+ Eq(EX_SECURITY));
+}
+
+TEST_F(VirtualCameraServiceTest, GetIdWithoutPermissionFails) {
+ int32_t aidlRet;
+ EXPECT_CALL(mMockPermissionsProxy,
+ checkCallingPermission(kCreateVirtualDevicePermissions))
+ .WillOnce(Return(false));
+
+ EXPECT_THAT(
+ mCameraService->getCameraId(mNdkOwnerToken, &aidlRet).getExceptionCode(),
+ Eq(EX_SECURITY));
+}
+
TEST_F(VirtualCameraServiceTest, UnregisterCameraWithUnknownToken) {
createCamera();