Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / 4ef19fa450e8b523741a22fabee8f62691abec37 / . / media / utils / ServiceUtilities.cpp
blob: 6a90beaeba47cfb27520c31bae800ddee3d3f833 [file] [log] [blame]
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]17#include <binder/AppOpsManager.h>
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]18#include <binder/IPCThreadState.h>
19#include <binder/IServiceManager.h>
20#include <binder/PermissionCache.h>
Andy Hungab7ef302018-05-15 19:35:29 -0700[diff] [blame]21#include "mediautils/ServiceUtilities.h"
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]22
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]23/* When performing permission checks we do not use permission cache for
24 * runtime permissions (protection level dangerous) as they may change at
25 * runtime. All other permissions (protection level normal and dangerous)
26 * can be cached as they never change. Of course all permission checked
27 * here are platform defined.
28 */
29
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]30namespace android {
31
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]32static const String16 sAndroidPermissionRecordAudio("android.permission.RECORD_AUDIO");
33
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]34static String16 resolveCallingPackage(PermissionController& permissionController,
35 const String16& opPackageName, uid_t uid) {
36 if (opPackageName.size() > 0) {
37 return opPackageName;
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]38 }
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]39 // In some cases the calling code has no access to the package it runs under.
40 // For example, code using the wilhelm framework's OpenSL-ES APIs. In this
41 // case we will get the packages for the calling UID and pick the first one
42 // for attributing the app op. This will work correctly for runtime permissions
43 // as for legacy apps we will toggle the app op for all packages in the UID.
44 // The caveat is that the operation may be attributed to the wrong package and
45 // stats based on app ops may be slightly off.
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]46 Vector<String16> packages;
47 permissionController.getPackagesForUid(uid, packages);
48 if (packages.isEmpty()) {
49 ALOGE("No packages for uid %d", uid);
50 return opPackageName; // empty string
51 }
52 return packages[0];
53}
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]54
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]55static bool checkRecordingInternal(const String16& opPackageName, pid_t pid,
56 uid_t uid, bool start) {
57 // Okay to not track in app ops as audio server is us and if
58 // device is rooted security model is considered compromised.
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame^]59 if (isAudioServerOrRootUid(uid)) return true;
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]60
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]61 // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder)
62 // may open a record track on behalf of a client. Note that pid may be a tid.
63 // IMPORTANT: DON'T USE PermissionCache - RUNTIME PERMISSIONS CHANGE.
64 PermissionController permissionController;
65 const bool ok = permissionController.checkPermission(sAndroidPermissionRecordAudio, pid, uid);
66 if (!ok) {
67 ALOGE("Request requires %s", String8(sAndroidPermissionRecordAudio).c_str());
68 return false;
69 }
70
71 String16 resolvedOpPackageName = resolveCallingPackage(
72 permissionController, opPackageName, uid);
73 if (resolvedOpPackageName.size() == 0) {
74 return false;
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]75 }
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]76
77 AppOpsManager appOps;
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]78 const int32_t op = appOps.permissionToOpCode(sAndroidPermissionRecordAudio);
79 if (start) {
80 if (appOps.startOpNoThrow(op, uid, resolvedOpPackageName, /*startIfModeDefault*/ false)
81 != AppOpsManager::MODE_ALLOWED) {
82 ALOGE("Request denied by app op: %d", op);
83 return false;
84 }
85 } else {
86 if (appOps.noteOp(op, uid, resolvedOpPackageName) != AppOpsManager::MODE_ALLOWED) {
87 ALOGE("Request denied by app op: %d", op);
88 return false;
89 }
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]90 }
91
92 return true;
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]93}
94
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]95bool recordingAllowed(const String16& opPackageName, pid_t pid, uid_t uid) {
96 return checkRecordingInternal(opPackageName, pid, uid, /*start*/ false);
97}
98
99bool startRecording(const String16& opPackageName, pid_t pid, uid_t uid) {
100 return checkRecordingInternal(opPackageName, pid, uid, /*start*/ true);
101}
102
103void finishRecording(const String16& opPackageName, uid_t uid) {
104 // Okay to not track in app ops as audio server is us and if
105 // device is rooted security model is considered compromised.
