Make camera preflight permission check device-aware
Test: atest CtsVirtualDevicesCameraTestCases
Bug: 291736219
Change-Id: I41d878f5bc6cb8f25ce8cf2160d0d0bff1445bf6
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index d65fa8b..378eb4a 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -1092,7 +1092,11 @@
}
std::vector<int32_t> tagsRemoved;
- bool hasCameraPermission = hasPermissionsForCamera(cameraId, callingPid, callingUid);
+ // Get the device id that owns this camera.
+ auto [cameraOwnerDeviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(
+ cameraId);
+ bool hasCameraPermission = hasPermissionsForCamera(cameraId, callingPid, callingUid,
+ cameraOwnerDeviceId);
if (hasCameraPermission) {
// Caller has camera permission; no need to remove keys
return Status::ok();
@@ -1910,14 +1914,16 @@
ALOGE("%s: Invalid camera id %s, skipping", __FUNCTION__, cameraId.c_str());
return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "No camera device with ID \"%s\""
"found while trying to query device kind", cameraId.c_str());
-
}
+ // Get the device id that owns this camera.
+ auto [deviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
+
// If it's not calling from cameraserver, check the permission if the
// device isn't a system only camera (shouldRejectSystemCameraConnection already checks for
// android.permission.SYSTEM_CAMERA for system only camera devices).
bool checkPermissionForCamera =
- hasPermissionsForCamera(cameraId, clientPid, clientUid, clientName);
+ hasPermissionsForCamera(cameraId, clientPid, clientUid, clientName, deviceId);
if (callingPid != getpid() &&
(deviceKind != SystemCameraKind::SYSTEM_ONLY_CAMERA) && !checkPermissionForCamera) {
ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
@@ -3446,8 +3452,9 @@
// Check for camera permissions
int callingPid = getCallingPid();
int callingUid = getCallingUid();
+ // TODO(b/291736219): Pass deviceId owning the camera if we make this method device-aware.
bool hasCameraPermission = ((callingPid == getpid()) ||
- hasPermissionsForCamera(callingPid, callingUid));
+ hasPermissionsForCamera(callingPid, callingUid, kDefaultDeviceId));
if (!hasCameraPermission) {
return STATUS_ERROR(ERROR_PERMISSION_DENIED,
"android.permission.CAMERA needed to call"
diff --git a/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h b/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h
index db6457f..4f238ab 100644
--- a/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h
+++ b/services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h
@@ -130,8 +130,16 @@
}
static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
- const std::string& packageName) {
+ int32_t deviceId) {
AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid);
+ attributionSource.deviceId = deviceId;
+ return attributionSource;
+ }
+
+ static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
+ const std::string& packageName, int32_t deviceId) {
+ AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid,
+ deviceId);
attributionSource.packageName = packageName;
return attributionSource;
}
@@ -158,24 +166,27 @@
return (getCallingUid() < AID_APP_START);
}
- bool hasPermissionsForCamera(int callingPid, int callingUid) const {
- return hasPermissionsForCamera(std::string(), callingPid, callingUid);
+ bool hasPermissionsForCamera(int callingPid, int callingUid, int32_t deviceId) const {
+ return hasPermissionsForCamera(std::string(), callingPid, callingUid, deviceId);
}
bool hasPermissionsForCamera(int callingPid, int callingUid,
- const std::string& packageName) const {
- return hasPermissionsForCamera(std::string(), callingPid, callingUid, packageName);
+ const std::string& packageName, int32_t deviceId) const {
+ return hasPermissionsForCamera(std::string(), callingPid, callingUid, packageName,
+ deviceId);
}
bool hasPermissionsForCamera(const std::string& cameraId, int callingPid,
- int callingUid) const {
- auto attributionSource = buildAttributionSource(callingPid, callingUid);
+ int callingUid, int32_t deviceId) const {
+ auto attributionSource = buildAttributionSource(callingPid, callingUid,
+ deviceId);
return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
}
bool hasPermissionsForCamera(const std::string& cameraId, int callingPid, int callingUid,
- const std::string& packageName) const {
- auto attributionSource = buildAttributionSource(callingPid, callingUid, packageName);
+ const std::string& packageName, int32_t deviceId) const {
+ auto attributionSource = buildAttributionSource(callingPid, callingUid, packageName,
+ deviceId);
return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
}