Switch media fw permissions checks to AttributionSource (av)
Attribution source is the abstraction to capture the data
flows for private data across apps. Checking permissions
for an attribution source does this for all apps in the
chain that would receive the data as well as the relevant
app ops are checked/noted/started as needed.
bug: 158792096
Test: atest CtsMediaTestCases
atest CtsPermissionTestCases
atest CtsPermission2TestCases
atest CtsPermission3TestCases
atest CtsPermission4TestCases
atest CtsPermission5TestCases
atest CtsAppOpsTestCases
atest CtsAppOps2TestCases
Merged-In: I1c5a4321dd3b2d458372058c99604a6ec208717c
Change-Id: I1c5a4321dd3b2d458372058c99604a6ec208717c
diff --git a/services/audiopolicy/AudioPolicyInterface.h b/services/audiopolicy/AudioPolicyInterface.h
index a904321..2e49e71 100644
--- a/services/audiopolicy/AudioPolicyInterface.h
+++ b/services/audiopolicy/AudioPolicyInterface.h
@@ -22,11 +22,13 @@
#include <media/AudioSystem.h>
#include <media/AudioPolicy.h>
#include <media/DeviceDescriptorBase.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <utils/String8.h>
namespace android {
+using content::AttributionSourceState;
+
// ----------------------------------------------------------------------------
// The AudioPolicyInterface and AudioPolicyClientInterface classes define the communication interfaces
@@ -124,7 +126,7 @@
audio_io_handle_t *output,
audio_session_t session,
audio_stream_type_t *stream,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSouce,
const audio_config_t *config,
audio_output_flags_t *flags,
audio_port_handle_t *selectedDeviceId,
@@ -143,7 +145,7 @@
audio_io_handle_t *input,
audio_unique_id_t riid,
audio_session_t session,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSouce,
const audio_config_base_t *config,
audio_input_flags_t flags,
audio_port_handle_t *selectedDeviceId,
diff --git a/services/audiopolicy/fuzzer/Android.bp b/services/audiopolicy/fuzzer/Android.bp
index 38bdedc..faf15d6 100644
--- a/services/audiopolicy/fuzzer/Android.bp
+++ b/services/audiopolicy/fuzzer/Android.bp
@@ -50,7 +50,7 @@
"libbinder",
"libaudiopolicy",
"libaudiopolicymanagerdefault",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
static_libs: [
"android.hardware.audio.common@7.0-enums",
diff --git a/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp b/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp
index 1177b95..7000cd9 100644
--- a/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp
+++ b/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp
@@ -26,7 +26,7 @@
#include <Serializer.h>
#include <android-base/file.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <libxml/parser.h>
#include <libxml/xinclude.h>
#include <media/AudioPolicy.h>
@@ -47,7 +47,7 @@
using namespace ::android::audio::policy::configuration::V7_0;
}
-using media::permission::Identity;
+using content::AttributionSourceState;
static const std::vector<audio_format_t> kAudioFormats = [] {
std::vector<audio_format_t> result;
@@ -249,11 +249,12 @@
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::output_type_t outputType;
- // TODO b/182392769: use identity util
- Identity i;
- i.uid = 0;
- if (mManager->getOutputForAttr(&attr, output, AUDIO_SESSION_NONE, &stream, i, &config,
- &flags, selectedDeviceId, portId, {}, &outputType) != OK) {
+ // TODO b/182392769: use attribution source util
+ AttributionSourceState attributionSource;
+ attributionSource.uid = 0;
+ attributionSource.token = sp<BBinder>::make();
+ if (mManager->getOutputForAttr(&attr, output, AUDIO_SESSION_NONE, &stream, attributionSource,
+ &config, &flags, selectedDeviceId, portId, {}, &outputType) != OK) {
return false;
}
if (*output == AUDIO_IO_HANDLE_NONE || *portId == AUDIO_PORT_HANDLE_NONE) {
@@ -276,10 +277,11 @@
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::input_type_t inputType;
- Identity i;
- i.uid = 0;
- if (mManager->getInputForAttr(&attr, &input, riid, AUDIO_SESSION_NONE, i, &config,
- flags, selectedDeviceId, &inputType, portId) != OK) {
+ AttributionSourceState attributionSource;
+ attributionSource.uid = 0;
+ attributionSource.token = sp<BBinder>::make();
+ if (mManager->getInputForAttr(&attr, &input, riid, AUDIO_SESSION_NONE, attributionSource,
+ &config, flags, selectedDeviceId, &inputType, portId) != OK) {
return false;
}
if (*portId == AUDIO_PORT_HANDLE_NONE || input == AUDIO_IO_HANDLE_NONE) {
diff --git a/services/audiopolicy/managerdefault/Android.bp b/services/audiopolicy/managerdefault/Android.bp
index b111db4..0165dc8 100644
--- a/services/audiopolicy/managerdefault/Android.bp
+++ b/services/audiopolicy/managerdefault/Android.bp
@@ -34,7 +34,7 @@
// a dependency on it in the device makefile. There will be no build time
// conflict with libaudiopolicyenginedefault.
