Switch media fw permissions checks to AttributionSource (av)
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
bug: 158792096
Test: atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Merged-In: I1c5a4321dd3b2d458372058c99604a6ec208717c
Change-Id: I1c5a4321dd3b2d458372058c99604a6ec208717c
diff --git a/services/audioflinger/Android.bp b/services/audioflinger/Android.bp
index a7d47fb..b91f302 100644
--- a/services/audioflinger/Android.bp
+++ b/services/audioflinger/Android.bp
@@ -81,12 +81,12 @@
"libmedia_helper",
"libshmemcompat",
"libvibrator",
- "media_permission-aidl-cpp",
],
static_libs: [
"libcpustats",
"libsndfile",
+ "libpermission",
],
header_libs: [
@@ -97,7 +97,6 @@
export_shared_lib_headers: [
"libpermission",
- "media_permission-aidl-cpp",
],
cflags: [
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index 00f423c..d4f9302 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -103,7 +103,7 @@
namespace android {
using media::IEffectClient;
-using media::permission::Identity;
+using android::content::AttributionSourceState;
static const char kDeadlockedString[] = "AudioFlinger may be deadlocked\n";
static const char kHardwareLockedString[] = "Hardware lock is taken\n";
@@ -163,31 +163,32 @@
}
};
-// TODO b/182392769: use identity util
+// TODO b/182392769: use attribution source util
/* static */
-media::permission::Identity AudioFlinger::checkIdentityPackage(
- const media::permission::Identity& identity) {
+AttributionSourceState AudioFlinger::checkAttributionSourcePackage(
+ const AttributionSourceState& attributionSource) {
Vector<String16> packages;
- PermissionController{}.getPackagesForUid(identity.uid, packages);
+ PermissionController{}.getPackagesForUid(attributionSource.uid, packages);
- Identity checkedIdentity = identity;
- if (!identity.packageName.has_value() || identity.packageName.value().size() == 0) {
+ AttributionSourceState checkedAttributionSource = attributionSource;
+ if (!attributionSource.packageName.has_value()
+ || attributionSource.packageName.value().size() == 0) {
if (!packages.isEmpty()) {
- checkedIdentity.packageName =
+ checkedAttributionSource.packageName =
std::move(legacy2aidl_String16_string(packages[0]).value());
}
} else {
String16 opPackageLegacy = VALUE_OR_FATAL(
- aidl2legacy_string_view_String16(identity.packageName.value_or("")));
+ aidl2legacy_string_view_String16(attributionSource.packageName.value_or("")));
if (std::find_if(packages.begin(), packages.end(),
[&opPackageLegacy](const auto& package) {
return opPackageLegacy == package; }) == packages.end()) {
ALOGW("The package name(%s) provided does not correspond to the uid %d",
- identity.packageName.value_or("").c_str(), identity.uid);
- checkedIdentity.packageName = std::optional<std::string>();
+ attributionSource.packageName.value_or("").c_str(), attributionSource.uid);
+ checkedAttributionSource.packageName = std::optional<std::string>();
}
}
- return checkedIdentity;
+ return checkedAttributionSource;
}
// ----------------------------------------------------------------------------
@@ -430,7 +431,7 @@
ret = AudioSystem::getOutputForAttr(&localAttr, &io,
actualSessionId,
- &streamType, client.identity,
+ &streamType, client.attributionSource,
&fullConfig,
(audio_output_flags_t)(AUDIO_OUTPUT_FLAG_MMAP_NOIRQ |
AUDIO_OUTPUT_FLAG_DIRECT),
@@ -441,7 +442,7 @@
ret = AudioSystem::getInputForAttr(&localAttr, &io,
RECORD_RIID_INVALID,
actualSessionId,
- client.identity,
+ client.attributionSource,
config,
AUDIO_INPUT_FLAG_MMAP_NOIRQ, deviceId, &portId);
}
@@ -847,21 +848,21 @@
// TODO b/182392553: refactor or make clearer
pid_t clientPid =
- VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(input.clientInfo.identity.pid));
+ VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(input.clientInfo.attributionSource.pid));
bool updatePid = (clientPid == (pid_t)-1);
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
uid_t clientUid =
- VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(input.clientInfo.identity.uid));
+ VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(input.clientInfo.attributionSource.uid));
audio_io_handle_t effectThreadId = AUDIO_IO_HANDLE_NONE;
std::vector<int> effectIds;
audio_attributes_t localAttr = input.attr;
- Identity adjIdentity = input.clientInfo.identity;
+ AttributionSourceState adjAttributionSource = input.clientInfo.attributionSource;
if (!isAudioServerOrMediaServerUid(callingUid)) {
ALOGW_IF(clientUid != callingUid,
"%s uid %d tried to pass itself off as %d",
__FUNCTION__, callingUid, clientUid);
- adjIdentity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
+ adjAttributionSource.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
clientUid = callingUid;
updatePid = true;
}
@@ -871,7 +872,7 @@
"%s uid %d pid %d tried to pass itself off as pid %d",
__func__, callingUid, callingPid, clientPid);
clientPid = callingPid;
- adjIdentity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
+ adjAttributionSource.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
}
audio_session_t sessionId = input.sessionId;
@@ -886,7 +887,7 @@
output.outputId = AUDIO_IO_HANDLE_NONE;
output.selectedDeviceId = input.selectedDeviceId;
lStatus = AudioSystem::getOutputForAttr(&localAttr, &output.outputId, sessionId, &streamType,
- adjIdentity, &input.config, input.flags,
+ adjAttributionSource, &input.config, input.flags,
&output.selectedDeviceId, &portId, &secondaryOutputs);
