Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_av / e506e732b90943927809f0ea4b8cb6869bb7a754 / . / services / camera / libcameraservice / utils / AttributionAndPermissionUtils.h
blob: 4f238ab19c42bdb8b056d0ba3bd00bfb2b40a1d4 [file] [log] [blame]
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]1/*
2 * Copyright (C) 2024 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
17#define ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
18
19#include <android/content/AttributionSourceState.h>
20#include <android/permission/PermissionChecker.h>
21#include <binder/BinderService.h>
Austin Borger22c5c852024-03-08 13:31:36 -0800[diff] [blame]22#include <private/android_filesystem_config.h>
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]23
24namespace android {
25
26class CameraService;
27
28using content::AttributionSourceState;
29using permission::PermissionChecker;
30
31/**
32 * Utility class consolidating methods/data for verifying permissions and the identity of the
33 * caller.
34 */
35class AttributionAndPermissionUtils {
Avichal Rakesh5788fec2024-03-15 14:39:20 -0700[diff] [blame]36 public:
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]37 AttributionAndPermissionUtils() { }
38 virtual ~AttributionAndPermissionUtils() {}
39
40 void setCameraService(wp<CameraService> cameraService) {
41 mCameraService = cameraService;
42 }
43
Austin Borger22c5c852024-03-08 13:31:36 -0800[diff] [blame]44 // Utilities handling Binder calling identities (previously in CameraThreadState)
45 virtual int getCallingUid();
46 virtual int getCallingPid();
47 virtual int64_t clearCallingIdentity();
48 virtual void restoreCallingIdentity(int64_t token);
49
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]50 /**
51 * Pre-grants the permission if the attribution source uid is for an automotive
52 * privileged client. Otherwise uses system service permission checker to check
53 * for the appropriate permission. If this function is called for accessing a specific
54 * camera,then the cameraID must not be empty. CameraId is used only in case of automotive
55 * privileged client so that permission is pre-granted only to access system camera device
56 * which is located outside of the vehicle body frame because camera located inside the vehicle
57 * cabin would need user permission.
58 */
59 virtual bool checkPermissionForPreflight(const std::string &cameraId,
60 const std::string &permission, const AttributionSourceState& attributionSource,
61 const std::string& message, int32_t attributedOpCode);
62
63 // Can camera service trust the caller based on the calling UID?
64 virtual bool isTrustedCallingUid(uid_t uid);
65
66 virtual bool isAutomotiveDevice();
67 virtual bool isHeadlessSystemUserMode();
68
69 /**
70 * Returns true if the client has uid AID_AUTOMOTIVE_EVS and the device is an automotive device.
71 */
72 virtual bool isAutomotivePrivilegedClient(int32_t uid);
73
74 virtual status_t getUidForPackage(const std::string &packageName, int userId,
75 /*inout*/uid_t& uid, int err);
76 virtual bool isCallerCameraServerNotDelegating();
77
78 // Utils for checking specific permissions
79 virtual bool hasPermissionsForCamera(const std::string& cameraId,
80 const AttributionSourceState& attributionSource);
81 virtual bool hasPermissionsForSystemCamera(const std::string& cameraId,
82 const AttributionSourceState& attributionSource, bool checkCameraPermissions = true);
83 virtual bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId,
84 const AttributionSourceState& attributionSource);
85 virtual bool hasPermissionsForCameraPrivacyAllowlist(
86 const AttributionSourceState& attributionSource);
87 virtual bool hasPermissionsForOpenCloseListener(
88 const AttributionSourceState& attributionSource);
89
90 static const std::string sDumpPermission;
91 static const std::string sManageCameraPermission;
92 static const std::string sCameraPermission;
93 static const std::string sSystemCameraPermission;
94 static const std::string sCameraHeadlessSystemUserPermission;
95 static const std::string sCameraPrivacyAllowlistPermission;
96 static const std::string sCameraSendSystemEventsPermission;
97 static const std::string sCameraOpenCloseListenerPermission;
98 static const std::string sCameraInjectExternalCameraPermission;
99
Avichal Rakesh5788fec2024-03-15 14:39:20 -0700[diff] [blame]100 protected:
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]101 wp<CameraService> mCameraService;
102
103 bool checkAutomotivePrivilegedClient(const std::string &cameraId,
104 const AttributionSourceState &attributionSource);
Avichal Rakesh5788fec2024-03-15 14:39:20 -0700[diff] [blame]105
106 private:
107 std::unique_ptr<permission::PermissionChecker> mPermissionChecker =
108 std::make_unique<permission::PermissionChecker>();
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]109};
110
111/**
112 * Class to be inherited by classes encapsulating AttributionAndPermissionUtils. Provides an
113 * additional utility layer above AttributionAndPermissionUtils calls, and avoids verbosity
114 * in the encapsulating class's methods.
