Blame - services/camera/libcameraservice/utils/AttributionAndPermissionUtils.h - android_frameworks_av

blob: 830a8e8d59e79b2ddb5cdfce941e7446af6dd4d5 [file] [log] [blame]

Austin Borger	249e659	2024-03-10 22:28:11 -0700	[diff] [blame]	1	/*
				2	* Copyright (C) 2024 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16	#ifndef ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
				17	#define ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
				18
				19	#include <android/content/AttributionSourceState.h>
				20	#include <android/permission/PermissionChecker.h>
				21	#include <binder/BinderService.h>
				22
				23	namespace android {
				24
				25	class CameraService;
				26
				27	using content::AttributionSourceState;
				28	using permission::PermissionChecker;
				29
				30	/**
				31	* Utility class consolidating methods/data for verifying permissions and the identity of the
				32	* caller.
				33	*/
				34	class AttributionAndPermissionUtils {
Avichal Rakesh	5788fec	2024-03-15 14:39:20 -0700	[diff] [blame^]	35	public:
Austin Borger	249e659	2024-03-10 22:28:11 -0700	[diff] [blame]	36	AttributionAndPermissionUtils() { }
				37	virtual ~AttributionAndPermissionUtils() {}
				38
				39	void setCameraService(wp<CameraService> cameraService) {
				40	mCameraService = cameraService;
				41	}
				42
				43	/**
				44	* Pre-grants the permission if the attribution source uid is for an automotive
				45	* privileged client. Otherwise uses system service permission checker to check
				46	* for the appropriate permission. If this function is called for accessing a specific
				47	* camera,then the cameraID must not be empty. CameraId is used only in case of automotive
				48	* privileged client so that permission is pre-granted only to access system camera device
				49	* which is located outside of the vehicle body frame because camera located inside the vehicle
				50	* cabin would need user permission.
				51	*/
				52	virtual bool checkPermissionForPreflight(const std::string &cameraId,
				53	const std::string &permission, const AttributionSourceState& attributionSource,
				54	const std::string& message, int32_t attributedOpCode);
				55
				56	// Can camera service trust the caller based on the calling UID?
				57	virtual bool isTrustedCallingUid(uid_t uid);
				58
				59	virtual bool isAutomotiveDevice();
				60	virtual bool isHeadlessSystemUserMode();
				61
				62	/**
				63	* Returns true if the client has uid AID_AUTOMOTIVE_EVS and the device is an automotive device.
				64	*/
				65	virtual bool isAutomotivePrivilegedClient(int32_t uid);
				66
				67	virtual status_t getUidForPackage(const std::string &packageName, int userId,
				68	/inout/uid_t& uid, int err);
				69	virtual bool isCallerCameraServerNotDelegating();
				70
				71	// Utils for checking specific permissions
				72	virtual bool hasPermissionsForCamera(const std::string& cameraId,
				73	const AttributionSourceState& attributionSource);
				74	virtual bool hasPermissionsForSystemCamera(const std::string& cameraId,
				75	const AttributionSourceState& attributionSource, bool checkCameraPermissions = true);
				76	virtual bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId,
				77	const AttributionSourceState& attributionSource);
				78	virtual bool hasPermissionsForCameraPrivacyAllowlist(
				79	const AttributionSourceState& attributionSource);
				80	virtual bool hasPermissionsForOpenCloseListener(
				81	const AttributionSourceState& attributionSource);
				82
				83	static const std::string sDumpPermission;
				84	static const std::string sManageCameraPermission;
				85	static const std::string sCameraPermission;
				86	static const std::string sSystemCameraPermission;
				87	static const std::string sCameraHeadlessSystemUserPermission;
				88	static const std::string sCameraPrivacyAllowlistPermission;
				89	static const std::string sCameraSendSystemEventsPermission;
				90	static const std::string sCameraOpenCloseListenerPermission;
				91	static const std::string sCameraInjectExternalCameraPermission;
				92
Avichal Rakesh	5788fec	2024-03-15 14:39:20 -0700	[diff] [blame^]	93	protected:
Austin Borger	249e659	2024-03-10 22:28:11 -0700	[diff] [blame]	94	wp<CameraService> mCameraService;
				95
				96	bool checkAutomotivePrivilegedClient(const std::string &cameraId,
				97	const AttributionSourceState &attributionSource);
Avichal Rakesh	5788fec	2024-03-15 14:39:20 -0700	[diff] [blame^]	98
				99	private:
				100	std::unique_ptr<permission::PermissionChecker> mPermissionChecker =
				101	std::make_unique<permission::PermissionChecker>();
Austin Borger	249e659	2024-03-10 22:28:11 -0700	[diff] [blame]	102	};
				103
				104	/**
				105	* Class to be inherited by classes encapsulating AttributionAndPermissionUtils. Provides an
				106	* additional utility layer above AttributionAndPermissionUtils calls, and avoids verbosity
				107	* in the encapsulating class's methods.