if (lStatus != NO_ERROR || output.outputId == AUDIO_IO_HANDLE_NONE) {
@@ -951,7 +952,7 @@
&output.frameCount, &output.notificationFrameCount,
input.notificationsPerBuffer, input.speed,
input.sharedBuffer, sessionId, &output.flags,
- callingPid, adjIdentity, input.clientInfo.clientTid,
+ callingPid, adjAttributionSource, input.clientInfo.clientTid,
&lStatus, portId, input.audioTrackCallback);
LOG_ALWAYS_FATAL_IF((lStatus == NO_ERROR) && (track == 0));
// we don't abort yet if lStatus != NO_ERROR; there is still work to be done regardless
@@ -2030,24 +2031,26 @@
output.inputId = AUDIO_IO_HANDLE_NONE;
// TODO b/182392553: refactor or clean up
- Identity adjIdentity = input.clientInfo.identity;
- bool updatePid = (adjIdentity.pid == -1);
+ AttributionSourceState adjAttributionSource = input.clientInfo.attributionSource;
+ bool updatePid = (adjAttributionSource.pid == -1);
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- const uid_t currentUid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(adjIdentity.uid));
+ const uid_t currentUid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(
+ adjAttributionSource.uid));
if (!isAudioServerOrMediaServerUid(callingUid)) {
ALOGW_IF(currentUid != callingUid,
"%s uid %d tried to pass itself off as %d",
__FUNCTION__, callingUid, currentUid);
- adjIdentity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
+ adjAttributionSource.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
updatePid = true;
}
const pid_t callingPid = IPCThreadState::self()->getCallingPid();
- const pid_t currentPid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(adjIdentity.pid));
+ const pid_t currentPid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(
+ adjAttributionSource.pid));
if (updatePid) {
ALOGW_IF(currentPid != (pid_t)-1 && currentPid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
__func__, callingUid, callingPid, currentPid);
- adjIdentity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
+ adjAttributionSource.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
}
// we don't yet support anything other than linear PCM
@@ -2075,7 +2078,7 @@
output.selectedDeviceId = input.selectedDeviceId;
output.flags = input.flags;
- client = registerPid(VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(adjIdentity.pid)));
+ client = registerPid(VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(adjAttributionSource.pid)));
// Not a conventional loop, but a retry loop for at most two iterations total.
// Try first maybe with FAST flag then try again without FAST flag if that fails.
@@ -2095,7 +2098,7 @@
input.riid,
sessionId,
// FIXME compare to AudioTrack
- adjIdentity,
+ adjAttributionSource,
&input.config,
output.flags, &output.selectedDeviceId, &portId);
if (lStatus != NO_ERROR) {
@@ -2122,7 +2125,7 @@
input.config.format, input.config.channel_mask,
&output.frameCount, sessionId,
&output.notificationFrameCount,
- callingPid, adjIdentity, &output.flags,
+ callingPid, adjAttributionSource, &output.flags,
input.clientInfo.clientTid,
&lStatus, portId, input.maxSharedAudioHistoryMs);
LOG_ALWAYS_FATAL_IF((lStatus == NO_ERROR) && (recordTrack == 0));
@@ -3605,7 +3608,7 @@
const int32_t priority = request.priority;
const AudioDeviceTypeAddr device = VALUE_OR_RETURN_STATUS(
aidl2legacy_AudioDeviceTypeAddress(request.device));
- Identity adjIdentity = request.identity;
+ AttributionSourceState adjAttributionSource = request.attributionSource;
const audio_session_t sessionId = VALUE_OR_RETURN_STATUS(
aidl2legacy_int32_t_audio_session_t(request.sessionId));
audio_io_handle_t io = VALUE_OR_RETURN_STATUS(
@@ -3623,19 +3626,20 @@
// TODO b/182392553: refactor or make clearer
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- adjIdentity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
- pid_t currentPid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(adjIdentity.pid));
+ adjAttributionSource.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
+ pid_t currentPid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(adjAttributionSource.pid));
if (currentPid == -1 || !isAudioServerOrMediaServerUid(callingUid)) {
const pid_t callingPid = IPCThreadState::self()->getCallingPid();
ALOGW_IF(currentPid != -1 && currentPid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
__func__, callingUid, callingPid, currentPid);
- adjIdentity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
+ adjAttributionSource.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
currentPid = callingPid;
}
ALOGV("createEffect pid %d, effectClient %p, priority %d, sessionId %d, io %d, factory %p",
- adjIdentity.pid, effectClient.get(), priority, sessionId, io, mEffectsFactoryHal.get());
+ adjAttributionSource.pid, effectClient.get(), priority, sessionId, io,
+ mEffectsFactoryHal.get());
if (mEffectsFactoryHal == 0) {
ALOGE("%s: no effects factory hal", __func__);
@@ -3663,7 +3667,7 @@
goto Exit;
}
} else if (sessionId == AUDIO_SESSION_DEVICE) {
- if (!modifyDefaultAudioEffectsAllowed(adjIdentity)) {
+ if (!modifyDefaultAudioEffectsAllowed(adjAttributionSource)) {
ALOGE("%s: device effect permission denied for uid %d", __func__, callingUid);
lStatus = PERMISSION_DENIED;
goto Exit;
@@ -3708,7 +3712,7 @@
// check recording permission for visualizer
if ((memcmp(&descOut.type, SL_IID_VISUALIZATION, sizeof(effect_uuid_t)) == 0) &&
// TODO: Do we need to start/stop op - i.e. is there recording being performed?
