Look up user-specific device policy for disabling camera
Camera can be disabled on a per-user basis by device admins.
Changed the system property format to be per-user so that
the policy can be applied based on calling user.
TODO: Ideally this policy information should be pulled from the
DevicePolicyManager rather than relying on system properties.
Property changes will not be applied immediately either, if
there's no listener.
Bug: 19345698
Change-Id: Ia00034726260bc9ff28ac592f20a27b5c9a77d58
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 485b979..c1b7806 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -29,6 +29,7 @@
#include <binder/MemoryHeapBase.h>
#include <cutils/atomic.h>
#include <cutils/properties.h>
+#include <cutils/multiuser.h>
#include <gui/Surface.h>
#include <hardware/hardware.h>
#include <media/AudioSystem.h>
@@ -597,7 +598,10 @@
}
char value[PROPERTY_VALUE_MAX];
- property_get("sys.secpolicy.camera.disabled", value, "0");
+ char key[PROPERTY_KEY_MAX];
+ int clientUserId = multiuser_get_user_id(clientUid);
+ snprintf(key, PROPERTY_KEY_MAX, "sys.secpolicy.camera.off_%d", clientUserId);
+ property_get(key, value, "0");
if (strcmp(value, "1") == 0) {
// Camera is disabled by DevicePolicyManager.
ALOGI("Camera is disabled. connect X (pid %d) rejected", callingPid);