Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / e506e732b90943927809f0ea4b8cb6869bb7a754^! / . / services / camera / libcameraservice / CameraService.cpp
commite506e732b90943927809f0ea4b8cb6869bb7a754[log] [tgz]
authorBiswarup Pal <biswarupp@google.com>Wed Mar 27 13:46:20 2024 +0000
committerBiswarup Pal <biswarupp@google.com>Fri Apr 05 12:15:10 2024 +0000
tree0093a36ed1d843c7cf0bc8121f2301f8e6cf562b
parent9f1798362b3f6752968aab9c1f093610b2904e64 [diff] [blame]
Make camera preflight permission check device-aware

Test: atest CtsVirtualDevicesCameraTestCases
Bug: 291736219
Change-Id: I41d878f5bc6cb8f25ce8cf2160d0d0bff1445bf6

diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index d65fa8b..378eb4a 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp

@@ -1092,7 +1092,11 @@
     }
 
     std::vector<int32_t> tagsRemoved;
-    bool hasCameraPermission = hasPermissionsForCamera(cameraId, callingPid, callingUid);
+    // Get the device id that owns this camera.
+    auto [cameraOwnerDeviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(
+            cameraId);
+    bool hasCameraPermission = hasPermissionsForCamera(cameraId, callingPid, callingUid,
+            cameraOwnerDeviceId);
     if (hasCameraPermission) {
         // Caller has camera permission; no need to remove keys
         return Status::ok();
@@ -1910,14 +1914,16 @@
         ALOGE("%s: Invalid camera id %s, skipping", __FUNCTION__, cameraId.c_str());
         return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "No camera device with ID \"%s\""
                 "found while trying to query device kind", cameraId.c_str());
-
     }
 
+    // Get the device id that owns this camera.
+    auto [deviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
+
     // If it's not calling from cameraserver, check the permission if the
     // device isn't a system only camera (shouldRejectSystemCameraConnection already checks for
     // android.permission.SYSTEM_CAMERA for system only camera devices).
     bool checkPermissionForCamera =
-            hasPermissionsForCamera(cameraId, clientPid, clientUid, clientName);
+            hasPermissionsForCamera(cameraId, clientPid, clientUid, clientName, deviceId);
     if (callingPid != getpid() &&
                 (deviceKind != SystemCameraKind::SYSTEM_ONLY_CAMERA) && !checkPermissionForCamera) {
         ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
@@ -3446,8 +3452,9 @@
     // Check for camera permissions
     int callingPid = getCallingPid();
     int callingUid = getCallingUid();
+    // TODO(b/291736219): Pass deviceId owning the camera if we make this method device-aware.
     bool hasCameraPermission = ((callingPid == getpid()) ||
-            hasPermissionsForCamera(callingPid, callingUid));
+            hasPermissionsForCamera(callingPid, callingUid, kDefaultDeviceId));
     if (!hasCameraPermission) {
         return STATUS_ERROR(ERROR_PERMISSION_DENIED,
                 "android.permission.CAMERA needed to call"