- !recordingAllowed(adjIdentity)) {
+ !recordingAllowed(adjAttributionSource)) {
lStatus = PERMISSION_DENIED;
goto Exit;
}
diff --git a/services/audioflinger/AudioFlinger.h b/services/audioflinger/AudioFlinger.h
index b12f52e..fff61f8 100644
--- a/services/audioflinger/AudioFlinger.h
+++ b/services/audioflinger/AudioFlinger.h
@@ -37,6 +37,8 @@
#include <android/media/IAudioFlingerClient.h>
#include <android/media/IAudioTrackCallback.h>
#include <android/os/BnExternalVibrationController.h>
+#include <android/content/AttributionSourceState.h>
+
#include <android-base/macros.h>
#include <cutils/atomic.h>
@@ -124,13 +126,15 @@
#define INCLUDING_FROM_AUDIOFLINGER_H
+using android::content::AttributionSourceState;
+
class AudioFlinger : public AudioFlingerServerAdapter::Delegate
{
public:
static void instantiate() ANDROID_API;
- static media::permission::Identity checkIdentityPackage(
- const media::permission::Identity& identity);
+ static AttributionSourceState checkAttributionSourcePackage(
+ const AttributionSourceState& attributionSource);
status_t dump(int fd, const Vector<String16>& args) override;
diff --git a/services/audioflinger/MmapTracks.h b/services/audioflinger/MmapTracks.h
index ba868d7..eb640bb 100644
--- a/services/audioflinger/MmapTracks.h
+++ b/services/audioflinger/MmapTracks.h
@@ -29,7 +29,7 @@
audio_channel_mask_t channelMask,
audio_session_t sessionId,
bool isOut,
- const media::permission::Identity& identity,
+ const android::content::AttributionSourceState& attributionSource,
pid_t creatorPid,
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE);
virtual ~MmapTrack();
diff --git a/services/audioflinger/PlaybackTracks.h b/services/audioflinger/PlaybackTracks.h
index 30a2432..51a41af 100644
--- a/services/audioflinger/PlaybackTracks.h
+++ b/services/audioflinger/PlaybackTracks.h
@@ -15,8 +15,6 @@
** limitations under the License.
*/
-#include <android/media/permission/Identity.h>
-
#ifndef INCLUDING_FROM_AUDIOFLINGER_H
#error This header file should only be included from AudioFlinger.h
#endif
@@ -28,12 +26,12 @@
bool hasOpPlayAudio() const;
static sp<OpPlayAudioMonitor> createIfNeeded(
- const android::media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_attributes_t& attr, int id,
audio_stream_type_t streamType);
private:
- OpPlayAudioMonitor(const android::media::permission::Identity& identity,
+ OpPlayAudioMonitor(const AttributionSourceState& attributionSource,
audio_usage_t usage, int id);
void onFirstRef() override;
static void getPackagesForUid(uid_t uid, Vector<String16>& packages);
@@ -54,7 +52,7 @@
void checkPlayAudioForUsage();
std::atomic_bool mHasOpPlayAudio;
- const android::media::permission::Identity mIdentity;
+ const AttributionSourceState mAttributionSource;
const int32_t mUsage; // on purpose not audio_usage_t because always checked in appOps as int32_t
const int mId; // for logging purposes only
};
@@ -75,7 +73,7 @@
const sp<IMemory>& sharedBuffer,
audio_session_t sessionId,
pid_t creatorPid,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
audio_output_flags_t flags,
track_type type,
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE,
@@ -334,7 +332,7 @@
audio_format_t format,
audio_channel_mask_t channelMask,
size_t frameCount,
- const android::media::permission::Identity& identity);
+ const AttributionSourceState& attributionSource);
virtual ~OutputTrack();
virtual status_t start(AudioSystem::sync_event_t event =
diff --git a/services/audioflinger/RecordTracks.h b/services/audioflinger/RecordTracks.h