"libaudiopolicyenginedefault",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
"libaudioclient_aidl_conversion",
],
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
index c8ddbc6..2e866ff 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
@@ -53,7 +53,7 @@
namespace android {
-using media::permission::Identity;
+using content::AttributionSourceState;
//FIXME: workaround for truncated touch sounds
// to be removed when the problem is handled by system UI
@@ -1133,7 +1133,7 @@
audio_io_handle_t *output,
audio_session_t session,
audio_stream_type_t *stream,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_config_t *config,
audio_output_flags_t *flags,
audio_port_handle_t *selectedDeviceId,
@@ -1146,7 +1146,7 @@
return INVALID_OPERATION;
}
const uid_t uid = VALUE_OR_RETURN_STATUS(
- aidl2legacy_int32_t_uid_t(identity.uid));
+ aidl2legacy_int32_t_uid_t(attributionSource.uid));
const audio_port_handle_t requestedPortId = *selectedDeviceId;
audio_attributes_t resultAttr;
bool isRequestedDeviceForExclusiveUse = false;
@@ -2115,7 +2115,7 @@
audio_io_handle_t *input,
audio_unique_id_t riid,
audio_session_t session,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_config_base_t *config,
audio_input_flags_t flags,
audio_port_handle_t *selectedDeviceId,
@@ -2134,7 +2134,7 @@
sp<AudioInputDescriptor> inputDesc;
sp<RecordClientDescriptor> clientDesc;
audio_port_handle_t requestedDeviceId = *selectedDeviceId;
- uid_t uid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(identity.uid));
+ uid_t uid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(attributionSource.uid));
bool isSoundTrigger;
// The supplied portId must be AUDIO_PORT_HANDLE_NONE
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.h b/services/audiopolicy/managerdefault/AudioPolicyManager.h
index f5dd20c..98f96d1 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.h
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.h
@@ -52,6 +52,8 @@
namespace android {
+using content::AttributionSourceState;
+
// ----------------------------------------------------------------------------
// Attenuation applied to STRATEGY_SONIFICATION streams when a headset is connected: 6dB
@@ -116,7 +118,7 @@
audio_io_handle_t *output,
audio_session_t session,
audio_stream_type_t *stream,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_config_t *config,
audio_output_flags_t *flags,
audio_port_handle_t *selectedDeviceId,
@@ -130,7 +132,7 @@
audio_io_handle_t *input,
audio_unique_id_t riid,
audio_session_t session,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_config_base_t *config,
audio_input_flags_t flags,
audio_port_handle_t *selectedDeviceId,
diff --git a/services/audiopolicy/service/Android.bp b/services/audiopolicy/service/Android.bp
index 14be671..0273d29 100644
--- a/services/audiopolicy/service/Android.bp
+++ b/services/audiopolicy/service/Android.bp
@@ -45,12 +45,12 @@
"audiopolicy-aidl-cpp",
"audiopolicy-types-aidl-cpp",
"capture_state_listener-aidl-cpp",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
static_libs: [
"libaudiopolicycomponents",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
header_libs: [
@@ -70,6 +70,6 @@
export_shared_lib_headers: [
"libactivitymanager_aidl",
"libsensorprivacy",
- "media_permission-aidl-cpp",
+ "framework-permission-aidl-cpp",
],
}
diff --git a/services/audiopolicy/service/AudioPolicyEffects.cpp b/services/audiopolicy/service/AudioPolicyEffects.cpp
index 8426a77..3f01de9 100644
--- a/services/audiopolicy/service/AudioPolicyEffects.cpp
+++ b/services/audiopolicy/service/AudioPolicyEffects.cpp
@@ -35,7 +35,7 @@
namespace android {
-using media::permission::Identity;
+using content::AttributionSourceState;
// ----------------------------------------------------------------------------
// AudioPolicyEffects Implementation
@@ -123,9 +123,10 @@
Vector <EffectDesc *> effects = mInputSources.valueAt(index)->mEffects;
for (size_t i = 0; i < effects.size(); i++) {
EffectDesc *effect = effects[i];
- Identity identity;
- identity.packageName = "android";
- sp<AudioEffect> fx = new AudioEffect(identity);
+ AttributionSourceState attributionSource;
+ attributionSource.packageName = "android";
+ attributionSource.token = sp<BBinder>::make();
