Switch media fw permissions checks to AttributionSource
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
Teach speech recognition service about attribution
chains. If an implementation does nothing the OS
would enforce permisisons and do blame as always.
This apporach leads to double blaming and doesn't
support attribition chains where app calls into
the default recognizer which calls into the on
device recognizer (this nests recursively). If the
implementer takes advantage of the attribution chain
mechanims the permissions for the entire chain are
checked at mic access time and all apps are blamed
only once.
Fixed a few bugs around finishing ops for attribution
chains. Also ensured that any app death in a started
attribution chain would lead to finishing the op for
this app
bug: 158792096
Test: ((added tests for speech reco))
atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Change-Id: Ic92c7adc14bd2d135ac13b96f17a1b393dd562e4
diff --git a/media/jni/Android.bp b/media/jni/Android.bp
index d49790e..bc73f6a 100644
--- a/media/jni/Android.bp
+++ b/media/jni/Android.bp
@@ -51,6 +51,7 @@
shared_libs: [
"audioclient-types-aidl-cpp",
"av-types-aidl-cpp",
+ "framework-permission-aidl-cpp",
"libandroid_runtime",
"libaudioclient",
"libnativehelper",
@@ -85,7 +86,6 @@
"android.hardware.drm@1.4",
"android.hidl.memory@1.0",
"android.hidl.token@1.0-utils",
- "media_permission-aidl-cpp",
],
header_libs: [
diff --git a/media/jni/android_media_MediaPlayer.cpp b/media/jni/android_media_MediaPlayer.cpp
index a360759..2636ab2 100644
--- a/media/jni/android_media_MediaPlayer.cpp
+++ b/media/jni/android_media_MediaPlayer.cpp
@@ -17,7 +17,6 @@
//#define LOG_NDEBUG 0
#define LOG_TAG "MediaPlayer-JNI"
-#include "permission_utils.h"
#include "utils/Log.h"
#include <media/mediaplayer.h>
@@ -80,8 +79,6 @@
using namespace android;
using media::VolumeShaper;
-using media::permission::Identity;
-using media::permission::convertIdentity;
// ----------------------------------------------------------------------------
@@ -949,11 +946,14 @@
static void
android_media_MediaPlayer_native_setup(JNIEnv *env, jobject thiz, jobject weak_this,
- jobject jIdentity)
+ jobject jAttributionSource)
{
ALOGV("native_setup");
- sp<MediaPlayer> mp = new MediaPlayer(convertIdentity(env, jIdentity));
+ Parcel* parcel = parcelForJavaObject(env, jAttributionSource);
+ android::content::AttributionSourceState attributionSource;
+ attributionSource.readFromParcel(parcel);
+ sp<MediaPlayer> mp = new MediaPlayer(attributionSource);
if (mp == NULL) {
jniThrowException(env, "java/lang/RuntimeException", "Out of memory");
return;
@@ -1409,7 +1409,7 @@
{"native_setMetadataFilter", "(Landroid/os/Parcel;)I", (void *)android_media_MediaPlayer_setMetadataFilter},
{"native_getMetadata", "(ZZLandroid/os/Parcel;)Z", (void *)android_media_MediaPlayer_getMetadata},
{"native_init", "()V", (void *)android_media_MediaPlayer_native_init},
- {"native_setup", "(Ljava/lang/Object;Landroid/media/permission/Identity;)V",(void *)android_media_MediaPlayer_native_setup},
+ {"native_setup", "(Ljava/lang/Object;Landroid/os/Parcel;)V",(void *)android_media_MediaPlayer_native_setup},
{"native_finalize", "()V", (void *)android_media_MediaPlayer_native_finalize},
{"getAudioSessionId", "()I", (void *)android_media_MediaPlayer_get_audio_session_id},
{"native_setAudioSessionId", "(I)V", (void *)android_media_MediaPlayer_set_audio_session_id},
diff --git a/media/jni/android_media_MediaRecorder.cpp b/media/jni/android_media_MediaRecorder.cpp
index 6641123..7ef0f77 100644
--- a/media/jni/android_media_MediaRecorder.cpp
+++ b/media/jni/android_media_MediaRecorder.cpp
@@ -24,7 +24,6 @@
//#define LOG_NDEBUG 0