index a1c2de7..88aa7cb 100644
--- a/services/audioflinger/RecordTracks.h
+++ b/services/audioflinger/RecordTracks.h
@@ -15,6 +15,8 @@
** limitations under the License.
*/
+#include <android/content/AttributionSourceState.h>
+
#ifndef INCLUDING_FROM_AUDIOFLINGER_H
#error This header file should only be included from AudioFlinger.h
#endif
@@ -26,11 +28,12 @@
bool hasOp() const;
int32_t getOp() const { return mAppOp; }
- static sp<OpRecordAudioMonitor> createIfNeeded
- (const media::permission::Identity& identity, const audio_attributes_t& attr);
+ static sp<OpRecordAudioMonitor> createIfNeeded(const AttributionSourceState& attributionSource,
+ const audio_attributes_t& attr);
private:
- OpRecordAudioMonitor(const media::permission::Identity& identity, int32_t appOp);
+ OpRecordAudioMonitor(const AttributionSourceState& attributionSource, int32_t appOp);
+
void onFirstRef() override;
AppOpsManager mAppOpsManager;
@@ -50,7 +53,7 @@
void checkOp();
std::atomic_bool mHasOp;
- const media::permission::Identity mIdentity;
+ const AttributionSourceState mAttributionSource;
const int32_t mAppOp;
};
@@ -68,7 +71,7 @@
size_t bufferSize,
audio_session_t sessionId,
pid_t creatorPid,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
audio_input_flags_t flags,
track_type type,
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE,
diff --git a/services/audioflinger/Threads.cpp b/services/audioflinger/Threads.cpp
index 25a19a2..47b4b18 100644
--- a/services/audioflinger/Threads.cpp
+++ b/services/audioflinger/Threads.cpp
@@ -118,7 +118,7 @@
namespace android {
using media::IEffectClient;
-using media::permission::Identity;
+using content::AttributionSourceState;
// retry counts for buffer fill timeout
// 50 * ~20msecs = 1 second
@@ -2129,7 +2129,7 @@
audio_session_t sessionId,
audio_output_flags_t *flags,
pid_t creatorPid,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
pid_t tid,
status_t *status,
audio_port_handle_t portId,
@@ -2424,8 +2424,8 @@
track = new Track(this, client, streamType, attr, sampleRate, format,
channelMask, frameCount,
nullptr /* buffer */, (size_t)0 /* bufferSize */, sharedBuffer,
- sessionId, creatorPid, identity, trackFlags, TrackBase::TYPE_DEFAULT,
- portId, SIZE_MAX /*frameCountToBeReady*/, speed);
+ sessionId, creatorPid, attributionSource, trackFlags,
+ TrackBase::TYPE_DEFAULT, portId, SIZE_MAX /*frameCountToBeReady*/, speed);
lStatus = track != 0 ? track->initCheck() : (status_t) NO_MEMORY;
if (lStatus != NO_ERROR) {
@@ -6886,19 +6886,20 @@
// from different OutputTracks and their associated MixerThreads (e.g. one may
// nearly empty and the other may be dropping data).
