Switch media fw permissions checks to AttributionSource (av)
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
bug: 158792096
Test: atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Merged-In: I1c5a4321dd3b2d458372058c99604a6ec208717c
Change-Id: I1c5a4321dd3b2d458372058c99604a6ec208717c
diff --git a/media/libmediaplayerservice/Android.bp b/media/libmediaplayerservice/Android.bp
index 287317d..f55678d 100644
--- a/media/libmediaplayerservice/Android.bp
+++ b/media/libmediaplayerservice/Android.bp
@@ -35,7 +35,7 @@
"android.hardware.media.c2@1.0",
"android.hardware.media.omx@1.0",
"av-types-aidl-cpp",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
"libaudioclient_aidl_conversion",
"libbase",
"libactivitymanager_aidl",
@@ -76,12 +76,12 @@
"libstagefright_nuplayer",
"libstagefright_rtsp",
"libstagefright_timedtext",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
export_shared_lib_headers: [
"libmedia",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
include_dirs: [
diff --git a/media/libmediaplayerservice/MediaPlayerService.cpp b/media/libmediaplayerservice/MediaPlayerService.cpp
index dc4aea5..d278a01 100644
--- a/media/libmediaplayerservice/MediaPlayerService.cpp
+++ b/media/libmediaplayerservice/MediaPlayerService.cpp
@@ -95,7 +95,7 @@
using android::NOT_ENOUGH_DATA;
using android::Parcel;
using android::media::VolumeShaper;
-using android::media::permission::Identity;
+using android::content::AttributionSourceState;
// Max number of entries in the filter.
const int kMaxFilterSize = 64; // I pulled that out of thin air.
@@ -455,21 +455,22 @@
ALOGV("MediaPlayerService destroyed");
}
-sp<IMediaRecorder> MediaPlayerService::createMediaRecorder(const Identity& identity)
+sp<IMediaRecorder> MediaPlayerService::createMediaRecorder(
+ const AttributionSourceState& attributionSource)
{
- // TODO b/182392769: use identity util
- Identity verifiedIdentity = identity;
- verifiedIdentity.uid = VALUE_OR_FATAL(
+ // TODO b/182392769: use attribution source util
+ AttributionSourceState verifiedAttributionSource = attributionSource;
+ verifiedAttributionSource.uid = VALUE_OR_FATAL(
legacy2aidl_uid_t_int32_t(IPCThreadState::self()->getCallingUid()));
- verifiedIdentity.pid = VALUE_OR_FATAL(
+ verifiedAttributionSource.pid = VALUE_OR_FATAL(
legacy2aidl_pid_t_int32_t(IPCThreadState::self()->getCallingPid()));
sp<MediaRecorderClient> recorder =
- new MediaRecorderClient(this, verifiedIdentity);
+ new MediaRecorderClient(this, verifiedAttributionSource);
wp<MediaRecorderClient> w = recorder;
Mutex::Autolock lock(mLock);
mMediaRecorderClients.add(w);
ALOGV("Create new media recorder client from pid %s",
- verifiedIdentity.toString().c_str());
+ verifiedAttributionSource.toString().c_str());
return recorder;
}
@@ -489,21 +490,21 @@
}
sp<IMediaPlayer> MediaPlayerService::create(const sp<IMediaPlayerClient>& client,
- audio_session_t audioSessionId, const Identity& identity)
+ audio_session_t audioSessionId, const AttributionSourceState& attributionSource)
{
int32_t connId = android_atomic_inc(&mNextConnId);
- // TODO b/182392769: use identity util
- Identity verifiedIdentity = identity;
- verifiedIdentity.pid = VALUE_OR_FATAL(
+ // TODO b/182392769: use attribution source util
+ AttributionSourceState verifiedAttributionSource = attributionSource;