+ sp<AudioEffect> fx = new AudioEffect(attributionSource);
fx->set(NULL, &effect->mUuid, -1, 0, 0, audioSession, input);
status_t status = fx->initCheck();
if (status != NO_ERROR && status != ALREADY_EXISTS) {
@@ -274,9 +275,10 @@
Vector <EffectDesc *> effects = mOutputStreams.valueAt(index)->mEffects;
for (size_t i = 0; i < effects.size(); i++) {
EffectDesc *effect = effects[i];
- Identity identity;
- identity.packageName = "android";
- sp<AudioEffect> fx = new AudioEffect(identity);
+ AttributionSourceState attributionSource;
+ attributionSource.packageName = "android";
+ attributionSource.token = sp<BBinder>::make();
+ sp<AudioEffect> fx = new AudioEffect(attributionSource);
fx->set(NULL, &effect->mUuid, 0, 0, 0, audioSession, output);
status_t status = fx->initCheck();
if (status != NO_ERROR && status != ALREADY_EXISTS) {
@@ -976,9 +978,10 @@
for (const auto& deviceEffectsIter : mDeviceEffects) {
const auto& deviceEffects = deviceEffectsIter.second;
for (const auto& effectDesc : deviceEffects->mEffectDescriptors->mEffects) {
- Identity identity;
- identity.packageName = "android";
- sp<AudioEffect> fx = new AudioEffect(identity);
+ AttributionSourceState attributionSource;
+ attributionSource.packageName = "android";
+ attributionSource.token = sp<BBinder>::make();
+ sp<AudioEffect> fx = new AudioEffect(attributionSource);
fx->set(EFFECT_UUID_NULL, &effectDesc->mUuid, 0, nullptr,
nullptr, AUDIO_SESSION_DEVICE, AUDIO_IO_HANDLE_NONE,
AudioDeviceTypeAddr{deviceEffects->getDeviceType(),
diff --git a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
index b9c715e..3298f6b 100644
--- a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
+++ b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
@@ -25,7 +25,7 @@
#include <media/MediaMetricsItem.h>
#include <media/PolicyAidlConversion.h>
#include <utils/Log.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#define VALUE_OR_RETURN_BINDER_STATUS(x) \
({ auto _tmp = (x); \
@@ -43,7 +43,7 @@
namespace android {
using binder::Status;
using aidl_utils::binderStatusFromStatusT;
-using media::permission::Identity;
+using content::AttributionSourceState;
const std::vector<audio_usage_t>& SYSTEM_USAGES = {
AUDIO_USAGE_CALL_ASSISTANT,
@@ -64,15 +64,16 @@
}
status_t AudioPolicyService::validateUsage(audio_usage_t usage) {
- return validateUsage(usage, getCallingIdentity());
+ return validateUsage(usage, getCallingAttributionSource());
}
-status_t AudioPolicyService::validateUsage(audio_usage_t usage, const Identity& identity) {
+status_t AudioPolicyService::validateUsage(audio_usage_t usage,
+ const AttributionSourceState& attributionSource) {
if (isSystemUsage(usage)) {
if (isSupportedSystemUsage(usage)) {
- if (!modifyAudioRoutingAllowed(identity)) {
+ if (!modifyAudioRoutingAllowed(attributionSource)) {
ALOGE(("permission denied: modify audio routing not allowed "
- "for identity %s"), identity.toString().c_str());
+ "for attributionSource %s"), attributionSource.toString().c_str());
return PERMISSION_DENIED;
}
} else {
@@ -279,7 +280,7 @@
Status AudioPolicyService::getOutputForAttr(const media::AudioAttributesInternal& attrAidl,
int32_t sessionAidl,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
const media::AudioConfig& configAidl,
int32_t flagsAidl,
int32_t selectedDeviceIdAidl,
@@ -307,28 +308,28 @@
RETURN_IF_BINDER_ERROR(
binderStatusFromStatusT(AudioValidator::validateAudioAttributes(attr, "68953950")));
- RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, identity)));
+ RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, attributionSource)));
ALOGV("%s()", __func__);
Mutex::Autolock _l(mLock);
// TODO b/182392553: refactor or remove
- Identity adjIdentity = identity;
+ AttributionSourceState adjAttributionSource = attributionSource;
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- if (!isAudioServerOrMediaServerUid(callingUid) || identity.uid == -1) {
+ if (!isAudioServerOrMediaServerUid(callingUid) || attributionSource.uid == -1) {
int32_t callingUidAidl = VALUE_OR_RETURN_BINDER_STATUS(
legacy2aidl_uid_t_int32_t(callingUid));
- ALOGW_IF(identity.uid != -1 && identity.uid != callingUidAidl,