- // TODO b/182392769: use identity util, move to server edge
- Identity identity = Identity();
- identity.uid = VALUE_OR_FATAL(legacy2aidl_uid_t_int32_t(
+ // TODO b/182392769: use attribution source util, move to server edge
+ AttributionSourceState attributionSource = AttributionSourceState();
+ attributionSource.uid = VALUE_OR_FATAL(legacy2aidl_uid_t_int32_t(
IPCThreadState::self()->getCallingUid()));
- identity.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(
+ attributionSource.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(
IPCThreadState::self()->getCallingPid()));
+ attributionSource.token = sp<BBinder>::make();
sp<OutputTrack> outputTrack = new OutputTrack(thread,
this,
mSampleRate,
mFormat,
mChannelMask,
frameCount,
- identity);
+ attributionSource);
status_t status = outputTrack != 0 ? outputTrack->initCheck() : (status_t) NO_MEMORY;
if (status != NO_ERROR) {
ALOGE("addOutputTrack() initCheck failed %d", status);
@@ -7822,7 +7823,7 @@
audio_session_t sessionId,
size_t *pNotificationFrameCount,
pid_t creatorPid,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
audio_input_flags_t *flags,
pid_t tid,
status_t *status,
@@ -7836,7 +7837,8 @@
audio_input_flags_t inputFlags = mInput->flags;
audio_input_flags_t requestedFlags = *flags;
uint32_t sampleRate;
- Identity checkedIdentity = AudioFlinger::checkIdentityPackage(identity);
+ AttributionSourceState checkedAttributionSource = AudioFlinger::checkAttributionSourcePackage(
+ attributionSource);
lStatus = initCheck();
if (lStatus != NO_ERROR) {
@@ -7851,7 +7853,7 @@
}
if (maxSharedAudioHistoryMs != 0) {
- if (!captureHotwordAllowed(checkedIdentity)) {
+ if (!captureHotwordAllowed(checkedAttributionSource)) {
lStatus = PERMISSION_DENIED;
goto Exit;
}
@@ -7973,16 +7975,17 @@
Mutex::Autolock _l(mLock);
int32_t startFrames = -1;
if (!mSharedAudioPackageName.empty()
- && mSharedAudioPackageName == checkedIdentity.packageName
+ && mSharedAudioPackageName == checkedAttributionSource.packageName
&& mSharedAudioSessionId == sessionId
- && captureHotwordAllowed(checkedIdentity)) {
+ && captureHotwordAllowed(checkedAttributionSource)) {
startFrames = mSharedAudioStartFrames;
}
track = new RecordTrack(this, client, attr, sampleRate,
format, channelMask, frameCount,
nullptr /* buffer */, (size_t)0 /* bufferSize */, sessionId, creatorPid,
- checkedIdentity, *flags, TrackBase::TYPE_DEFAULT, portId, startFrames);
+ checkedAttributionSource, *flags, TrackBase::TYPE_DEFAULT, portId,
+ startFrames);
lStatus = track->initCheck();
if (lStatus != NO_ERROR) {
@@ -9174,7 +9177,7 @@
audio_port_handle_t *handle)
{
ALOGV("%s clientUid %d mStandby %d mPortId %d *handle %d", __FUNCTION__,
- client.identity.uid, mStandby, mPortId, *handle);
+ client.attributionSource.uid, mStandby, mPortId, *handle);
if (mHalStream == 0) {
return NO_INIT;
}
@@ -9206,7 +9209,7 @@
ret = AudioSystem::getOutputForAttr(&mAttr, &io,
mSessionId,
&stream,
- client.identity,
+ client.attributionSource,
&config,
flags,
&deviceId,
@@ -9223,7 +9226,7 @@
ret = AudioSystem::getInputForAttr(&mAttr, &io,
RECORD_RIID_INVALID,
mSessionId,
- client.identity,
+ client.attributionSource,
&config,
AUDIO_INPUT_FLAG_MMAP_NOIRQ,
&deviceId,
@@ -9263,7 +9266,8 @@
// Given that MmapThread::mAttr is mutable, should a MmapTrack have attributes ?
sp<MmapTrack> track = new MmapTrack(this, attr == nullptr ? mAttr : *attr, mSampleRate, mFormat,
- mChannelMask, mSessionId, isOutput(), client.identity,
+ mChannelMask, mSessionId, isOutput(),
+ client.attributionSource,
IPCThreadState::self()->getCallingPid(), portId);
if (isOutput()) {
@@ -9271,7 +9275,7 @@
mHalVolFloat = -1.0f;
} else if (!track->isSilenced_l()) {
for (const sp<MmapTrack> &t : mActiveTracks) {
- if (t->isSilenced_l() && t->uid() != client.identity.uid)
+ if (t->isSilenced_l() && t->uid() != client.attributionSource.uid)
t->invalidate();
}
}
diff --git a/services/audioflinger/Threads.h b/services/audioflinger/Threads.h
index d4fb995..eee1f2b 100644
--- a/services/audioflinger/Threads.h
+++ b/services/audioflinger/Threads.h
@@ -918,7 +918,7 @@
audio_session_t sessionId,
audio_output_flags_t *flags,
pid_t creatorPid,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
pid_t tid,
status_t *status /*non-NULL*/,
audio_port_handle_t portId,
@@ -1698,7 +1698,7 @@
audio_session_t sessionId,
size_t *pNotificationFrameCount,
pid_t creatorPid,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
audio_input_flags_t *flags,
pid_t tid,
status_t *status /*non-NULL*/,
diff --git a/services/audioflinger/Tracks.cpp b/services/audioflinger/Tracks.cpp
index 09e5ec5..57ff0d7 100644
--- a/services/audioflinger/Tracks.cpp
+++ b/services/audioflinger/Tracks.cpp
@@ -65,7 +65,7 @@
using ::android::aidl_utils::binderStatusFromStatusT;
using binder::Status;
-using media::permission::Identity;