+ verifiedAttributionSource.pid = VALUE_OR_FATAL(
legacy2aidl_pid_t_int32_t(IPCThreadState::self()->getCallingPid()));
- verifiedIdentity.uid = VALUE_OR_FATAL(
+ verifiedAttributionSource.uid = VALUE_OR_FATAL(
legacy2aidl_uid_t_int32_t(IPCThreadState::self()->getCallingUid()));
sp<Client> c = new Client(
- this, verifiedIdentity, connId, client, audioSessionId);
+ this, verifiedAttributionSource, connId, client, audioSessionId);
ALOGV("Create new client(%d) from %s, ", connId,
- verifiedIdentity.toString().c_str());
+ verifiedAttributionSource.toString().c_str());
wp<Client> w = c;
{
@@ -556,8 +557,8 @@
char buffer[SIZE];
String8 result;
result.append(" Client\n");
- snprintf(buffer, 255, " Identity(%s), connId(%d), status(%d), looping(%s)\n",
- mIdentity.toString().c_str(), mConnId, mStatus, mLoop?"true": "false");
+ snprintf(buffer, 255, " AttributionSource(%s), connId(%d), status(%d), looping(%s)\n",
+ mAttributionSource.toString().c_str(), mConnId, mStatus, mLoop?"true": "false");
result.append(buffer);
sp<MediaPlayerBase> p;
@@ -621,7 +622,8 @@
for (int i = 0, n = mMediaRecorderClients.size(); i < n; ++i) {
sp<MediaRecorderClient> c = mMediaRecorderClients[i].promote();
if (c != 0) {
- snprintf(buffer, 255, " MediaRecorderClient pid(%d)\n", c->mIdentity.pid);
+ snprintf(buffer, 255, " MediaRecorderClient pid(%d)\n",
+ c->mAttributionSource.pid);
result.append(buffer);
write(fd, result.string(), result.size());
result = "\n";
@@ -744,10 +746,10 @@
}
MediaPlayerService::Client::Client(
- const sp<MediaPlayerService>& service, const Identity& identity,
+ const sp<MediaPlayerService>& service, const AttributionSourceState& attributionSource,
int32_t connId, const sp<IMediaPlayerClient>& client,
audio_session_t audioSessionId)
- : mIdentity(identity)
+ : mAttributionSource(attributionSource)
{
ALOGV("Client(%d) constructor", connId);
mConnId = connId;
@@ -768,7 +770,8 @@
MediaPlayerService::Client::~Client()
{
- ALOGV("Client(%d) destructor identity = %s", mConnId, mIdentity.toString().c_str());
+ ALOGV("Client(%d) destructor AttributionSource = %s", mConnId,
+ mAttributionSource.toString().c_str());
mAudioOutput.clear();
wp<Client> client(this);
disconnect();
@@ -781,7 +784,8 @@
void MediaPlayerService::Client::disconnect()
{
- ALOGV("disconnect(%d) from identity %s", mConnId, mIdentity.toString().c_str());
+ ALOGV("disconnect(%d) from AttributionSource %s", mConnId,
+ mAttributionSource.toString().c_str());
// grab local reference and clear main reference to prevent future
// access to object
sp<MediaPlayerBase> p;
@@ -822,11 +826,11 @@
}
if (p == NULL) {
p = MediaPlayerFactory::createPlayer(playerType, mListener,
- VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mIdentity.pid)));
+ VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mAttributionSource.pid)));
}
if (p != NULL) {
- p->setUID(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mIdentity.uid)));
+ p->setUID(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mAttributionSource.uid)));
}
return p;
@@ -934,7 +938,7 @@
mAudioDeviceUpdatedListener = new AudioDeviceUpdatedNotifier(p);
if (!p->hardwareOutput()) {
- mAudioOutput = new AudioOutput(mAudioSessionId, mIdentity,
+ mAudioOutput = new AudioOutput(mAudioSessionId, mAttributionSource,
mAudioAttributes, mAudioDeviceUpdatedListener);