#define LOG_TAG "MediaRecorderJNI"
-#include "permission_utils.h"
#include <utils/Log.h>
#include <gui/Surface.h>
@@ -46,13 +45,13 @@
#include <system/audio.h>
#include <android_runtime/android_view_Surface.h>
+#include <android/content/AttributionSourceState.h>
+#include <android_os_Parcel.h>
// ----------------------------------------------------------------------------
using namespace android;
-using android::media::permission::convertIdentity;
-
// ----------------------------------------------------------------------------
// helper function to extract a native Camera object from a Camera Java object
@@ -620,11 +619,14 @@
static void
android_media_MediaRecorder_native_setup(JNIEnv *env, jobject thiz, jobject weak_this,
- jstring packageName, jobject jIdentity)
+ jstring packageName, jobject jAttributionSource)
{
ALOGV("setup");
- sp<MediaRecorder> mr = new MediaRecorder(convertIdentity(env, jIdentity));
+ Parcel* parcel = parcelForJavaObject(env, jAttributionSource);
+ android::content::AttributionSourceState attributionSource;
+ attributionSource.readFromParcel(parcel);
+ sp<MediaRecorder> mr = new MediaRecorder(attributionSource);
if (mr == NULL) {
jniThrowException(env, "java/lang/RuntimeException", "Out of memory");
@@ -871,7 +873,7 @@
{"native_reset", "()V", (void *)android_media_MediaRecorder_native_reset},
{"release", "()V", (void *)android_media_MediaRecorder_release},
{"native_init", "()V", (void *)android_media_MediaRecorder_native_init},
- {"native_setup", "(Ljava/lang/Object;Ljava/lang/String;Landroid/media/permission/Identity;)V",
+ {"native_setup", "(Ljava/lang/Object;Ljava/lang/String;Landroid/os/Parcel;)V",
(void *)android_media_MediaRecorder_native_setup},
{"native_finalize", "()V", (void *)android_media_MediaRecorder_native_finalize},
{"native_setInputSurface", "(Landroid/view/Surface;)V", (void *)android_media_MediaRecorder_setInputSurface },
diff --git a/media/jni/audioeffect/Android.bp b/media/jni/audioeffect/Android.bp
index bfed983..2ddfacf 100644
--- a/media/jni/audioeffect/Android.bp
+++ b/media/jni/audioeffect/Android.bp
@@ -19,6 +19,7 @@
],
shared_libs: [
+ "framework-permission-aidl-cpp",
"liblog",
"libcutils",
"libutils",
@@ -27,11 +28,11 @@
"libaudioclient",
"libaudioutils",
"libaudiofoundation",
- "media_permission-aidl-cpp",
+ "libbinder"
],
export_shared_lib_headers: [
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
version_script: "exports.lds",
diff --git a/media/jni/audioeffect/Visualizer.cpp b/media/jni/audioeffect/Visualizer.cpp
index 8a52456..84a8d51 100644
--- a/media/jni/audioeffect/Visualizer.cpp
+++ b/media/jni/audioeffect/Visualizer.cpp
@@ -28,14 +28,16 @@
#include <cutils/bitops.h>
#include <utils/Thread.h>
+#include <android/content/AttributionSourceState.h>
+
#include "Visualizer.h"
namespace android {
// ---------------------------------------------------------------------------
-Visualizer::Visualizer (const Identity& identity)
- : AudioEffect(identity)
+Visualizer::Visualizer (const android::content::AttributionSourceState& attributionSource)
+ : AudioEffect(attributionSource)
{
}
diff --git a/media/jni/audioeffect/Visualizer.h b/media/jni/audioeffect/Visualizer.h
index 3ee91f0..aa07ce8 100644
--- a/media/jni/audioeffect/Visualizer.h
+++ b/media/jni/audioeffect/Visualizer.h
@@ -20,9 +20,7 @@
#include <media/AudioEffect.h>
#include <system/audio_effects/effect_visualizer.h>
#include <utils/Thread.h>
-#include "android/media/permission/Identity.h"
-
-using namespace android::media::permission;
+#include "android/content/AttributionSourceState.h"
/**
* The Visualizer class enables application to retrieve part of the currently playing audio for
@@ -68,9 +66,9 @@
/* Constructor.