+using content::AttributionSourceState;
using media::VolumeShaper;
// ----------------------------------------------------------------------------
// TrackBase
@@ -238,12 +238,13 @@
}
}
-// TODO b/182392769: use identity util
-static Identity audioServerIdentity(pid_t pid) {
- Identity i{};
- i.uid = AID_AUDIOSERVER;
- i.pid = pid;
- return i;
+// TODO b/182392769: use attribution source util
+static AttributionSourceState audioServerAttributionSource(pid_t pid) {
+ AttributionSourceState attributionSource{};
+ attributionSource.uid = AID_AUDIOSERVER;
+ attributionSource.pid = pid;
+ attributionSource.token = sp<BBinder>::make();
+ return attributionSource;
}
status_t AudioFlinger::ThreadBase::TrackBase::initCheck() const
@@ -498,11 +499,11 @@
// static
sp<AudioFlinger::PlaybackThread::OpPlayAudioMonitor>
AudioFlinger::PlaybackThread::OpPlayAudioMonitor::createIfNeeded(
- const Identity& identity, const audio_attributes_t& attr, int id,
+ const AttributionSourceState& attributionSource, const audio_attributes_t& attr, int id,
audio_stream_type_t streamType)
{
Vector <String16> packages;
- uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid));
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid));
getPackagesForUid(uid, packages);
if (isServiceUid(uid)) {
if (packages.isEmpty()) {
@@ -525,13 +526,15 @@
return nullptr;
}
- Identity checkedIdentity = AudioFlinger::checkIdentityPackage(identity);
- return new OpPlayAudioMonitor(checkedIdentity, attr.usage, id);
+ AttributionSourceState checkedAttributionSource = AudioFlinger::checkAttributionSourcePackage(
+ attributionSource);
+ return new OpPlayAudioMonitor(checkedAttributionSource, attr.usage, id);
}
AudioFlinger::PlaybackThread::OpPlayAudioMonitor::OpPlayAudioMonitor(
- const Identity& identity, audio_usage_t usage, int id)
- : mHasOpPlayAudio(true), mIdentity(identity), mUsage((int32_t) usage), mId(id)
+ const AttributionSourceState& attributionSource, audio_usage_t usage, int id)
+ : mHasOpPlayAudio(true), mAttributionSource(attributionSource), mUsage((int32_t) usage),
+ mId(id)
{
}
@@ -546,10 +549,11 @@
void AudioFlinger::PlaybackThread::OpPlayAudioMonitor::onFirstRef()
{
checkPlayAudioForUsage();
- if (mIdentity.packageName.has_value()) {
+ if (mAttributionSource.packageName.has_value()) {
mOpCallback = new PlayAudioOpCallback(this);
mAppOpsManager.startWatchingMode(AppOpsManager::OP_PLAY_AUDIO,
- VALUE_OR_FATAL(aidl2legacy_string_view_String16(mIdentity.packageName.value_or("")))
+ VALUE_OR_FATAL(aidl2legacy_string_view_String16(
+ mAttributionSource.packageName.value_or("")))
, mOpCallback);
}
}
@@ -563,12 +567,12 @@
// - not called from PlayAudioOpCallback because the callback is not installed in this case
void AudioFlinger::PlaybackThread::OpPlayAudioMonitor::checkPlayAudioForUsage()
{
- if (!mIdentity.packageName.has_value()) {
+ if (!mAttributionSource.packageName.has_value()) {
mHasOpPlayAudio.store(false);
} else {
- uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mIdentity.uid));
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mAttributionSource.uid));
String16 packageName = VALUE_OR_FATAL(
- aidl2legacy_string_view_String16(mIdentity.packageName.value_or("")));
+ aidl2legacy_string_view_String16(mAttributionSource.packageName.value_or("")));
bool hasIt = mAppOpsManager.checkAudioOpNoThrow(AppOpsManager::OP_PLAY_AUDIO,
mUsage, uid, packageName) == AppOpsManager::MODE_ALLOWED;
ALOGD("OpPlayAudio: track:%d usage:%d %smuted", mId, mUsage, hasIt ? "not " : "");
@@ -620,7 +624,7 @@
const sp<IMemory>& sharedBuffer,
audio_session_t sessionId,
pid_t creatorPid,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
audio_output_flags_t flags,
track_type type,
audio_port_handle_t portId,
@@ -634,7 +638,7 @@
(sharedBuffer != 0) ? sharedBuffer->unsecurePointer() : buffer,
(sharedBuffer != 0) ? sharedBuffer->size() : bufferSize,
sessionId, creatorPid,
- VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)), true /*isOut*/,
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid)), true /*isOut*/,
(type == TYPE_PATCH) ? ( buffer == NULL ? ALLOC_LOCAL : ALLOC_NONE) : ALLOC_CBLK,
type,
portId,
@@ -649,7 +653,7 @@
mPresentationCompleteFrames(0),
mFrameMap(16 /* sink-frame-to-track-frame map memory */),
mVolumeHandler(new media::VolumeHandler(sampleRate)),
- mOpPlayAudioMonitor(OpPlayAudioMonitor::createIfNeeded(identity, attr, id(),
+ mOpPlayAudioMonitor(OpPlayAudioMonitor::createIfNeeded(attributionSource, attr, id(),
streamType)),
// mSinkTimestamp
mFastIndex(-1),
@@ -672,7 +676,7 @@
return;
}
- uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid));
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid));
if (!thread->isTrackAllowed_l(channelMask, format, sessionId, uid)) {
ALOGE("%s(%d): no more tracks available", __func__, mId);
releaseCblk(); // this makes the track invalid.