static_cast<MediaPlayerInterface*>(p.get())->setAudioSink(mAudioOutput);
}
@@ -1784,8 +1788,9 @@
#undef LOG_TAG
#define LOG_TAG "AudioSink"
-MediaPlayerService::AudioOutput::AudioOutput(audio_session_t sessionId, const Identity& identity,
- const audio_attributes_t* attr, const sp<AudioSystem::AudioDeviceCallback>& deviceCallback)
+MediaPlayerService::AudioOutput::AudioOutput(audio_session_t sessionId,
+ const AttributionSourceState& attributionSource, const audio_attributes_t* attr,
+ const sp<AudioSystem::AudioDeviceCallback>& deviceCallback)
: mCallback(NULL),
mCallbackCookie(NULL),
mCallbackData(NULL),
@@ -1797,7 +1802,7 @@
mMsecsPerFrame(0),
mFrameSize(0),
mSessionId(sessionId),
- mIdentity(identity),
+ mAttributionSource(attributionSource),
mSendLevel(0.0),
mAuxEffectId(0),
mFlags(AUDIO_OUTPUT_FLAG_NONE),
@@ -2193,7 +2198,7 @@
mSessionId,
AudioTrack::TRANSFER_CALLBACK,
offloadInfo,
- mIdentity,
+ mAttributionSource,
mAttributes,
doNotReconnect,
1.0f, // default value for maxRequiredSpeed
@@ -2220,7 +2225,7 @@
mSessionId,
AudioTrack::TRANSFER_DEFAULT,
NULL, // offload info
- mIdentity,
+ mAttributionSource,
mAttributes,
doNotReconnect,
targetSpeed,
diff --git a/media/libmediaplayerservice/MediaPlayerService.h b/media/libmediaplayerservice/MediaPlayerService.h
index 35a65d3..98091be 100644
--- a/media/libmediaplayerservice/MediaPlayerService.h
+++ b/media/libmediaplayerservice/MediaPlayerService.h
@@ -33,12 +33,14 @@
#include <media/MediaPlayerInterface.h>
#include <media/Metadata.h>
#include <media/stagefright/foundation/ABase.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <system/audio.h>
namespace android {
+using content::AttributionSourceState;
+
class AudioTrack;
struct AVSyncSettings;
class DeathNotifier;
@@ -80,7 +82,7 @@
public:
AudioOutput(
audio_session_t sessionId,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_attributes_t * attr,
const sp<AudioSystem::AudioDeviceCallback>& deviceCallback);
virtual ~AudioOutput();
@@ -169,7 +171,7 @@
float mMsecsPerFrame;
size_t mFrameSize;
audio_session_t mSessionId;
- media::permission::Identity mIdentity;
+ AttributionSourceState mAttributionSource;
float mSendLevel;
int mAuxEffectId;
audio_output_flags_t mFlags;
@@ -231,13 +233,13 @@
static void instantiate();
// IMediaPlayerService interface
- virtual sp<IMediaRecorder> createMediaRecorder(const media::permission::Identity &identity);
+ virtual sp<IMediaRecorder> createMediaRecorder(const AttributionSourceState &attributionSource);
void removeMediaRecorderClient(const wp<MediaRecorderClient>& client);
virtual sp<IMediaMetadataRetriever> createMetadataRetriever();
virtual sp<IMediaPlayer> create(const sp<IMediaPlayerClient>& client,
audio_session_t audioSessionId,
- const media::permission::Identity& identity);
+ const AttributionSourceState& attributionSource);
virtual sp<IMediaCodecList> getCodecList() const;
@@ -380,7 +382,7 @@
void notify(int msg, int ext1, int ext2, const Parcel *obj);
pid_t pid() const {
- return VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mIdentity.pid));
+ return VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mAttributionSource.pid));
}
virtual status_t dump(int fd, const Vector<String16>& args);
@@ -411,7 +413,7 @@
friend class MediaPlayerService;