+ ALOGW_IF(attributionSource.uid != -1 && attributionSource.uid != callingUidAidl,
"%s uid %d tried to pass itself off as %d", __func__,
- callingUidAidl, identity.uid);
- adjIdentity.uid = callingUidAidl;
+ callingUidAidl, attributionSource.uid);
+ adjAttributionSource.uid = callingUidAidl;
}
if (!mPackageManager.allowPlaybackCapture(VALUE_OR_RETURN_BINDER_STATUS(
- aidl2legacy_int32_t_uid_t(adjIdentity.uid)))) {
+ aidl2legacy_int32_t_uid_t(adjAttributionSource.uid)))) {
attr.flags = static_cast<audio_flags_mask_t>(attr.flags | AUDIO_FLAG_NO_MEDIA_PROJECTION);
}
if (((attr.flags & (AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE)) != 0)
- && !bypassInterruptionPolicyAllowed(identity)) {
+ && !bypassInterruptionPolicyAllowed(adjAttributionSource)) {
attr.flags = static_cast<audio_flags_mask_t>(
attr.flags & ~(AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE));
}
@@ -336,7 +337,7 @@
AudioPolicyInterface::output_type_t outputType;
status_t result = mAudioPolicyManager->getOutputForAttr(&attr, &output, session,
&stream,
- adjIdentity,
+ adjAttributionSource,
&config,
&flags, &selectedDeviceId, &portId,
&secondaryOutputs,
@@ -349,16 +350,16 @@
case AudioPolicyInterface::API_OUTPUT_LEGACY:
break;
case AudioPolicyInterface::API_OUTPUT_TELEPHONY_TX:
- if (!modifyPhoneStateAllowed(adjIdentity)) {
+ if (!modifyPhoneStateAllowed(adjAttributionSource)) {
ALOGE("%s() permission denied: modify phone state not allowed for uid %d",
- __func__, adjIdentity.uid);
+ __func__, adjAttributionSource.uid);
result = PERMISSION_DENIED;
}
break;
case AudioPolicyInterface::API_OUT_MIX_PLAYBACK:
- if (!modifyAudioRoutingAllowed(adjIdentity)) {
+ if (!modifyAudioRoutingAllowed(adjAttributionSource)) {
ALOGE("%s() permission denied: modify audio routing not allowed for uid %d",
- __func__, adjIdentity.uid);
+ __func__, adjAttributionSource.uid);
result = PERMISSION_DENIED;
}
break;
@@ -371,7 +372,7 @@
if (result == NO_ERROR) {
sp<AudioPlaybackClient> client =
- new AudioPlaybackClient(attr, output, adjIdentity, session,
+ new AudioPlaybackClient(attr, output, adjAttributionSource, session,
portId, selectedDeviceId, stream);
mAudioPlaybackClients.add(portId, client);
@@ -508,7 +509,7 @@
int32_t inputAidl,
int32_t riidAidl,
int32_t sessionAidl,
- const Identity& identity,
+ const AttributionSourceState& attributionSource,
const media::AudioConfigBase& configAidl,
int32_t flagsAidl,
int32_t selectedDeviceIdAidl,
@@ -551,42 +552,46 @@
return binderStatusFromStatusT(BAD_VALUE);
}
- // Make sure identity represents the current caller
- Identity adjIdentity = identity;
+ // Make sure attribution source represents the current caller
+ AttributionSourceState adjAttributionSource = attributionSource;
// TODO b/182392553: refactor or remove
- bool updatePid = (identity.pid == -1);
+ bool updatePid = (attributionSource.pid == -1);
const uid_t callingUid =IPCThreadState::self()->getCallingUid();
- const uid_t currentUid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(identity.uid));
+ const uid_t currentUid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(
+ attributionSource.uid));
if (!isAudioServerOrMediaServerUid(callingUid)) {
ALOGW_IF(currentUid != (uid_t)-1 && currentUid != callingUid,
"%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid,
currentUid);
- adjIdentity.uid = VALUE_OR_RETURN_BINDER_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
+ adjAttributionSource.uid = VALUE_OR_RETURN_BINDER_STATUS(legacy2aidl_uid_t_int32_t(
+ callingUid));
updatePid = true;
}
if (updatePid) {
const int32_t callingPid = VALUE_OR_RETURN_BINDER_STATUS(legacy2aidl_pid_t_int32_t(
IPCThreadState::self()->getCallingPid()));
- ALOGW_IF(identity.pid != -1 && identity.pid != callingPid,
+ ALOGW_IF(attributionSource.pid != -1 && attributionSource.pid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
- __func__, adjIdentity.uid, callingPid, identity.pid);
- adjIdentity.pid = callingPid;
+ __func__, adjAttributionSource.uid, callingPid, attributionSource.pid);
+ adjAttributionSource.pid = callingPid;
}
- RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, adjIdentity)));
+ RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage,
+ adjAttributionSource)));
// check calling permissions.
