cameraserver: Modified rules for different kinds of system cameras.
Since we now have AIDL HALs as well, just depending on whether a binder
call is being made from a hwbinder thread is not enough to determine
whether a system camera / hidden secure camera should be accessible to the
client. The same goes for modifying oom scores / process state for
vendor clients. Instead we now allow privileged clients (uid <
AID_APP_START) to access system and hidden secure cameras. This will
include vendor clients as well. Oom score and process state re-mapping is now done for native
privileged clients.
Bug: 196432585
Test: Make Camera2 app privileged; make all cameras on device system only cameras
See that other 3P apps / GCA can't access cameras; Camera2 can.
Test: CTS with cuttlefish depth camera made system camera
Test: Manually check that privileged native camera clients have their
oom score and process state modified to let 3P apps evict them.
Test: atest Camera2PermissionTest.java
Change-Id: I1e81a554491f3d84f28d82a22bd0683a3407d46f
Signed-off-by: Jayant Chowdhary <jchowdhary@google.com>
diff --git a/services/camera/libcameraservice/api1/Camera2Client.cpp b/services/camera/libcameraservice/api1/Camera2Client.cpp
index 8c72bd7..5fcd43e 100644
--- a/services/camera/libcameraservice/api1/Camera2Client.cpp
+++ b/services/camera/libcameraservice/api1/Camera2Client.cpp
@@ -60,9 +60,10 @@
uid_t clientUid,
int servicePid,
bool overrideForPerfClass):
- Camera2ClientBase(cameraService, cameraClient, clientPackageName, clientFeatureId,
- cameraDeviceId, api1CameraId, cameraFacing, sensorOrientation,
- clientPid, clientUid, servicePid, overrideForPerfClass, /*legacyClient*/ true),
+ Camera2ClientBase(cameraService, cameraClient, clientPackageName,
+ false/*systemNativeClient - since no ndk for api1*/, clientFeatureId,
+ cameraDeviceId, api1CameraId, cameraFacing, sensorOrientation, clientPid,
+ clientUid, servicePid, overrideForPerfClass, /*legacyClient*/ true),
mParameters(api1CameraId, cameraFacing)
{
ATRACE_CALL();