Blame - services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h - android_frameworks_av

blob: 7f4a1bdbeea9bd43e24d903426bb8852415797e1 [file] [log] [blame]

Austin Borger	249e659	2024-03-10 22:28:11 -0700	[diff] [blame^]	1	/*
				2	* Copyright (C) 2024 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16	#ifndef ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
				17	#define ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
				18
				19	#include <android/content/AttributionSourceState.h>
				20	#include <android/permission/PermissionChecker.h>
				21	#include <binder/BinderService.h>
				22
				23	namespace android {
				24
				25	class CameraService;
				26
				27	using content::AttributionSourceState;
				28	using permission::PermissionChecker;
				29
				30	/**
				31	* Utility class consolidating methods/data for verifying permissions and the identity of the
				32	* caller.
				33	*/
				34	class AttributionAndPermissionUtils {
				35	public:
				36	AttributionAndPermissionUtils() { }
				37	virtual ~AttributionAndPermissionUtils() {}
				38
				39	void setCameraService(wp<CameraService> cameraService) {
				40	mCameraService = cameraService;
				41	}
				42
				43	/**
				44	* Pre-grants the permission if the attribution source uid is for an automotive
				45	* privileged client. Otherwise uses system service permission checker to check
				46	* for the appropriate permission. If this function is called for accessing a specific
				47	* camera,then the cameraID must not be empty. CameraId is used only in case of automotive
				48	* privileged client so that permission is pre-granted only to access system camera device
				49	* which is located outside of the vehicle body frame because camera located inside the vehicle
				50	* cabin would need user permission.
				51	*/
				52	virtual bool checkPermissionForPreflight(const std::string &cameraId,
				53	const std::string &permission, const AttributionSourceState& attributionSource,
				54	const std::string& message, int32_t attributedOpCode);
				55
				56	// Can camera service trust the caller based on the calling UID?
				57	virtual bool isTrustedCallingUid(uid_t uid);
				58
				59	virtual bool isAutomotiveDevice();
				60	virtual bool isHeadlessSystemUserMode();
				61
				62	/**
				63	* Returns true if the client has uid AID_AUTOMOTIVE_EVS and the device is an automotive device.
				64	*/
				65	virtual bool isAutomotivePrivilegedClient(int32_t uid);
				66
				67	virtual status_t getUidForPackage(const std::string &packageName, int userId,
				68	/inout/uid_t& uid, int err);
				69	virtual bool isCallerCameraServerNotDelegating();
				70
				71	// Utils for checking specific permissions
				72	virtual bool hasPermissionsForCamera(const std::string& cameraId,
				73	const AttributionSourceState& attributionSource);
				74	virtual bool hasPermissionsForSystemCamera(const std::string& cameraId,
				75	const AttributionSourceState& attributionSource, bool checkCameraPermissions = true);
				76	virtual bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId,
				77	const AttributionSourceState& attributionSource);
				78	virtual bool hasPermissionsForCameraPrivacyAllowlist(
				79	const AttributionSourceState& attributionSource);
				80	virtual bool hasPermissionsForOpenCloseListener(
				81	const AttributionSourceState& attributionSource);
				82
				83	static const std::string sDumpPermission;
				84	static const std::string sManageCameraPermission;
				85	static const std::string sCameraPermission;
				86	static const std::string sSystemCameraPermission;
				87	static const std::string sCameraHeadlessSystemUserPermission;
				88	static const std::string sCameraPrivacyAllowlistPermission;
				89	static const std::string sCameraSendSystemEventsPermission;
				90	static const std::string sCameraOpenCloseListenerPermission;
				91	static const std::string sCameraInjectExternalCameraPermission;
				92
				93	protected:
				94	wp<CameraService> mCameraService;
				95
				96	bool checkAutomotivePrivilegedClient(const std::string &cameraId,
				97	const AttributionSourceState &attributionSource);
				98	};
				99
				100	/**
				101	* Class to be inherited by classes encapsulating AttributionAndPermissionUtils. Provides an
				102	* additional utility layer above AttributionAndPermissionUtils calls, and avoids verbosity
				103	* in the encapsulating class's methods.