@@ -718,8 +722,8 @@
// HapticGenerator effect, which will generate haptic data, on the track. In that case,
// external vibration is always created for all tracks attached to haptic playback thread.
mAudioVibrationController = new AudioVibrationController(this);
- std::string packageName = identity.packageName.has_value() ?
- identity.packageName.value() : "";
+ std::string packageName = attributionSource.packageName.has_value() ?
+ attributionSource.packageName.value() : "";
mExternalVibration = new os::ExternalVibration(
mUid, packageName, mAttr, mAudioVibrationController);
}
@@ -1840,12 +1844,12 @@
audio_format_t format,
audio_channel_mask_t channelMask,
size_t frameCount,
- const Identity& identity)
+ const AttributionSourceState& attributionSource)
: Track(playbackThread, NULL, AUDIO_STREAM_PATCH,
audio_attributes_t{} /* currently unused for output track */,
sampleRate, format, channelMask, frameCount,
nullptr /* buffer */, (size_t)0 /* bufferSize */, nullptr /* sharedBuffer */,
- AUDIO_SESSION_NONE, getpid(), identity, AUDIO_OUTPUT_FLAG_NONE,
+ AUDIO_SESSION_NONE, getpid(), attributionSource, AUDIO_OUTPUT_FLAG_NONE,
TYPE_OUTPUT),
mActive(false), mSourceThread(sourceThread)
{
@@ -2075,7 +2079,7 @@
audio_attributes_t{} /* currently unused for patch track */,
sampleRate, format, channelMask, frameCount,
buffer, bufferSize, nullptr /* sharedBuffer */,
- AUDIO_SESSION_NONE, getpid(), audioServerIdentity(getpid()), flags,
+ AUDIO_SESSION_NONE, getpid(), audioServerAttributionSource(getpid()), flags,
TYPE_PATCH, AUDIO_PORT_HANDLE_NONE, frameCountToBeReady),
PatchTrackBase(new ClientProxy(mCblk, mBuffer, frameCount, mFrameSize, true, true),
*playbackThread, timeout)
@@ -2213,32 +2217,33 @@
// static
sp<AudioFlinger::RecordThread::OpRecordAudioMonitor>
AudioFlinger::RecordThread::OpRecordAudioMonitor::createIfNeeded(
- const Identity& identity, const audio_attributes_t& attr)
+ const AttributionSourceState& attributionSource, const audio_attributes_t& attr)
{
- if (isServiceUid(identity.uid)) {
+ if (isServiceUid(attributionSource.uid)) {
ALOGV("not silencing record for service %s",
- identity.toString().c_str());
+ attributionSource.toString().c_str());
return nullptr;
}
// Capturing from FM TUNER output is not controlled by an app op
// because it does not affect users privacy as does capturing from an actual microphone.
if (attr.source == AUDIO_SOURCE_FM_TUNER) {
- ALOGV("not muting FM TUNER capture for uid %d", identity.uid);
+ ALOGV("not muting FM TUNER capture for uid %d", attributionSource.uid);
return nullptr;
}
- Identity checkedIdentity = AudioFlinger::checkIdentityPackage(identity);
- if (!checkedIdentity.packageName.has_value()
- || checkedIdentity.packageName.value().size() == 0) {
+ AttributionSourceState checkedAttributionSource = AudioFlinger::checkAttributionSourcePackage(
+ attributionSource);
+ if (!checkedAttributionSource.packageName.has_value()
+ || checkedAttributionSource.packageName.value().size() == 0) {
return nullptr;
}
- return new OpRecordAudioMonitor(checkedIdentity, getOpForSource(attr.source));
+ return new OpRecordAudioMonitor(checkedAttributionSource, getOpForSource(attr.source));
}
AudioFlinger::RecordThread::OpRecordAudioMonitor::OpRecordAudioMonitor(
- const Identity& identity, int32_t appOp)
- : mHasOp(true), mIdentity(identity), mAppOp(appOp)
+ const AttributionSourceState& attributionSource, int32_t appOp)
+ : mHasOp(true), mAttributionSource(attributionSource), mAppOp(appOp)
{
}
@@ -2254,9 +2259,11 @@
{
checkOp();
mOpCallback = new RecordAudioOpCallback(this);
- ALOGV("start watching op %d for %s", mAppOp, mIdentity.toString().c_str());
- mAppOpsManager.startWatchingMode(mAppOp,
- VALUE_OR_FATAL(aidl2legacy_string_view_String16(mIdentity.packageName.value_or(""))),
+ ALOGV("start watching op %d for %s", mAppOp, mAttributionSource.toString().c_str());
+ // TODO: We need to always watch AppOpsManager::OP_RECORD_AUDIO too
+ // since it controls the mic permission for legacy apps.