// Capturing from FM_TUNER source is controlled by captureTunerAudioInputAllowed() and
// captureAudioOutputAllowed() (deprecated) as this does not affect users privacy
// as does capturing from an actual microphone.
- if (!(recordingAllowed(adjIdentity, attr.source) || attr.source == AUDIO_SOURCE_FM_TUNER)) {
+ if (!(recordingAllowed(adjAttributionSource, attr.source)
+ || attr.source == AUDIO_SOURCE_FM_TUNER)) {
ALOGE("%s permission denied: recording not allowed for %s",
- __func__, adjIdentity.toString().c_str());
+ __func__, adjAttributionSource.toString().c_str());
return binderStatusFromStatusT(PERMISSION_DENIED);
}
- bool canCaptureOutput = captureAudioOutputAllowed(adjIdentity);
+ bool canCaptureOutput = captureAudioOutputAllowed(adjAttributionSource);
if ((inputSource == AUDIO_SOURCE_VOICE_UPLINK ||
inputSource == AUDIO_SOURCE_VOICE_DOWNLINK ||
inputSource == AUDIO_SOURCE_VOICE_CALL ||
@@ -596,12 +601,12 @@
}
if (inputSource == AUDIO_SOURCE_FM_TUNER
- && !captureTunerAudioInputAllowed(adjIdentity)
+ && !captureTunerAudioInputAllowed(adjAttributionSource)
&& !canCaptureOutput) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
- bool canCaptureHotword = captureHotwordAllowed(adjIdentity);
+ bool canCaptureHotword = captureHotwordAllowed(adjAttributionSource);
if ((inputSource == AUDIO_SOURCE_HOTWORD) && !canCaptureHotword) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
@@ -609,7 +614,7 @@
if (((flags & AUDIO_INPUT_FLAG_HW_HOTWORD) != 0)
&& !canCaptureHotword) {
ALOGE("%s: permission denied: hotword mode not allowed"
- " for uid %d pid %d", __func__, adjIdentity.uid, adjIdentity.pid);
+ " for uid %d pid %d", __func__, adjAttributionSource.uid, adjAttributionSource.pid);
return binderStatusFromStatusT(PERMISSION_DENIED);
}
@@ -623,7 +628,7 @@
AutoCallerClear acc;
// the audio_in_acoustics_t parameter is ignored by get_input()
status = mAudioPolicyManager->getInputForAttr(&attr, &input, riid, session,
- adjIdentity, &config,
+ adjAttributionSource, &config,
flags, &selectedDeviceId,
&inputType, &portId);
@@ -647,7 +652,7 @@
}
break;
case AudioPolicyInterface::API_INPUT_MIX_EXT_POLICY_REROUTE:
- if (!modifyAudioRoutingAllowed(adjIdentity)) {
+ if (!modifyAudioRoutingAllowed(adjAttributionSource)) {
ALOGE("getInputForAttr() permission denied: modify audio routing not allowed");
status = PERMISSION_DENIED;
}
@@ -668,7 +673,7 @@
}
sp<AudioRecordClient> client = new AudioRecordClient(attr, input, session, portId,
- selectedDeviceId, adjIdentity,
+ selectedDeviceId, adjAttributionSource,
canCaptureOutput, canCaptureHotword);
mAudioRecordClients.add(portId, client);
}
@@ -723,11 +728,11 @@
msg << "Audio recording on session " << client->session;
// check calling permissions
- if (!(startRecording(client->identity, String16(msg.str().c_str()),
+ if (!(startRecording(client->attributionSource, String16(msg.str().c_str()),
client->attributes.source)
|| client->attributes.source == AUDIO_SOURCE_FM_TUNER)) {
- ALOGE("%s permission denied: recording not allowed for identity %s",
- __func__, client->identity.toString().c_str());
+ ALOGE("%s permission denied: recording not allowed for attribution source %s",
+ __func__, client->attributionSource.toString().c_str());
return binderStatusFromStatusT(PERMISSION_DENIED);
}
@@ -771,13 +776,13 @@
item->setCString(kAudioPolicyRqstSrc,
toString(client->attributes.source).c_str());
item->setInt32(kAudioPolicyRqstSession, client->session);
- if (client->identity.packageName.has_value() &&
- client->identity.packageName.value().size() != 0) {
+ if (client->attributionSource.packageName.has_value() &&
+ client->attributionSource.packageName.value().size() != 0) {