				104	*/
				105	class AttributionAndPermissionUtilsEncapsulator {
				106	protected:
				107	std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
				108
				109	public:
				110	AttributionAndPermissionUtilsEncapsulator(
				111	std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)
				112	: mAttributionAndPermissionUtils(attributionAndPermissionUtils) { }
				113
				114	static AttributionSourceState buildAttributionSource(int callingPid, int callingUid) {
				115	AttributionSourceState attributionSource{};
				116	attributionSource.pid = callingPid;
				117	attributionSource.uid = callingUid;
				118	return attributionSource;
				119	}
				120
				121	static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
				122	const std::string& packageName) {
				123	AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid);
				124	attributionSource.packageName = packageName;
				125	return attributionSource;
				126	}
				127
				128	bool hasPermissionsForCamera(int callingPid, int callingUid) const {
				129	return hasPermissionsForCamera(std::string(), callingPid, callingUid);
				130	}
				131
				132	bool hasPermissionsForCamera(int callingPid, int callingUid,
				133	const std::string& packageName) const {
				134	return hasPermissionsForCamera(std::string(), callingPid, callingUid, packageName);
				135	}
				136
				137	bool hasPermissionsForCamera(const std::string& cameraId, int callingPid,
				138	int callingUid) const {
				139	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				140	return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
				141	}
				142
				143	bool hasPermissionsForCamera(const std::string& cameraId, int callingPid, int callingUid,
				144	const std::string& packageName) const {
				145	auto attributionSource = buildAttributionSource(callingPid, callingUid, packageName);
				146	return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
				147	}
				148
				149	bool hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid, int callingUid,
				150	bool checkCameraPermissions = true) const {
				151	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				152	return mAttributionAndPermissionUtils->hasPermissionsForSystemCamera(
				153	cameraId, attributionSource, checkCameraPermissions);
				154	}
				155
				156	bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId, int callingPid,
				157	int callingUid) const {
				158	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				159	return mAttributionAndPermissionUtils->hasPermissionsForCameraHeadlessSystemUser(
				160	cameraId, attributionSource);
				161	}
				162
				163	bool hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const {
				164	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				165	return mAttributionAndPermissionUtils->hasPermissionsForCameraPrivacyAllowlist(
				166	attributionSource);
				167	}
				168
				169	bool hasPermissionsForOpenCloseListener(int callingPid, int callingUid) const {
				170	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				171	return mAttributionAndPermissionUtils->hasPermissionsForOpenCloseListener(
				172	attributionSource);
				173	}
				174
				175	bool isAutomotiveDevice() const {
				176	return mAttributionAndPermissionUtils->isAutomotiveDevice();
				177	}
				178
				179	bool isAutomotivePrivilegedClient(int32_t uid) const {
				180	return mAttributionAndPermissionUtils->isAutomotivePrivilegedClient(uid);
				181	}
				182
				183	bool isTrustedCallingUid(uid_t uid) const {
				184	return mAttributionAndPermissionUtils->isTrustedCallingUid(uid);
				185	}
				186
				187	bool isHeadlessSystemUserMode() const {
				188	return mAttributionAndPermissionUtils->isHeadlessSystemUserMode();
				189	}
				190
				191	status_t getUidForPackage(const std::string &packageName, int userId,
				192	/inout/uid_t& uid, int err) const {
				193	return mAttributionAndPermissionUtils->getUidForPackage(packageName, userId, uid, err);
				194	}
				195
				196	bool isCallerCameraServerNotDelegating() const {
				197	return mAttributionAndPermissionUtils->isCallerCameraServerNotDelegating();
				198	}
				199	};
				200
				201	} // namespace android
				202
				203	#endif // ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H