+ mAppOpsManager.startWatchingMode(mAppOp, VALUE_OR_FATAL(aidl2legacy_string_view_String16(
+ mAttributionSource.packageName.value_or(""))),
mOpCallback);
}
@@ -2272,17 +2279,17 @@
// - not called from RecordAudioOpCallback because the callback is not installed in this case
void AudioFlinger::RecordThread::OpRecordAudioMonitor::checkOp()
{
-
+ // TODO: We need to always check AppOpsManager::OP_RECORD_AUDIO too
+ // since it controls the mic permission for legacy apps.
const int32_t mode = mAppOpsManager.checkOp(mAppOp,
- mIdentity.uid, VALUE_OR_FATAL(aidl2legacy_string_view_String16(
- mIdentity.packageName.value_or(""))));
- const bool hasIt = (mode == AppOpsManager::MODE_ALLOWED);
+ mAttributionSource.uid, VALUE_OR_FATAL(aidl2legacy_string_view_String16(
+ mAttributionSource.packageName.value_or(""))));
+ const bool hasIt = (mode == AppOpsManager::MODE_ALLOWED);
// verbose logging only log when appOp changed
ALOGI_IF(hasIt != mHasOp.load(),
"App op %d missing, %ssilencing record %s",
- mAppOp, hasIt ? "un" : "", mIdentity.toString().c_str());
+ mAppOp, hasIt ? "un" : "", mAttributionSource.toString().c_str());
mHasOp.store(hasIt);
-
}
AudioFlinger::RecordThread::OpRecordAudioMonitor::RecordAudioOpCallback::RecordAudioOpCallback(
@@ -2382,7 +2389,7 @@
size_t bufferSize,
audio_session_t sessionId,
pid_t creatorPid,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
audio_input_flags_t flags,
track_type type,
audio_port_handle_t portId,
@@ -2390,7 +2397,7 @@
: TrackBase(thread, client, attr, sampleRate, format,
channelMask, frameCount, buffer, bufferSize, sessionId,
creatorPid,
- VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)),
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid)),
false /*isOut*/,
(type == TYPE_DEFAULT) ?
((flags & AUDIO_INPUT_FLAG_FAST) ? ALLOC_PIPE : ALLOC_CBLK) :
@@ -2403,7 +2410,7 @@
mRecordBufferConverter(NULL),
mFlags(flags),
mSilenced(false),
- mOpRecordAudioMonitor(OpRecordAudioMonitor::createIfNeeded(identity, attr)),
+ mOpRecordAudioMonitor(OpRecordAudioMonitor::createIfNeeded(attributionSource, attr)),
mStartFrames(startFrames)
{
if (mCblk == NULL) {
@@ -2712,10 +2719,11 @@
return PERMISSION_DENIED;
}
- Identity identity{};
- identity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
- identity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingPid));
- if (!captureHotwordAllowed(identity)) {
+ AttributionSourceState attributionSource{};
+ attributionSource.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
+ attributionSource.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingPid));
+ attributionSource.token = sp<BBinder>::make();
+ if (!captureHotwordAllowed(attributionSource)) {
return PERMISSION_DENIED;
}
@@ -2751,7 +2759,7 @@
audio_attributes_t{} /* currently unused for patch track */,
sampleRate, format, channelMask, frameCount,
buffer, bufferSize, AUDIO_SESSION_NONE, getpid(),
- audioServerIdentity(getpid()), flags, TYPE_PATCH),
+ audioServerAttributionSource(getpid()), flags, TYPE_PATCH),
PatchTrackBase(new ClientProxy(mCblk, mBuffer, frameCount, mFrameSize, false, true),
*recordThread, timeout)
{
@@ -3028,19 +3036,19 @@
audio_channel_mask_t channelMask,
audio_session_t sessionId,
bool isOut,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
pid_t creatorPid,
audio_port_handle_t portId)
: TrackBase(thread, NULL, attr, sampleRate, format,
channelMask, (size_t)0 /* frameCount */,
nullptr /* buffer */, (size_t)0 /* bufferSize */,
sessionId, creatorPid,
- VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)),
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid)),
isOut,
ALLOC_NONE,
TYPE_DEFAULT, portId,
std::string(AMEDIAMETRICS_KEY_PREFIX_AUDIO_MMAP) + std::to_string(portId)),
- mPid(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.pid))),
+ mPid(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.pid))),
mSilenced(false), mSilencedNotified(false)
{
// Once this item is logged by the server, the client can add properties.