Client( const sp<MediaPlayerService>& service,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
int32_t connId,
const sp<IMediaPlayerClient>& client,
audio_session_t audioSessionId);
@@ -458,7 +460,7 @@
sp<MediaPlayerService> mService;
sp<IMediaPlayerClient> mClient;
sp<AudioOutput> mAudioOutput;
- const media::permission::Identity mIdentity;
+ const AttributionSourceState mAttributionSource;
status_t mStatus;
bool mLoop;
int32_t mConnId;
diff --git a/media/libmediaplayerservice/MediaRecorderClient.cpp b/media/libmediaplayerservice/MediaRecorderClient.cpp
index daa923e..a914006 100644
--- a/media/libmediaplayerservice/MediaRecorderClient.cpp
+++ b/media/libmediaplayerservice/MediaRecorderClient.cpp
@@ -126,8 +126,9 @@
}
if ((as == AUDIO_SOURCE_FM_TUNER
- && !(captureAudioOutputAllowed(mIdentity) || captureTunerAudioInputAllowed(mIdentity)))
- || !recordingAllowed(mIdentity, (audio_source_t)as)) {
+ && !(captureAudioOutputAllowed(mAttributionSource)
+ || captureTunerAudioInputAllowed(mAttributionSource)))
+ || !recordingAllowed(mAttributionSource, (audio_source_t)as)) {
return PERMISSION_DENIED;
}
Mutex::Autolock lock(mLock);
@@ -377,12 +378,12 @@
}
MediaRecorderClient::MediaRecorderClient(const sp<MediaPlayerService>& service,
- const Identity& identity)
+ const AttributionSourceState& attributionSource)
{
ALOGV("Client constructor");
- // identity already validated in createMediaRecorder
- mIdentity = identity;
- mRecorder = new StagefrightRecorder(identity);
+ // attribution source already validated in createMediaRecorder
+ mAttributionSource = attributionSource;
+ mRecorder = new StagefrightRecorder(attributionSource);
mMediaPlayerService = service;
}
diff --git a/media/libmediaplayerservice/MediaRecorderClient.h b/media/libmediaplayerservice/MediaRecorderClient.h
index 24c6ee1..dcb9f82 100644
--- a/media/libmediaplayerservice/MediaRecorderClient.h
+++ b/media/libmediaplayerservice/MediaRecorderClient.h
@@ -22,7 +22,7 @@
#include <media/AudioSystem.h>
#include <media/IMediaRecorder.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <vector>
@@ -94,13 +94,13 @@
MediaRecorderClient(
const sp<MediaPlayerService>& service,
- const media::permission::Identity& identity);
+ const content::AttributionSourceState& attributionSource);
virtual ~MediaRecorderClient();
std::vector<DeathNotifier> mDeathNotifiers;
sp<AudioDeviceUpdatedNotifier> mAudioDeviceUpdatedNotifier;
- media::permission::Identity mIdentity;
+ content::AttributionSourceState mAttributionSource;
mutable Mutex mLock;
MediaRecorderBase *mRecorder;
sp<MediaPlayerService> mMediaPlayerService;
diff --git a/media/libmediaplayerservice/StagefrightRecorder.cpp b/media/libmediaplayerservice/StagefrightRecorder.cpp
index ce642f3..bffd7b3 100644
--- a/media/libmediaplayerservice/StagefrightRecorder.cpp
+++ b/media/libmediaplayerservice/StagefrightRecorder.cpp
@@ -116,8 +116,8 @@
}
-StagefrightRecorder::StagefrightRecorder(const Identity& clientIdentity)
- : MediaRecorderBase(clientIdentity),
+StagefrightRecorder::StagefrightRecorder(const AttributionSourceState& client)
+ : MediaRecorderBase(client),
mWriter(NULL),
mOutputFd(-1),
mAudioSource((audio_source_t)AUDIO_SOURCE_CNT), // initialize with invalid value
@@ -159,7 +159,7 @@
// we run as part of the media player service; what we really want to
// know is the app which requested the recording.