* See AudioEffect constructor for details on parameters.
*/
- explicit Visualizer(const Identity& identity);
+ explicit Visualizer(const android::content::AttributionSourceState& attributionSource);
- ~Visualizer();
+ ~Visualizer();
/**
* Initialize an uninitialized Visualizer.
diff --git a/media/jni/audioeffect/android_media_AudioEffect.cpp b/media/jni/audioeffect/android_media_AudioEffect.cpp
index 953b7e0..3a8decd 100644
--- a/media/jni/audioeffect/android_media_AudioEffect.cpp
+++ b/media/jni/audioeffect/android_media_AudioEffect.cpp
@@ -25,7 +25,9 @@
#include <nativehelper/JNIHelp.h>
#include <android_runtime/AndroidRuntime.h>
#include "media/AudioEffect.h"
-#include "permission_utils.h"
+
+#include <android/content/AttributionSourceState.h>
+#include <android_os_Parcel.h>
#include <nativehelper/ScopedUtfChars.h>
@@ -35,8 +37,6 @@
using namespace android;
-using media::permission::convertIdentity;
-
#define AUDIOEFFECT_SUCCESS 0
#define AUDIOEFFECT_ERROR (-1)
#define AUDIOEFFECT_ERROR_ALREADY_EXISTS (-2)
@@ -273,7 +273,7 @@
android_media_AudioEffect_native_setup(JNIEnv *env, jobject thiz, jobject weak_this,
jstring type, jstring uuid, jint priority, jint sessionId,
jint deviceType, jstring deviceAddress,
- jintArray jId, jobjectArray javadesc, jobject jIdentity, jboolean probe)
+ jintArray jId, jobjectArray javadesc, jobject jAttributionSource, jboolean probe)
{
ALOGV("android_media_AudioEffect_native_setup");
AudioEffectJniStorage* lpJniStorage = NULL;
@@ -285,6 +285,8 @@
effect_descriptor_t desc;
jobject jdesc;
AudioDeviceTypeAddr device;
+ AttributionSourceState attributionSource;
+ Parcel* parcel = NULL;
setAudioEffect(env, thiz, 0);
@@ -338,7 +340,9 @@
}
// create the native AudioEffect object
- lpAudioEffect = new AudioEffect(convertIdentity(env, jIdentity));
+ parcel = parcelForJavaObject(env, jAttributionSource);
+ attributionSource.readFromParcel(parcel);
+ lpAudioEffect = new AudioEffect(attributionSource);
if (lpAudioEffect == 0) {
ALOGE("Error creating AudioEffect");
goto setup_failure;
@@ -774,7 +778,7 @@
// Dalvik VM type signatures
static const JNINativeMethod gMethods[] = {
{"native_init", "()V", (void *)android_media_AudioEffect_native_init},
- {"native_setup", "(Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;IIILjava/lang/String;[I[Ljava/lang/Object;Landroid/media/permission/Identity;Z)I",
+ {"native_setup", "(Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;IIILjava/lang/String;[I[Ljava/lang/Object;Landroid/os/Parcel;Z)I",
(void *)android_media_AudioEffect_native_setup},
{"native_finalize", "()V", (void *)android_media_AudioEffect_native_finalize},
{"native_release", "()V", (void *)android_media_AudioEffect_native_release},
diff --git a/media/jni/audioeffect/android_media_Visualizer.cpp b/media/jni/audioeffect/android_media_Visualizer.cpp
index 439715c..b30f00f 100644
--- a/media/jni/audioeffect/android_media_Visualizer.cpp
+++ b/media/jni/audioeffect/android_media_Visualizer.cpp
@@ -25,12 +25,16 @@
#include <android_runtime/AndroidRuntime.h>
#include <utils/threads.h>
#include "Visualizer.h"
-#include "permission_utils.h"
#include <nativehelper/ScopedUtfChars.h>
+#include <android/content/AttributionSourceState.h>
+#include <android_os_Parcel.h>
+
using namespace android;
+using content::AttributionSourceState;
+
#define VISUALIZER_SUCCESS 0
