Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 4a4d046deca902981ece1ddfdac88e6fa4c76398^! / . / services / sensorservice / SensorService.cpp
commit4a4d046deca902981ece1ddfdac88e6fa4c76398[log] [tgz]
authorBrian Duddie <bduddie@google.com>Mon May 09 16:49:49 2022 -0700
committerBrian Duddie <bduddie@google.com>Thu May 12 18:41:39 2022 +0000
treef120b70ac82175fdf8c9ddbaa784cef97382a149
parent196096983dd978f87c0b4f15ad031361ca07f5db [diff] [blame]
Limit access to head tracker sensor

Lock down access to only internal system usage and CTS due to privacy
considerations.

Bug: 224619073
Test: run SensorHeadTrackerTest with and without "cmd unrestrict-ht"
Change-Id: I0bd37472e058c550de8d0098caa0bd439d8f12a5

diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index 88cf5ab..948692b 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp

@@ -814,6 +814,12 @@
         return handleResetUidState(args, err);
     } else if (args[0] == String16("get-uid-state")) {
         return handleGetUidState(args, out, err);
+    } else if (args[0] == String16("unrestrict-ht")) {
+        mHtRestricted = false;
+        return NO_ERROR;
+    } else if (args[0] == String16("restrict-ht")) {
+        mHtRestricted = true;
+        return NO_ERROR;
     } else if (args.size() == 1 && args[0] == String16("help")) {
         printHelp(out);
         return NO_ERROR;
@@ -1338,11 +1344,11 @@
 Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
     Vector<Sensor> accessibleSensorList;
     mSensors.forEachSensor(
-            [&opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
+            [this, &opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
                 if (sensor.isDynamicSensor()) {
-                    if (canAccessSensor(sensor, "getDynamicSensorList", opPackageName)) {
+                    if (canAccessSensor(sensor, "can't see", opPackageName)) {
                         accessibleSensorList.add(sensor);
-                    } else {
+                    } else if (sensor.getType() != SENSOR_TYPE_HEAD_TRACKER) {
                         ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
                               sensor.getName().string(),
                               sensor.getRequiredPermission().string(),
@@ -1989,6 +1995,20 @@
 
 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
         const String16& opPackageName) {
+    // Special case for Head Tracker sensor type: currently restricted to system usage only, unless
+    // the restriction is specially lifted for testing
+    if (sensor.getType() == SENSOR_TYPE_HEAD_TRACKER &&
+            !isAudioServerOrSystemServerUid(IPCThreadState::self()->getCallingUid())) {
+        if (!mHtRestricted) {
+            ALOGI("Permitting access to HT sensor type outside system (%s)",
+                  String8(opPackageName).string());
+        } else {
+            ALOGW("%s %s a sensor (%s) as a non-system client", String8(opPackageName).string(),
+                  operation, sensor.getName().string());
+            return false;
+        }
+    }
+
     // Check if a permission is required for this sensor
     if (sensor.getRequiredPermission().length() <= 0) {
         return true;