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame^]106 if (isAudioServerOrRootUid(uid)) return;
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]107
108 PermissionController permissionController;
109 String16 resolvedOpPackageName = resolveCallingPackage(
110 permissionController, opPackageName, uid);
111 if (resolvedOpPackageName.size() == 0) {
112 return;
113 }
114
115 AppOpsManager appOps;
116 const int32_t op = appOps.permissionToOpCode(sAndroidPermissionRecordAudio);
117 appOps.finishOp(op, uid, resolvedOpPackageName);
118}
119
Eric Laurentb2379ba2016-05-23 17:42:12 -0700[diff] [blame]120bool captureAudioOutputAllowed(pid_t pid, uid_t uid) {
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame^]121 if (isAudioServerOrRootUid(uid)) return true;
Jeff Brown893a5642013-08-16 20:19:26 -0700[diff] [blame]122 static const String16 sCaptureAudioOutput("android.permission.CAPTURE_AUDIO_OUTPUT");
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]123 bool ok = PermissionCache::checkPermission(sCaptureAudioOutput, pid, uid);
Jeff Brown893a5642013-08-16 20:19:26 -0700[diff] [blame]124 if (!ok) ALOGE("Request requires android.permission.CAPTURE_AUDIO_OUTPUT");
125 return ok;
126}
127
Eric Laurent7504b9e2017-08-15 18:17:26 -0700[diff] [blame]128bool captureHotwordAllowed(pid_t pid, uid_t uid) {
129 // CAPTURE_AUDIO_HOTWORD permission implies RECORD_AUDIO permission
130 bool ok = recordingAllowed(String16(""), pid, uid);
131
132 if (ok) {
133 static const String16 sCaptureHotwordAllowed("android.permission.CAPTURE_AUDIO_HOTWORD");
134 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
135 ok = PermissionCache::checkCallingPermission(sCaptureHotwordAllowed);
136 }
Eric Laurent9a54bc22013-09-09 09:08:44 -0700[diff] [blame]137 if (!ok) ALOGE("android.permission.CAPTURE_AUDIO_HOTWORD");
138 return ok;
139}
140
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]141bool settingsAllowed() {
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame^]142 // given this is a permission check, could this be isAudioServerOrRootUid()?
143 if (isAudioServerUid(IPCThreadState::self()->getCallingUid())) return true;
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]144 static const String16 sAudioSettings("android.permission.MODIFY_AUDIO_SETTINGS");
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]145 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
146 bool ok = PermissionCache::checkCallingPermission(sAudioSettings);
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]147 if (!ok) ALOGE("Request requires android.permission.MODIFY_AUDIO_SETTINGS");
148 return ok;
149}
150
Eric Laurent5284ed52014-05-29 14:37:38 -0700[diff] [blame]151bool modifyAudioRoutingAllowed() {
152 static const String16 sModifyAudioRoutingAllowed("android.permission.MODIFY_AUDIO_ROUTING");
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]153 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
154 bool ok = PermissionCache::checkCallingPermission(sModifyAudioRoutingAllowed);
Eric Laurent5284ed52014-05-29 14:37:38 -0700[diff] [blame]155 if (!ok) ALOGE("android.permission.MODIFY_AUDIO_ROUTING");
156 return ok;
157}
158
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]159bool dumpAllowed() {
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]160 static const String16 sDump("android.permission.DUMP");
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]161 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]162 bool ok = PermissionCache::checkCallingPermission(sDump);
163 // convention is for caller to dump an error message to fd instead of logging here
164 //if (!ok) ALOGE("Request requires android.permission.DUMP");
165 return ok;
166}
167
Nadav Bar766fb022018-01-07 12:18:03 +0200[diff] [blame]168bool modifyPhoneStateAllowed(pid_t pid, uid_t uid) {
169 static const String16 sModifyPhoneState("android.permission.MODIFY_PHONE_STATE");
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]170 bool ok = PermissionCache::checkPermission(sModifyPhoneState, pid, uid);
Nadav Bar766fb022018-01-07 12:18:03 +0200[diff] [blame]171 if (!ok) ALOGE("Request requires android.permission.MODIFY_PHONE_STATE");
172 return ok;
173}
174
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]175} // namespace android