#define VISUALIZER_ERROR (-1)
#define VISUALIZER_ERROR_ALREADY_EXISTS (-2)
@@ -348,13 +352,15 @@
static jint
android_media_visualizer_native_setup(JNIEnv *env, jobject thiz, jobject weak_this,
- jint sessionId, jintArray jId, jobject jIdentity)
+ jint sessionId, jintArray jId, jobject jAttributionSource)
{
ALOGV("android_media_visualizer_native_setup");
VisualizerJniStorage* lpJniStorage = NULL;
int lStatus = VISUALIZER_ERROR_NO_MEMORY;
sp<Visualizer> lpVisualizer;
jint* nId = NULL;
+ AttributionSourceState attributionSource;
+ Parcel* parcel = nullptr;
setVisualizer(env, thiz, 0);
@@ -381,7 +387,9 @@
}
// create the native Visualizer object
- lpVisualizer = new Visualizer(convertIdentity(env, jIdentity));
+ parcel = parcelForJavaObject(env, jAttributionSource);
+ attributionSource.readFromParcel(parcel);
+ lpVisualizer = sp<Visualizer>::make(attributionSource);
if (lpVisualizer == 0) {
ALOGE("Error creating Visualizer");
goto setup_failure;
@@ -678,7 +686,7 @@
// Dalvik VM type signatures
static const JNINativeMethod gMethods[] = {
{"native_init", "()V", (void *)android_media_visualizer_native_init},
- {"native_setup", "(Ljava/lang/Object;I[ILandroid/media/permission/Identity;)I",
+ {"native_setup", "(Ljava/lang/Object;I[ILandroid/os/Parcel;)I",
(void *)android_media_visualizer_native_setup},
{"native_finalize", "()V", (void *)android_media_visualizer_native_finalize},
{"native_release", "()V", (void *)android_media_visualizer_native_release},
diff --git a/media/jni/soundpool/Android.bp b/media/jni/soundpool/Android.bp
index 4227cd8..ee473f5 100644
--- a/media/jni/soundpool/Android.bp
+++ b/media/jni/soundpool/Android.bp
@@ -126,6 +126,7 @@
],
shared_libs: [
+ "framework-permission-aidl-cpp",
"libaudioutils",
"liblog",
"libcutils",
@@ -135,7 +136,6 @@
"libaudioclient",
"libmediandk",
"libbinder",
- "media_permission-aidl-cpp",
],
cflags: [
diff --git a/media/jni/soundpool/Stream.cpp b/media/jni/soundpool/Stream.cpp
index 95fe000..bbbef38 100644
--- a/media/jni/soundpool/Stream.cpp
+++ b/media/jni/soundpool/Stream.cpp
@@ -17,7 +17,7 @@
//#define LOG_NDEBUG 0
#define LOG_TAG "SoundPool::Stream"
#include <utils/Log.h>
-#include<android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include "Stream.h"
@@ -25,8 +25,6 @@
namespace android::soundpool {
-using media::permission::Identity;
-
Stream::~Stream()
{
ALOGV("%s(%p)", __func__, this);
@@ -330,15 +328,16 @@
// do not create a new audio track if current track is compatible with sound parameters
- Identity identity = Identity();
- identity.packageName = mStreamManager->getOpPackageName();
+ android::content::AttributionSourceState attributionSource;
+ attributionSource.packageName = mStreamManager->getOpPackageName();
+ attributionSource.token = sp<BBinder>::make();
// TODO b/182469354 make consistent with AudioRecord, add util for native source
newTrack = new AudioTrack(streamType, sampleRate, sound->getFormat(),
channelMask, sound->getIMemory(), AUDIO_OUTPUT_FLAG_FAST,
staticCallback, userData,
0 /*default notification frames*/, AUDIO_SESSION_ALLOCATE,
AudioTrack::TRANSFER_DEFAULT,
- nullptr /*offloadInfo*/, identity,
+ nullptr /*offloadInfo*/, attributionSource,
mStreamManager->getAttributes(),
false /*doNotReconnect*/, 1.0f /*maxRequiredSpeed*/);
// Set caller name so it can be logged in destructor.