item->setCString(kAudioPolicyRqstPkg,
- client->identity.packageName.value().c_str());
+ client->attributionSource.packageName.value().c_str());
} else {
item->setCString(kAudioPolicyRqstPkg,
- std::to_string(client->identity.uid).c_str());
+ std::to_string(client->attributionSource.uid).c_str());
}
item->setCString(
kAudioPolicyRqstDevice, getDeviceTypeStrForPortId(client->deviceId).c_str());
@@ -793,13 +798,13 @@
item->setCString(kAudioPolicyActiveSrc,
toString(other->attributes.source).c_str());
item->setInt32(kAudioPolicyActiveSession, other->session);
- if (other->identity.packageName.has_value() &&
- other->identity.packageName.value().size() != 0) {
+ if (other->attributionSource.packageName.has_value() &&
+ other->attributionSource.packageName.value().size() != 0) {
item->setCString(kAudioPolicyActivePkg,
- other->identity.packageName.value().c_str());
+ other->attributionSource.packageName.value().c_str());
} else {
item->setCString(kAudioPolicyRqstPkg, std::to_string(
- other->identity.uid).c_str());
+ other->attributionSource.uid).c_str());
}
item->setCString(kAudioPolicyActiveDevice,
getDeviceTypeStrForPortId(other->deviceId).c_str());
@@ -815,7 +820,7 @@
client->active = false;
client->startTimeNs = 0;
updateUidStates_l();
- finishRecording(client->identity, client->attributes.source);
+ finishRecording(client->attributionSource, client->attributes.source);
}
return binderStatusFromStatusT(status);
@@ -844,7 +849,7 @@
updateUidStates_l();
// finish the recording app op
- finishRecording(client->identity, client->attributes.source);
+ finishRecording(client->attributionSource, client->attributes.source);
AutoCallerClear acc;
return binderStatusFromStatusT(mAudioPolicyManager->stopInput(portId));
}
@@ -1641,15 +1646,15 @@
bool needCaptureMediaOutput = std::any_of(mixes.begin(), mixes.end(), [](auto& mix) {
return mix.mAllowPrivilegedMediaPlaybackCapture; });
- const Identity identity = getCallingIdentity();
+ const AttributionSourceState attributionSource = getCallingAttributionSource();
- if (needCaptureMediaOutput && !captureMediaOutputAllowed(identity)) {
+ if (needCaptureMediaOutput && !captureMediaOutputAllowed(attributionSource)) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
if (needCaptureVoiceCommunicationOutput &&
- !captureVoiceCommunicationOutputAllowed(identity)) {
+ !captureVoiceCommunicationOutputAllowed(attributionSource)) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
diff --git a/services/audiopolicy/service/AudioPolicyService.cpp b/services/audiopolicy/service/AudioPolicyService.cpp
index fb38e3d..cd50e21 100644
--- a/services/audiopolicy/service/AudioPolicyService.cpp
+++ b/services/audiopolicy/service/AudioPolicyService.cpp
@@ -594,7 +594,8 @@
for (size_t i =0; i < mAudioRecordClients.size(); i++) {
sp<AudioRecordClient> current = mAudioRecordClients[i];
- uid_t currentUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(current->identity.uid));
+ uid_t currentUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
+ current->attributionSource.uid));
if (!current->active) {
continue;
}
@@ -641,7 +642,7 @@
|| (isInCommunication && currentUid == mPhoneStateOwnerUid)) {
if (!isInCommunication || latestSensitiveActiveOrComm == nullptr
|| VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
- latestSensitiveActiveOrComm->identity.uid))
+ latestSensitiveActiveOrComm->attributionSource.uid))
!= mPhoneStateOwnerUid) {
latestSensitiveActiveOrComm = current;
latestSensitiveStartNs = current->startTimeNs;
@@ -676,7 +677,7 @@
// if audio mode is IN_COMMUNICATION, favor audio mode owner over an app with
// foreground UI in case both are capturing with privacy sensitive flag.
