Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / de6f16ff078b0b72c8986ebe457c2cdff490a9f5^! / . / services / camera / virtualcamera / util / Permissions.cc
commitde6f16ff078b0b72c8986ebe457c2cdff490a9f5[log] [tgz]
authorJan Sebechlebsky <jsebechlebsky@google.com>Wed Nov 29 09:27:36 2023 +0100
committerJan Sebechlebsky <jsebechlebsky@google.com>Tue Dec 05 13:58:51 2023 +0100
tree944a17e43a45ce5814543ad138c7fc91d6557e00
parentf8505e0784c0d334c27974b6b14f03e80fe09e83 [diff] [blame]
Enforce CREATE_VIRTUAL_DEVICE permission for virtual camera service

Bug: 301023410
Test: atest
Change-Id: Ia3850ef0ace096dcda6c1d2fe8d3c5fd39e0a271

diff --git a/services/camera/virtualcamera/util/Permissions.cc b/services/camera/virtualcamera/util/Permissions.cc
new file mode 100644
index 0000000..634bca3
--- /dev/null
+++ b/services/camera/virtualcamera/util/Permissions.cc

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// #define LOG_NDEBUG 0
+#define LOG_TAG "VirtualCameraPermissions"
+
+#include "Permissions.h"
+
+#include "binder/PermissionCache.h"
+#include "log/log.h"
+
+namespace android {
+namespace companion {
+namespace virtualcamera {
+namespace {
+
+class PermissionsProxyImpl : public PermissionsProxy {
+ public:
+  bool checkCallingPermission(const std::string& permission) const override;
+};
+
+bool PermissionsProxyImpl::checkCallingPermission(
+    const std::string& permission) const {
+  int32_t uid;
+  int32_t pid;
+  const bool hasPermission = PermissionCache::checkCallingPermission(
+      String16(permission.c_str()), &pid, &uid);
+
+  ALOGV("%s: Checking %s permission for pid %d uid %d: %s", __func__,
+        permission.c_str(), pid, uid, hasPermission ? "granted" : "denied");
+  return hasPermission;
+}
+}  // namespace
+
+const PermissionsProxy& PermissionsProxy::get() {
+  static PermissionsProxyImpl sPermissionProxyImpl;
+  return sPermissionProxyImpl;
+}
+
+}  // namespace virtualcamera
+}  // namespace companion
+}  // namespace android