Clear calling ID before using SensorPrivacyManager
This is needed because some methods of SensorPrivacyManager have been
gated by a system permission. As a result, we have to clear binder
caller identity before calling these methods so that they are executed
with the same level of privilege as the SensorService. Otherwise, if an
app A makes a request to the SensorService to set up a sensor data
connection and the SensorService needs to call SensorPrivacyService
e.g., to register for a mic toggle state listener, the SensorPrivacyService
will think that it's app A that is calling, hence failing the permission
check.
Test: atest CtsSensorTestCases CtsSensorRatePermissionTestCases
Bug: 136069189
Bug: 179649922
Change-Id: Ib665230fe4b6dd7c598289b8af62171222855e03
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index 942b7ae..9955cdb 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -2129,12 +2129,14 @@
}
void SensorService::SensorPrivacyPolicy::registerSelf() {
+ AutoCallerClear acc;
SensorPrivacyManager spm;
mSensorPrivacyEnabled = spm.isSensorPrivacyEnabled();
spm.addSensorPrivacyListener(this);
}
void SensorService::SensorPrivacyPolicy::unregisterSelf() {
+ AutoCallerClear acc;
SensorPrivacyManager spm;
spm.removeSensorPrivacyListener(this);
}
@@ -2167,7 +2169,7 @@
status_t SensorService::SensorPrivacyPolicy::registerSelfForIndividual(int userId) {
Mutex::Autolock _l(mSensorPrivacyLock);
-
+ AutoCallerClear acc;
SensorPrivacyManager spm;
status_t err = spm.addIndividualSensorPrivacyListener(userId,
SensorPrivacyManager::INDIVIDUAL_SENSOR_MICROPHONE, this);