Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 793f4647ed7ee13f9f5c066c91f135d8ae44f1be^! / . / services / sensorservice / SensorService.cpp
commit793f4647ed7ee13f9f5c066c91f135d8ae44f1be[log] [tgz]
authorBrian Stack <bstack@google.com>Thu Apr 18 17:21:34 2019 -0700
committerBrian Stack <bstack@google.com>Thu May 02 11:07:45 2019 -0700
tree727fc610122f40e4ad4d741cfba7abc021ee324a
parent7aa40b6457581977101ad15f396891870ef7dc05 [diff] [blame]
Require AR permission to access step events

Requires that an application targeting Android Q and later has the AR
runtime permission in order to access the Step Detector and the Step
Counter. Applications that target pre-Q are not required to hold the
permission. If an application that targets pre-Q holds the GMS Core AR
install time permission and the user revokes the permission, then the
application will no longer be able to receive Step Detector or Step
Counter events.

The following scenarios were tested:
A = Receive events without explicitly granting permission
B = Receive events after granting runtime permission
C = Receive events after revoking any available permission

Install = GMS Core install time permission
Runtime = android.permission.ACTIVITY_RECOGNITION runtime permission

  SDK Version:  |   Has Permission: | Could Receive:
Compile  Target |  Install  Runtime |  A    B    C
   Q       Q         Yes      Yes     No   Yes  No
   Q       Q         Yes      No      No   N/A  N/A
   Q       Q         No       Yes     No   Yes  No
   Q       Q         No       No      No   N/A  N/A
   Q       P         Yes      Yes     Yes  Yes  No
   Q       P         Yes      No      Yes  Yes  No
   Q       P         No       Yes     Yes  Yes  No
   Q       P         No       No      Yes  Yes  N/A
   P       P         Yes      Yes     Yes  Yes  No
   P       P         Yes      No      Yes  Yes  No
   P       P         No       Yes     Yes  Yes  No
   P       P         No       No      Yes  Yes  N/A

Bug: 130640415
Test: Builds
Test: Scenarios listed aboved
Change-Id: Iffe4aff731efd1fe20fa7b4a8245262db8b32d03

diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index 0269990..5efff92 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp

@@ -13,8 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+#include <android/content/pm/IPackageManagerNative.h>
 #include <binder/ActivityManager.h>
-#include <binder/AppOpsManager.h>
 #include <binder/BinderService.h>
 #include <binder/IServiceManager.h>
 #include <binder/PermissionCache.h>
@@ -75,6 +75,9 @@
 const char* SensorService::WAKE_LOCK_NAME = "SensorService_wakelock";
 uint8_t SensorService::sHmacGlobalKey[128] = {};
 bool SensorService::sHmacGlobalKeyIsValid = false;
+std::map<String16, int> SensorService::sPackageTargetVersion;
+Mutex SensorService::sPackageTargetVersionLock;
+AppOpsManager SensorService::sAppOpsManager;
 
 #define SENSOR_SERVICE_DIR "/data/system/sensor_service"
 #define SENSOR_SERVICE_HMAC_KEY_FILE  SENSOR_SERVICE_DIR "/hmac_key"
@@ -1394,6 +1397,14 @@
         checkWakeLockStateLocked();
     }
 
+    {
+        Mutex::Autolock packageLock(sPackageTargetVersionLock);
+        auto iter = sPackageTargetVersion.find(c->mOpPackageName);
+        if (iter != sPackageTargetVersion.end()) {
+            sPackageTargetVersion.erase(iter);
+        }
+    }
+
     SensorDevice& dev(SensorDevice::getInstance());
     dev.notifyConnectionDestroyed(c);
 }
@@ -1663,13 +1674,50 @@
 
 bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
         const String16& opPackageName) {
-    const String8& requiredPermission = sensor.getRequiredPermission();
-
-    if (requiredPermission.length() <= 0) {
+    // Check if a permission is required for this sensor
+    if (sensor.getRequiredPermission().length() <= 0) {
         return true;
     }
 
+    const int32_t opCode = sensor.getRequiredAppOp();
+    const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
+            IPCThreadState::self()->getCallingUid(), opPackageName);
+
+    // Ensure that the AppOp is allowed
+    //
+    // This check is also required to ensure that the user hasn't revoked the necessary permissions
+    // to access the Step Detector and Step Counter when the application targets pre-Q. Without this
+    // check, if the user revokes the pre-Q install-time GMS Core AR permission, the app would
+    // still be able to receive Step Counter and Step Detector events.
+    bool canAccess = false;
+    if (opCode >= 0 && appOpMode == AppOpsManager::MODE_ALLOWED) {
+        if (hasPermissionForSensor(sensor)) {
+            canAccess = true;
+        } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||
+                   sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) {
+            int targetSdkVersion = getTargetSdkVersion(opPackageName);
+            // Allow access to the sensor if the application targets pre-Q, which is before the
+            // requirement to hold the AR permission to access Step Counter and Step Detector events
+            // was introduced.
+            if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__) {
+                canAccess = true;
+            }
+        }
+    }
+
+    if (canAccess) {
+        sAppOpsManager.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName);
+    } else {
+        ALOGE("%s a sensor (%s) without holding its required permission: %s",
+                operation, sensor.getName().string(), sensor.getRequiredPermission().string());
+    }
+
+    return canAccess;
+}
+
+bool SensorService::hasPermissionForSensor(const Sensor& sensor) {
     bool hasPermission = false;
+    const String8& requiredPermission = sensor.getRequiredPermission();
 
     // Runtime permissions can't use the cache as they may change.
     if (sensor.isRequiredPermissionRuntime()) {
@@ -1678,25 +1726,31 @@
     } else {
         hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
     }
+    return hasPermission;
+}
 
-    if (!hasPermission) {
-        ALOGE("%s a sensor (%s) without holding its required permission: %s",
-                operation, sensor.getName().string(), sensor.getRequiredPermission().string());
-        return false;
-    }
-
-    const int32_t opCode = sensor.getRequiredAppOp();
-    if (opCode >= 0) {
-        AppOpsManager appOps;
-        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
-                        != AppOpsManager::MODE_ALLOWED) {
-            ALOGE("%s a sensor (%s) without enabled required app op: %d",
-                    operation, sensor.getName().string(), opCode);
-            return false;
+int SensorService::getTargetSdkVersion(const String16& opPackageName) {
+    Mutex::Autolock packageLock(sPackageTargetVersionLock);
+    int targetSdkVersion = -1;
+    auto entry = sPackageTargetVersion.find(opPackageName);
+    if (entry != sPackageTargetVersion.end()) {
+        targetSdkVersion = entry->second;
+    } else {
+        sp<IBinder> binder = defaultServiceManager()->getService(String16("package_native"));
+        if (binder != nullptr) {
+            sp<content::pm::IPackageManagerNative> packageManager =
+                    interface_cast<content::pm::IPackageManagerNative>(binder);
+            if (packageManager != nullptr) {
+                binder::Status status = packageManager->getTargetSdkVersionForPackage(
+                        opPackageName, &targetSdkVersion);
+                if (!status.isOk()) {
+                    targetSdkVersion = -1;
+                }
+            }
         }
+        sPackageTargetVersion[opPackageName] = targetSdkVersion;
     }
-
-    return true;
+    return targetSdkVersion;
 }
 
 void SensorService::checkWakeLockState() {