				108	*/
				109	class AttributionAndPermissionUtilsEncapsulator {
				110	protected:
				111	std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
				112
				113	public:
				114	AttributionAndPermissionUtilsEncapsulator(
				115	std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)
				116	: mAttributionAndPermissionUtils(attributionAndPermissionUtils) { }
				117
				118	static AttributionSourceState buildAttributionSource(int callingPid, int callingUid) {
				119	AttributionSourceState attributionSource{};
				120	attributionSource.pid = callingPid;
				121	attributionSource.uid = callingUid;
				122	return attributionSource;
				123	}
				124
				125	static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
				126	const std::string& packageName) {
				127	AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid);
				128	attributionSource.packageName = packageName;
				129	return attributionSource;
				130	}
				131
				132	bool hasPermissionsForCamera(int callingPid, int callingUid) const {
				133	return hasPermissionsForCamera(std::string(), callingPid, callingUid);
				134	}
				135
				136	bool hasPermissionsForCamera(int callingPid, int callingUid,
				137	const std::string& packageName) const {
				138	return hasPermissionsForCamera(std::string(), callingPid, callingUid, packageName);
				139	}
				140
				141	bool hasPermissionsForCamera(const std::string& cameraId, int callingPid,
				142	int callingUid) const {
				143	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				144	return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
				145	}
				146
				147	bool hasPermissionsForCamera(const std::string& cameraId, int callingPid, int callingUid,
				148	const std::string& packageName) const {
				149	auto attributionSource = buildAttributionSource(callingPid, callingUid, packageName);
				150	return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
				151	}
				152
				153	bool hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid, int callingUid,
				154	bool checkCameraPermissions = true) const {
				155	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				156	return mAttributionAndPermissionUtils->hasPermissionsForSystemCamera(
				157	cameraId, attributionSource, checkCameraPermissions);
				158	}
				159
				160	bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId, int callingPid,
				161	int callingUid) const {
				162	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				163	return mAttributionAndPermissionUtils->hasPermissionsForCameraHeadlessSystemUser(
				164	cameraId, attributionSource);
				165	}
				166
				167	bool hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const {
				168	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				169	return mAttributionAndPermissionUtils->hasPermissionsForCameraPrivacyAllowlist(
				170	attributionSource);
				171	}
				172
				173	bool hasPermissionsForOpenCloseListener(int callingPid, int callingUid) const {
				174	auto attributionSource = buildAttributionSource(callingPid, callingUid);
				175	return mAttributionAndPermissionUtils->hasPermissionsForOpenCloseListener(
				176	attributionSource);
				177	}
				178
				179	bool isAutomotiveDevice() const {
				180	return mAttributionAndPermissionUtils->isAutomotiveDevice();
				181	}
				182
				183	bool isAutomotivePrivilegedClient(int32_t uid) const {
				184	return mAttributionAndPermissionUtils->isAutomotivePrivilegedClient(uid);
				185	}
				186
				187	bool isTrustedCallingUid(uid_t uid) const {
				188	return mAttributionAndPermissionUtils->isTrustedCallingUid(uid);
				189	}
				190
				191	bool isHeadlessSystemUserMode() const {
				192	return mAttributionAndPermissionUtils->isHeadlessSystemUserMode();
				193	}
				194
				195	status_t getUidForPackage(const std::string &packageName, int userId,
				196	/inout/uid_t& uid, int err) const {
				197	return mAttributionAndPermissionUtils->getUidForPackage(packageName, userId, uid, err);
				198	}
				199
				200	bool isCallerCameraServerNotDelegating() const {
				201	return mAttributionAndPermissionUtils->isCallerCameraServerNotDelegating();
				202	}
				203	};
				204
				205	} // namespace android
				206
				207	#endif // ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H