uid_t latestActiveUid = VALUE_OR_FATAL(
- aidl2legacy_int32_t_uid_t(latestSensitiveActiveOrComm->identity.uid));
+ aidl2legacy_int32_t_uid_t(latestSensitiveActiveOrComm->attributionSource.uid));
if (isInCommunication && latestActiveUid == mPhoneStateOwnerUid) {
topSensitiveActive = latestSensitiveActiveOrComm;
topSensitiveStartNs = latestSensitiveStartNs;
@@ -696,20 +697,20 @@
for (size_t i =0; i < mAudioRecordClients.size(); i++) {
sp<AudioRecordClient> current = mAudioRecordClients[i];
uid_t currentUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
- current->identity.uid));
+ current->attributionSource.uid));
if (!current->active) {
continue;
}
audio_source_t source = current->attributes.source;
bool isTopOrLatestActive = topActive == nullptr ? false :
- current->identity.uid == topActive->identity.uid;
+ current->attributionSource.uid == topActive->attributionSource.uid;
bool isTopOrLatestSensitive = topSensitiveActive == nullptr ? false :
- current->identity.uid == topSensitiveActive->identity.uid;
+ current->attributionSource.uid == topSensitiveActive->attributionSource.uid;
auto canCaptureIfInCallOrCommunication = [&](const auto &recordClient) REQUIRES(mLock) {
uid_t recordUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
- recordClient->identity.uid));
+ recordClient->attributionSource.uid));
bool canCaptureCall = recordClient->canCaptureOutput;
bool canCaptureCommunication = recordClient->canCaptureOutput
|| !isPhoneStateOwnerActive
diff --git a/services/audiopolicy/service/AudioPolicyService.h b/services/audiopolicy/service/AudioPolicyService.h
index 6eb33f6..48da40c 100644
--- a/services/audiopolicy/service/AudioPolicyService.h
+++ b/services/audiopolicy/service/AudioPolicyService.h
@@ -1,3 +1,4 @@
+
/*
* Copyright (C) 2009 The Android Open Source Project
*
@@ -38,12 +39,14 @@
#include "CaptureStateNotifier.h"
#include <AudioPolicyInterface.h>
#include <android/hardware/BnSensorPrivacyListener.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <unordered_map>
namespace android {
+using content::AttributionSourceState;
+
// ----------------------------------------------------------------------------
class AudioPolicyService :
@@ -81,7 +84,7 @@
media::AudioPolicyForcedConfig* _aidl_return) override;
binder::Status getOutput(media::AudioStreamType stream, int32_t* _aidl_return) override;
binder::Status getOutputForAttr(const media::AudioAttributesInternal& attr, int32_t session,
- const media::permission::Identity &identity,
+ const AttributionSourceState &attributionSource,
const media::AudioConfig& config,
int32_t flags, int32_t selectedDeviceId,
media::GetOutputForAttrResponse* _aidl_return) override;
@@ -90,7 +93,7 @@
binder::Status releaseOutput(int32_t portId) override;
binder::Status getInputForAttr(const media::AudioAttributesInternal& attr, int32_t input,
int32_t riid, int32_t session,
- const media::permission::Identity &identity,
+ const AttributionSourceState &attributionSource,
const media::AudioConfigBase& config, int32_t flags,
int32_t selectedDeviceId,
media::GetInputForAttrResponse* _aidl_return) override;
@@ -344,7 +347,7 @@
bool isSupportedSystemUsage(audio_usage_t usage);
status_t validateUsage(audio_usage_t usage);
- status_t validateUsage(audio_usage_t usage, const media::permission::Identity& identity);
+ status_t validateUsage(audio_usage_t usage, const AttributionSourceState& attributionSource);
void updateUidStates();
void updateUidStates_l() REQUIRES(mLock);
@@ -791,17 +794,18 @@
public:
AudioClient(const audio_attributes_t attributes,
const audio_io_handle_t io,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
const audio_session_t session, audio_port_handle_t portId,
const audio_port_handle_t deviceId) :
- attributes(attributes), io(io), identity(identity),
- session(session), portId(portId), deviceId(deviceId), active(false) {}
+ attributes(attributes), io(io), attributionSource(
+ attributionSource), session(session), portId(portId),
+ deviceId(deviceId), active(false) {}
~AudioClient() override = default;
const audio_attributes_t attributes; // source, flags ...
