Add stringType and requiredPermission to sensors, effectively adding permission checking for sensors
This reverts commit 4369a4ebd5ae7567e7075bc82830b83178099ed5.
Change-Id: Ifa8619cc6873470a07a987763d818d78d4232610
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index f6705f6..ca2fdf6 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -205,7 +205,7 @@
String8 result;
if (!PermissionCache::checkCallingPermission(sDump)) {
result.appendFormat("Permission Denial: "
- "can't dump SurfaceFlinger from pid=%d, uid=%d\n",
+ "can't dump SensorService from pid=%d, uid=%d\n",
IPCThreadState::self()->getCallingPid(),
IPCThreadState::self()->getCallingUid());
} else {
@@ -215,21 +215,24 @@
const Sensor& s(mSensorList[i]);
const sensors_event_t& e(mLastEventSeen.valueFor(s.getHandle()));
result.appendFormat(
- "%-48s| %-32s | 0x%08x | ",
+ "%-48s| %-32s| %-48s| 0x%08x | \"%s\"\n\t",
s.getName().string(),
s.getVendor().string(),
- s.getHandle());
+ s.getStringType().string(),
+ s.getHandle(),
+ s.getRequiredPermission().string());
if (s.getMinDelay() > 0) {
result.appendFormat(
- "maxRate=%7.2fHz | ", 1e6f / s.getMinDelay());
+ "maxRate=%7.2fHz | ", 1e6f / s.getMinDelay());
} else {
result.append(s.getMinDelay() == 0
? "on-demand | "
: "one-shot | ");
}
if (s.getFifoMaxEventCount() > 0) {
- result.appendFormat("getFifoMaxEventCount=%d events | ", s.getFifoMaxEventCount());
+ result.appendFormat("FifoMax=%d events | ",
+ s.getFifoMaxEventCount());
} else {
result.append("no batching support | ");
}
@@ -490,10 +493,23 @@
{
char value[PROPERTY_VALUE_MAX];
property_get("debug.sensors", value, "0");
- if (atoi(value)) {
- return mUserSensorListDebug;
+ const Vector<Sensor>& initialSensorList = (atoi(value)) ?
+ mUserSensorListDebug : mUserSensorList;
+ Vector<Sensor> accessibleSensorList;
+ for (size_t i = 0; i < initialSensorList.size(); i++) {
+ Sensor sensor = initialSensorList[i];
+ if (canAccessSensor(sensor)) {
+ accessibleSensorList.add(sensor);
+ } else {
+ String8 infoMessage;
+ infoMessage.appendFormat(
+ "Skipped sensor %s because it requires permission %s",
+ sensor.getName().string(),
+ sensor.getRequiredPermission().string());
+ ALOGI(infoMessage.string());
+ }
}
- return mUserSensorList;
+ return accessibleSensorList;
}
sp<ISensorEventConnection> SensorService::createSensorEventConnection()
@@ -539,6 +555,10 @@
BatteryService::cleanup(c->getUid());
}
+Sensor SensorService::getSensorFromHandle(int handle) const {
+ return mSensorMap.valueFor(handle)->getSensor();
+}
+
status_t SensorService::enable(const sp<SensorEventConnection>& connection,
int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags)
{
@@ -549,6 +569,11 @@
if (sensor == NULL) {
return BAD_VALUE;
}
+
+ if (!verifyCanAccessSensor(sensor->getSensor(), "Tried enabling")) {
+ return BAD_VALUE;
+ }
+
Mutex::Autolock _l(mLock);
SensorRecord* rec = mActiveSensors.valueFor(handle);
if (rec == 0) {
@@ -670,6 +695,10 @@
if (!sensor)
return BAD_VALUE;
+ if (!verifyCanAccessSensor(sensor->getSensor(), "Tried configuring")) {
+ return BAD_VALUE;
+ }
+
if (ns < 0)
return BAD_VALUE;
@@ -683,17 +712,44 @@
status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
int handle) {
- if (mInitCheck != NO_ERROR) return mInitCheck;
- SensorInterface* sensor = mSensorMap.valueFor(handle);
- if (sensor == NULL) {
- return BAD_VALUE;
- }
- if (sensor->getSensor().getType() == SENSOR_TYPE_SIGNIFICANT_MOTION) {
- ALOGE("flush called on Significant Motion sensor");
- return INVALID_OPERATION;
- }
- return sensor->flush(connection.get(), handle);
+ if (mInitCheck != NO_ERROR) return mInitCheck;
+ SensorInterface* sensor = mSensorMap.valueFor(handle);
+ if (sensor == NULL) {
+ return BAD_VALUE;
+ }
+
+ if (!verifyCanAccessSensor(sensor->getSensor(), "Tried flushing")) {
+ return BAD_VALUE;
+ }
+
+ if (sensor->getSensor().getType() == SENSOR_TYPE_SIGNIFICANT_MOTION) {
+ ALOGE("flush called on Significant Motion sensor");
+ return INVALID_OPERATION;
+ }
+ return sensor->flush(connection.get(), handle);
}
+
+
+bool SensorService::canAccessSensor(const Sensor& sensor) {
+ String16 permissionString(sensor.getRequiredPermission());
+ return permissionString.size() == 0 ||
+ PermissionCache::checkCallingPermission(permissionString);
+}
+
+bool SensorService::verifyCanAccessSensor(const Sensor& sensor, const char* operation) {
+ if (canAccessSensor(sensor)) {
+ return true;
+ } else {
+ String8 errorMessage;
+ errorMessage.appendFormat(
+ "%s a sensor (%s) without holding its required permission: %s",
+ operation,
+ sensor.getName().string(),
+ sensor.getRequiredPermission().string());
+ return false;
+ }
+}
+
// ---------------------------------------------------------------------------
SensorService::SensorRecord::SensorRecord(
@@ -761,6 +817,9 @@
bool SensorService::SensorEventConnection::addSensor(int32_t handle) {
Mutex::Autolock _l(mConnectionLock);
+ if (!verifyCanAccessSensor(mService->getSensorFromHandle(handle), "Tried adding")) {
+ return false;
+ }
if (mSensorInfo.indexOfKey(handle) < 0) {
mSensorInfo.add(handle, FlushInfo());
return true;
diff --git a/services/sensorservice/SensorService.h b/services/sensorservice/SensorService.h
index 1dc2dd3..e88ffc8 100644
--- a/services/sensorservice/SensorService.h
+++ b/services/sensorservice/SensorService.h
@@ -131,6 +131,7 @@
String8 getSensorName(int handle) const;
bool isVirtualSensor(int handle) const;
+ Sensor getSensorFromHandle(int handle) const;
void recordLastValue(const sensors_event_t* buffer, size_t count);
static void sortEventBuffer(sensors_event_t* buffer, size_t count);
Sensor registerSensor(SensorInterface* sensor);
@@ -141,7 +142,8 @@
const sp<SensorEventConnection>& connection, int handle);
void cleanupAutoDisabledSensor(const sp<SensorEventConnection>& connection,
sensors_event_t const* buffer, const int count);
-
+ static bool canAccessSensor(const Sensor& sensor);
+ static bool verifyCanAccessSensor(const Sensor& sensor, const char* operation);
// constants
Vector<Sensor> mSensorList;
Vector<Sensor> mUserSensorListDebug;