Introduce a system APC with its corresponding opt-out
For system application with the new permission CAPTURE_MEDIA_OUTPUT, or
CAPTURE_AUDIO_OUTPUT, allow to capture the audio of playing apps that
allow it.
Test: adb shell audiorecorder --target /data/file1.raw
Test: atest android.media.cts.AudioPlaybackCaptureTest
Bug: 111453086
Change-Id: I5bfca51e48992234508897c595a076d066db26b2
Signed-off-by: Kevin Rocard <krocard@google.com>
diff --git a/media/libaudioclient/AudioPolicy.cpp b/media/libaudioclient/AudioPolicy.cpp
index 3ab38cd..65e797f 100644
--- a/media/libaudioclient/AudioPolicy.cpp
+++ b/media/libaudioclient/AudioPolicy.cpp
@@ -97,6 +97,7 @@
mDeviceType = (audio_devices_t) parcel->readInt32();
mDeviceAddress = parcel->readString8();
mCbFlags = (uint32_t)parcel->readInt32();
+ mAllowPrivilegedPlaybackCapture = parcel->readBool();
size_t size = (size_t)parcel->readInt32();
if (size > MAX_CRITERIA_PER_MIX) {
size = MAX_CRITERIA_PER_MIX;
@@ -120,6 +121,7 @@
parcel->writeInt32(mDeviceType);
parcel->writeString8(mDeviceAddress);
parcel->writeInt32(mCbFlags);
+ parcel->writeBool(mAllowPrivilegedPlaybackCapture);
size_t size = mCriteria.size();
if (size > MAX_CRITERIA_PER_MIX) {
size = MAX_CRITERIA_PER_MIX;
diff --git a/media/libaudioclient/include/media/AudioPolicy.h b/media/libaudioclient/include/media/AudioPolicy.h
index bf8d627..4b94c12 100644
--- a/media/libaudioclient/include/media/AudioPolicy.h
+++ b/media/libaudioclient/include/media/AudioPolicy.h
@@ -114,6 +114,8 @@
audio_devices_t mDeviceType;
String8 mDeviceAddress;
uint32_t mCbFlags; // flags indicating which callbacks to use, see kCbFlag*
+ /** Ignore the AUDIO_FLAG_NO_MEDIA_PROJECTION */
+ bool mAllowPrivilegedPlaybackCapture = false;
};
diff --git a/media/libmedia/TypeConverter.cpp b/media/libmedia/TypeConverter.cpp
index 469c5b6..5be78d1 100644
--- a/media/libmedia/TypeConverter.cpp
+++ b/media/libmedia/TypeConverter.cpp
@@ -392,7 +392,8 @@
MAKE_STRING_FROM_ENUM(AUDIO_FLAG_BYPASS_MUTE),
MAKE_STRING_FROM_ENUM(AUDIO_FLAG_LOW_LATENCY),
MAKE_STRING_FROM_ENUM(AUDIO_FLAG_DEEP_BUFFER),
- MAKE_STRING_FROM_ENUM(AUDIO_FLAG_NO_CAPTURE),
+ MAKE_STRING_FROM_ENUM(AUDIO_FLAG_NO_MEDIA_PROJECTION),
+ MAKE_STRING_FROM_ENUM(AUDIO_FLAG_NO_SYSTEM_CAPTURE),
TERMINATOR
};
diff --git a/media/utils/ServiceUtilities.cpp b/media/utils/ServiceUtilities.cpp
index 2fb24f5..cb681e0 100644
--- a/media/utils/ServiceUtilities.cpp
+++ b/media/utils/ServiceUtilities.cpp
@@ -130,6 +130,14 @@
return ok;
}
+bool captureMediaOutputAllowed(pid_t pid, uid_t uid) {
+ if (isAudioServerOrRootUid(uid)) return true;
+ static const String16 sCaptureMediaOutput("android.permission.CAPTURE_MEDIA_OUTPUT");
+ bool ok = PermissionCache::checkPermission(sCaptureMediaOutput, pid, uid);
+ if (!ok) ALOGE("Request requires android.permission.CAPTURE_MEDIA_OUTPUT");
+ return ok;
+}
+
bool captureHotwordAllowed(pid_t pid, uid_t uid) {
// CAPTURE_AUDIO_HOTWORD permission implies RECORD_AUDIO permission
bool ok = recordingAllowed(String16(""), pid, uid);
diff --git a/media/utils/include/mediautils/ServiceUtilities.h b/media/utils/include/mediautils/ServiceUtilities.h
index 94370ee..9377ff3 100644
--- a/media/utils/include/mediautils/ServiceUtilities.h
+++ b/media/utils/include/mediautils/ServiceUtilities.h
@@ -74,6 +74,7 @@
bool startRecording(const String16& opPackageName, pid_t pid, uid_t uid);
void finishRecording(const String16& opPackageName, uid_t uid);
bool captureAudioOutputAllowed(pid_t pid, uid_t uid);
+bool captureMediaOutputAllowed(pid_t pid, uid_t uid);
bool captureHotwordAllowed(pid_t pid, uid_t uid);
bool settingsAllowed();
bool modifyAudioRoutingAllowed();
diff --git a/services/audiopolicy/common/managerdefinitions/src/AudioPolicyMix.cpp b/services/audiopolicy/common/managerdefinitions/src/AudioPolicyMix.cpp
index f7289ca..f02db6a9 100644
--- a/services/audiopolicy/common/managerdefinitions/src/AudioPolicyMix.cpp
+++ b/services/audiopolicy/common/managerdefinitions/src/AudioPolicyMix.cpp
@@ -180,7 +180,12 @@
// Loopback render mixes are created from a public API and thus restricted
// to non sensible audio that have not opted out.
if (is_mix_loopback_render(mix->mRouteFlags)) {
- if ((attributes.flags & AUDIO_FLAG_NO_CAPTURE) == AUDIO_FLAG_NO_CAPTURE) {
+ auto hasFlag = [](auto flags, auto flag) { return (flags & flag) == flag; };
+ if (hasFlag(attributes.flags, AUDIO_FLAG_NO_SYSTEM_CAPTURE)) {
+ return MixMatchStatus::NO_MATCH;
+ }
+ if (!mix->mAllowPrivilegedPlaybackCapture &&
+ hasFlag(attributes.flags, AUDIO_FLAG_NO_MEDIA_PROJECTION)) {
return MixMatchStatus::NO_MATCH;
}
if (!(attributes.usage == AUDIO_USAGE_UNKNOWN ||
diff --git a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
index a672521..1ec3262 100644
--- a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
+++ b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
@@ -192,7 +192,7 @@
}
audio_attributes_t attr = *originalAttr;
if (!mPackageManager.allowPlaybackCapture(uid)) {
- attr.flags |= AUDIO_FLAG_NO_CAPTURE;
+ attr.flags |= AUDIO_FLAG_NO_MEDIA_PROJECTION;
}
audio_output_flags_t originalFlags = flags;
AutoCallerClear acc;
@@ -1080,6 +1080,14 @@
return PERMISSION_DENIED;
}
+ bool needCaptureMediaOutput = std::any_of(mixes.begin(), mixes.end(), [](auto& mix) {
+ return mix.mAllowPrivilegedPlaybackCapture; });
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ if (needCaptureMediaOutput && !captureMediaOutputAllowed(callingPid, callingUid)) {
+ return PERMISSION_DENIED;
+ }
+
if (mAudioPolicyManager == NULL) {
return NO_INIT;
}