Revert "Introduce AttributionAndPermissionUtils."
This reverts commit 17e3ebe817c681973a3058c5bd38974d850a16ca.
Reason for revert: Local testing + debugging
Change-Id: I2e8a8cd456d1fb7f8d12072f6f0aaa12e6dc6e6c
diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h
index 11cf1a1..8822cd3 100644
--- a/services/camera/libcameraservice/CameraService.h
+++ b/services/camera/libcameraservice/CameraService.h
@@ -53,7 +53,6 @@
#include "utils/ClientManager.h"
#include "utils/IPCTransport.h"
#include "utils/CameraServiceProxyWrapper.h"
-#include "utils/AttributionAndPermissionUtils.h"
#include <set>
#include <string>
@@ -120,9 +119,7 @@
// Non-null arguments for cameraServiceProxyWrapper should be provided for
// testing purposes only.
CameraService(std::shared_ptr<CameraServiceProxyWrapper>
- cameraServiceProxyWrapper = nullptr,
- std::shared_ptr<AttributionAndPermissionUtils>
- attributionAndPermissionUtils = nullptr);
+ cameraServiceProxyWrapper = nullptr);
virtual ~CameraService();
/////////////////////////////////////////////////////////////////////
@@ -317,21 +314,6 @@
// Shared utilities
static binder::Status filterGetInfoErrorCode(status_t err);
- bool isAutomotiveDevice() const;
-
- /**
- * Returns true if the client has uid AID_AUTOMOTIVE_EVS and the device is an automotive device.
- */
- bool isAutomotivePrivilegedClient(int32_t uid) const;
-
- /**
- * Returns true if the device is an automotive device and cameraId is system
- * only camera which has characteristic AUTOMOTIVE_LOCATION value as either
- * AUTOMOTIVE_LOCATION_EXTERIOR_LEFT,AUTOMOTIVE_LOCATION_EXTERIOR_RIGHT,
- * AUTOMOTIVE_LOCATION_EXTERIOR_FRONT or AUTOMOTIVE_LOCATION_EXTERIOR_REAR.
- */
- bool isAutomotiveExteriorSystemCamera(const std::string& cameraId) const;
-
/////////////////////////////////////////////////////////////////////
// CameraClient functionality
@@ -446,7 +428,6 @@
protected:
BasicClient(const sp<CameraService>& cameraService,
const sp<IBinder>& remoteCallback,
- std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,
const std::string& clientPackageName,
bool nativeClient,
const std::optional<std::string>& clientFeatureId,
@@ -460,8 +441,6 @@
virtual ~BasicClient();
- std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
-
// the instance is in the middle of destruction. When this is set,
// the instance should not be accessed from callback.
// CameraService's mClientLock should be acquired to access this.
@@ -562,7 +541,6 @@
// Interface used by CameraService
Client(const sp<CameraService>& cameraService,
const sp<hardware::ICameraClient>& cameraClient,
- std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,
const std::string& clientPackageName,
bool systemNativeClient,
const std::optional<std::string>& clientFeatureId,
@@ -666,6 +644,13 @@
int32_t updateAudioRestrictionLocked();
private:
+ /**
+ * Returns true if the device is an automotive device and cameraId is system
+ * only camera which has characteristic AUTOMOTIVE_LOCATION value as either
+ * AUTOMOTIVE_LOCATION_EXTERIOR_LEFT,AUTOMOTIVE_LOCATION_EXTERIOR_RIGHT,
+ * AUTOMOTIVE_LOCATION_EXTERIOR_FRONT or AUTOMOTIVE_LOCATION_EXTERIOR_REAR.
+ */
+ bool isAutomotiveExteriorSystemCamera(const std::string& cameraId) const;
// TODO: b/263304156 update this to make use of a death callback for more
// robust/fault tolerant logging
@@ -681,19 +666,28 @@
return activityManager;
}
- bool hasPermissionsForCamera(int callingPid, int callingUid) const;
+ /**
+ * Pre-grants the permission if the attribution source uid is for an automotive
+ * privileged client. Otherwise uses system service permission checker to check
+ * for the appropriate permission. If this function is called for accessing a specific
+ * camera,then the cameraID must not be empty. CameraId is used only in case of automotive
+ * privileged client so that permission is pre-granted only to access system camera device
+ * which is located outside of the vehicle body frame because camera located inside the vehicle
+ * cabin would need user permission.
+ */
+ bool checkPermission(const std::string& cameraId, const std::string& permission,
+ const content::AttributionSourceState& attributionSource, const std::string& message,
+ int32_t attributedOpCode) const;
- bool hasPermissionsForCamera(const std::string& cameraId, int callingPid, int callingUid) const;
-
- bool hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid, int callingUid,
- bool checkCameraPermissions = true) const;
+ bool hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid, int callingUid)
+ const;
bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId, int callingPid,
int callingUid) const;
- bool hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const;
+ bool hasCameraPermissions() const;
- bool hasPermissionsForOpenCloseListener(int callingPid, int callingUid) const;
+ bool hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const;
/**
* Typesafe version of device status, containing both the HAL-layer and the service interface-
@@ -881,11 +875,8 @@
public virtual IBinder::DeathRecipient,
public virtual IServiceManager::LocalRegistrationCallback {
public:
- explicit SensorPrivacyPolicy(wp<CameraService> service,
- std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)
- : mService(service),
- mAttributionAndPermissionUtils(attributionAndPermissionUtils),
- mSensorPrivacyEnabled(false),
+ explicit SensorPrivacyPolicy(wp<CameraService> service)
+ : mService(service), mSensorPrivacyEnabled(false),
mCameraPrivacyState(SensorPrivacyManager::DISABLED), mRegistered(false) {}
void registerSelf();
@@ -909,7 +900,6 @@
private:
SensorPrivacyManager mSpm;
wp<CameraService> mService;
- std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
Mutex mSensorPrivacyLock;
bool mSensorPrivacyEnabled;
int mCameraPrivacyState;
@@ -924,7 +914,6 @@
sp<SensorPrivacyPolicy> mSensorPrivacyPolicy;
std::shared_ptr<CameraServiceProxyWrapper> mCameraServiceProxyWrapper;
- std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
// Delay-load the Camera HAL module
virtual void onFirstRef();
@@ -937,11 +926,6 @@
void addStates(const std::string& id);
void removeStates(const std::string& id);
- bool isTrustedCallingUid(uid_t uid) const;
-
- status_t getUidForPackage(const std::string &packageName, int userId,
- /*inout*/uid_t& uid, int err) const;
-
// Check if we can connect, before we acquire the service lock.
// The returned originalClientPid is the PID of the original process that wants to connect to
// camera.