const audio_io_handle_t io; // audio HAL stream IO handle
- const media::permission::Identity& identity; //client identity
+ const AttributionSourceState& attributionSource; //client attributionsource
const audio_session_t session; // audio session ID
const audio_port_handle_t portId;
const audio_port_handle_t deviceId; // selected input device port ID
@@ -817,14 +821,15 @@
const audio_io_handle_t io,
const audio_session_t session, audio_port_handle_t portId,
const audio_port_handle_t deviceId,
- const media::permission::Identity& identity,
+ const AttributionSourceState& attributionSource,
bool canCaptureOutput, bool canCaptureHotword) :
- AudioClient(attributes, io, identity,
- session, portId, deviceId), identity(identity), startTimeNs(0),
- canCaptureOutput(canCaptureOutput), canCaptureHotword(canCaptureHotword) {}
+ AudioClient(attributes, io, attributionSource,
+ session, portId, deviceId), attributionSource(attributionSource),
+ startTimeNs(0), canCaptureOutput(canCaptureOutput),
+ canCaptureHotword(canCaptureHotword) {}
~AudioRecordClient() override = default;
- const media::permission::Identity identity; // identity of client
+ const AttributionSourceState attributionSource; // attribution source of client
nsecs_t startTimeNs;
const bool canCaptureOutput;
const bool canCaptureHotword;
@@ -836,10 +841,10 @@
class AudioPlaybackClient : public AudioClient {
public:
AudioPlaybackClient(const audio_attributes_t attributes,
- const audio_io_handle_t io, media::permission::Identity identity,
+ const audio_io_handle_t io, AttributionSourceState attributionSource,
const audio_session_t session, audio_port_handle_t portId,
audio_port_handle_t deviceId, audio_stream_type_t stream) :
- AudioClient(attributes, io, identity, session, portId,
+ AudioClient(attributes, io, attributionSource, session, portId,
deviceId), stream(stream) {}
~AudioPlaybackClient() override = default;
diff --git a/services/audiopolicy/tests/Android.bp b/services/audiopolicy/tests/Android.bp
index f480210..b296fb0 100644
--- a/services/audiopolicy/tests/Android.bp
+++ b/services/audiopolicy/tests/Android.bp
@@ -25,7 +25,8 @@
"libmedia_helper",
"libutils",
"libxml2",
- "media_permission-aidl-cpp",
+ "libpermission",
+ "libbinder",
],
static_libs: [
diff --git a/services/audiopolicy/tests/audiopolicymanager_tests.cpp b/services/audiopolicy/tests/audiopolicymanager_tests.cpp
index 8f12ecf..a16ab7d 100644
--- a/services/audiopolicy/tests/audiopolicymanager_tests.cpp
+++ b/services/audiopolicy/tests/audiopolicymanager_tests.cpp
@@ -25,7 +25,7 @@
#define LOG_TAG "APM_Test"
#include <Serializer.h>
#include <android-base/file.h>
-#include <android/media/permission/Identity.h>
+#include <android/content/AttributionSourceState.h>
#include <media/AudioPolicy.h>
#include <media/PatchBuilder.h>
#include <media/RecordingActivityTracker.h>
@@ -40,7 +40,7 @@
using namespace android;
using testing::UnorderedElementsAre;
-using media::permission::Identity;
+using android::content::AttributionSourceState;
TEST(AudioPolicyManagerTestInit, EngineFailure) {
AudioPolicyTestClient client;
@@ -216,11 +216,12 @@
if (!portId) portId = &localPortId;
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::output_type_t outputType;
- // TODO b/182392769: use identity util
- Identity i = Identity();
- i.uid = 0;
+ // TODO b/182392769: use attribution source util
+ AttributionSourceState attributionSource = AttributionSourceState();
+ attributionSource.uid = 0;
+ attributionSource.token = sp<BBinder>::make();
ASSERT_EQ(OK, mManager->getOutputForAttr(
- &attr, output, AUDIO_SESSION_NONE, &stream, i, &config, &flags,
+ &attr, output, AUDIO_SESSION_NONE, &stream, attributionSource, &config, &flags,
selectedDeviceId, portId, {}, &outputType));
ASSERT_NE(AUDIO_PORT_HANDLE_NONE, *portId);
ASSERT_NE(AUDIO_IO_HANDLE_NONE, *output);
@@ -244,11 +245,12 @@
if (!portId) portId = &localPortId;
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::input_type_t inputType;
- // TODO b/182392769: use identity util
- Identity i = Identity();
- i.uid = 0;
+ // TODO b/182392769: use attribution source util
+ AttributionSourceState attributionSource = AttributionSourceState();
+ attributionSource.uid = 0;
+ attributionSource.token = sp<BBinder>::make();
ASSERT_EQ(OK, mManager->getInputForAttr(
- &attr, &input, riid, AUDIO_SESSION_NONE, i, &config, flags,
+ &attr, &input, riid, AUDIO_SESSION_NONE, attributionSource, &config, flags,
selectedDeviceId, &inputType, portId));
ASSERT_NE(AUDIO_PORT_HANDLE_NONE, *portId);
}