115 */
116class AttributionAndPermissionUtilsEncapsulator {
117protected:
118 std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
119
120public:
121 AttributionAndPermissionUtilsEncapsulator(
122 std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)
123 : mAttributionAndPermissionUtils(attributionAndPermissionUtils) { }
124
125 static AttributionSourceState buildAttributionSource(int callingPid, int callingUid) {
126 AttributionSourceState attributionSource{};
127 attributionSource.pid = callingPid;
128 attributionSource.uid = callingUid;
129 return attributionSource;
130 }
131
132 static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
Biswarup Pale506e732024-03-27 13:46:20 +0000[diff] [blame^]133 int32_t deviceId) {
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]134 AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid);
Biswarup Pale506e732024-03-27 13:46:20 +0000[diff] [blame^]135 attributionSource.deviceId = deviceId;
136 return attributionSource;
137 }
138
139 static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
140 const std::string& packageName, int32_t deviceId) {
141 AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid,
142 deviceId);
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]143 attributionSource.packageName = packageName;
144 return attributionSource;
145 }
146
Austin Borger22c5c852024-03-08 13:31:36 -0800[diff] [blame]147 int getCallingUid() const {
148 return mAttributionAndPermissionUtils->getCallingUid();
149 }
150
151 int getCallingPid() const {
152 return mAttributionAndPermissionUtils->getCallingPid();
153 }
154
155 int64_t clearCallingIdentity() const {
156 return mAttributionAndPermissionUtils->clearCallingIdentity();
157 }
158
159 void restoreCallingIdentity(int64_t token) const {
160 mAttributionAndPermissionUtils->restoreCallingIdentity(token);
161 }
162
163 // The word 'System' here does not refer to callers only on the system
164 // partition. They just need to have an android system uid.
165 bool callerHasSystemUid() const {
166 return (getCallingUid() < AID_APP_START);
167 }
168
Biswarup Pale506e732024-03-27 13:46:20 +0000[diff] [blame^]169 bool hasPermissionsForCamera(int callingPid, int callingUid, int32_t deviceId) const {
170 return hasPermissionsForCamera(std::string(), callingPid, callingUid, deviceId);
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]171 }
172
173 bool hasPermissionsForCamera(int callingPid, int callingUid,
Biswarup Pale506e732024-03-27 13:46:20 +0000[diff] [blame^]174 const std::string& packageName, int32_t deviceId) const {
175 return hasPermissionsForCamera(std::string(), callingPid, callingUid, packageName,
176 deviceId);
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]177 }
178
179 bool hasPermissionsForCamera(const std::string& cameraId, int callingPid,
Biswarup Pale506e732024-03-27 13:46:20 +0000[diff] [blame^]180 int callingUid, int32_t deviceId) const {
181 auto attributionSource = buildAttributionSource(callingPid, callingUid,
182 deviceId);
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]183 return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
184 }
185
186 bool hasPermissionsForCamera(const std::string& cameraId, int callingPid, int callingUid,
Biswarup Pale506e732024-03-27 13:46:20 +0000[diff] [blame^]187 const std::string& packageName, int32_t deviceId) const {
188 auto attributionSource = buildAttributionSource(callingPid, callingUid, packageName,
189 deviceId);
Austin Borger249e6592024-03-10 22:28:11 -0700[diff] [blame]190 return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
191 }
192
193 bool hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid, int callingUid,
194 bool checkCameraPermissions = true) const {
195 auto attributionSource = buildAttributionSource(callingPid, callingUid);
196 return mAttributionAndPermissionUtils->hasPermissionsForSystemCamera(
197 cameraId, attributionSource, checkCameraPermissions);
198 }
199
200 bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId, int callingPid,
201 int callingUid) const {
202 auto attributionSource = buildAttributionSource(callingPid, callingUid);
203 return mAttributionAndPermissionUtils->hasPermissionsForCameraHeadlessSystemUser(
204 cameraId, attributionSource);
205 }
206
207 bool hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const {
208 auto attributionSource = buildAttributionSource(callingPid, callingUid);
209 return mAttributionAndPermissionUtils->hasPermissionsForCameraPrivacyAllowlist(
210 attributionSource);
211 }
212
213 bool hasPermissionsForOpenCloseListener(int callingPid, int callingUid) const {
214 auto attributionSource = buildAttributionSource(callingPid, callingUid);
215 return mAttributionAndPermissionUtils->hasPermissionsForOpenCloseListener(
216 attributionSource);
217 }
218
219 bool isAutomotiveDevice() const {
220 return mAttributionAndPermissionUtils->isAutomotiveDevice();
221 }
222
223 bool isAutomotivePrivilegedClient(int32_t uid) const {
224 return mAttributionAndPermissionUtils->isAutomotivePrivilegedClient(uid);
225 }
226
227 bool isTrustedCallingUid(uid_t uid) const {
228 return mAttributionAndPermissionUtils->isTrustedCallingUid(uid);
229 }
230
231 bool isHeadlessSystemUserMode() const {
232 return mAttributionAndPermissionUtils->isHeadlessSystemUserMode();
233 }
234
235 status_t getUidForPackage(const std::string &packageName, int userId,
236 /*inout*/uid_t& uid, int err) const {
237 return mAttributionAndPermissionUtils->getUidForPackage(packageName, userId, uid, err);
238 }
239
240 bool isCallerCameraServerNotDelegating() const {
241 return mAttributionAndPermissionUtils->isCallerCameraServerNotDelegating();
242 }
243};
244
245} // namespace android
246
247#endif // ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H