- mMetricsItem->setUid(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mClient.uid)));
+ mMetricsItem->setUid(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mAttributionSource.uid)));
mMetricsItem->setCString(kRecorderLogSessionId, mLogSessionId.c_str());
@@ -1144,7 +1144,8 @@
status_t StagefrightRecorder::setClientName(const String16& clientName) {
- mClient.packageName = VALUE_OR_RETURN_STATUS(legacy2aidl_String16_string(clientName));
+ mAttributionSource.packageName = VALUE_OR_RETURN_STATUS(
+ legacy2aidl_String16_string(clientName));
return OK;
}
@@ -1355,7 +1356,7 @@
sp<AudioSource> audioSource =
new AudioSource(
&attr,
- mClient,
+ mAttributionSource,
sourceSampleRate,
mAudioChannels,
mSampleRate,
@@ -1880,10 +1881,10 @@
Size videoSize;
videoSize.width = mVideoWidth;
videoSize.height = mVideoHeight;
- uid_t uid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(mClient.uid));
- pid_t pid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(mClient.pid));
+ uid_t uid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(mAttributionSource.uid));
+ pid_t pid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(mAttributionSource.pid));
String16 clientName = VALUE_OR_RETURN_STATUS(
- aidl2legacy_string_view_String16(mClient.packageName.value_or("")));
+ aidl2legacy_string_view_String16(mAttributionSource.packageName.value_or("")));
if (mCaptureFpsEnable) {
if (!(mCaptureFps > 0.)) {
ALOGE("Invalid mCaptureFps value: %lf", mCaptureFps);
diff --git a/media/libmediaplayerservice/StagefrightRecorder.h b/media/libmediaplayerservice/StagefrightRecorder.h
index 59a080e..d6de47f 100644
--- a/media/libmediaplayerservice/StagefrightRecorder.h
+++ b/media/libmediaplayerservice/StagefrightRecorder.h
@@ -26,12 +26,12 @@
#include <system/audio.h>
#include <media/hardware/MetadataBufferType.h>
-#include <android/media/permission/Identity.h>
-
-using namespace android::media::permission;
+#include <android/content/AttributionSourceState.h>
namespace android {
+using content::AttributionSourceState;
+
class Camera;
class ICameraRecordingProxy;
class CameraSource;
@@ -45,7 +45,7 @@
struct ALooper;
struct StagefrightRecorder : public MediaRecorderBase {
- explicit StagefrightRecorder(const Identity& clientIdentity);
+ explicit StagefrightRecorder(const AttributionSourceState& attributionSource);
virtual ~StagefrightRecorder();
virtual status_t init();
virtual status_t setLogSessionId(const String8 &id);
diff --git a/media/libmediaplayerservice/tests/stagefrightRecorder/Android.bp b/media/libmediaplayerservice/tests/stagefrightRecorder/Android.bp
index 5b16911..92236ea 100644
--- a/media/libmediaplayerservice/tests/stagefrightRecorder/Android.bp
+++ b/media/libmediaplayerservice/tests/stagefrightRecorder/Android.bp
@@ -73,7 +73,7 @@
"libstagefright",
"libstagefright_foundation",
"libutils",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
"libaudioclient_aidl_conversion",
],
diff --git a/media/libmediaplayerservice/tests/stagefrightRecorder/StagefrightRecorderTest.cpp b/media/libmediaplayerservice/tests/stagefrightRecorder/StagefrightRecorderTest.cpp
index 6dea53d..162c187 100644
--- a/media/libmediaplayerservice/tests/stagefrightRecorder/StagefrightRecorderTest.cpp
+++ b/media/libmediaplayerservice/tests/stagefrightRecorder/StagefrightRecorderTest.cpp
@@ -59,10 +59,11 @@
}
void SetUp() override {
- // TODO b/182392769: use identity util
- Identity identity;
- identity.packageName = std::string(LOG_TAG);
- mStfRecorder = new StagefrightRecorder(identity);
+ // TODO b/182392769: use attribution source util
+ AttributionSourceState attributionSource;
+ attributionSource.packageName = std::string(LOG_TAG);
+ attributionSource.token = sp<BBinder>::make();
+ mStfRecorder = new StagefrightRecorder(attributionSource);
ASSERT_NE(mStfRecorder, nullptr) << "Failed to create the instance of recorder";
mOutputAudioFp = fopen(OUTPUT_FILE_NAME_AUDIO, "wb");