Check for app manifest opt-out from playback capture
Query the package manager to check if the app has not opt-out of its
playback being captured.
Test: adb shell audiorecorder --target /data/file1.raw &
adb shell am start -a android.intent.action.VIEW -d file:///system/media/audio/ringtones/Lollipop.ogg -t audio/ogg
adb dumpsys media.audio_policy # check playback is not recorded
# change media player manifest to allowPlaybackCapture=true
adb dumpsys media.audio_policy # check playback is recorded
kill %1
adb pull /data/file1.raw && sox -r 48000 -e signed -b 16 -c 2 file1.raw file.wav&& audacity file.wav
# check silence then sound
Bug: 111453086
Change-Id: Id6fb7d0e10c02b0473bcbc0786e8360536996f48
Signed-off-by: Kevin Rocard <krocard@google.com>
diff --git a/media/utils/ServiceUtilities.cpp b/media/utils/ServiceUtilities.cpp
index 599c446..2fb24f5 100644
--- a/media/utils/ServiceUtilities.cpp
+++ b/media/utils/ServiceUtilities.cpp
@@ -22,6 +22,9 @@
#include <binder/PermissionCache.h>
#include "mediautils/ServiceUtilities.h"
+#include <iterator>
+#include <algorithm>
+
/* When performing permission checks we do not use permission cache for
* runtime permissions (protection level dangerous) as they may change at
* runtime. All other permissions (protection level normal and dangerous)
@@ -220,4 +223,85 @@
return NO_ERROR;
}
+sp<content::pm::IPackageManagerNative> MediaPackageManager::retreivePackageManager() {
+ const sp<IServiceManager> sm = defaultServiceManager();
+ if (sm == nullptr) {
+ ALOGW("%s: failed to retrieve defaultServiceManager", __func__);
+ return nullptr;
+ }
+ sp<IBinder> packageManager = sm->checkService(String16(nativePackageManagerName));
+ if (packageManager == nullptr) {
+ ALOGW("%s: failed to retrieve native package manager", __func__);
+ return nullptr;
+ }
+ return interface_cast<content::pm::IPackageManagerNative>(packageManager);
+}
+
+std::optional<bool> MediaPackageManager::doIsAllowed(uid_t uid) {
+ if (mPackageManager == nullptr) {
+ /** Can not fetch package manager at construction it may not yet be registered. */
+ mPackageManager = retreivePackageManager();
+ if (mPackageManager == nullptr) {
+ ALOGW("%s: Playback capture is denied as package manager is not reachable", __func__);
+ return std::nullopt;
+ }
+ }
+
+ std::vector<std::string> packageNames;
+ auto status = mPackageManager->getNamesForUids({(int32_t)uid}, &packageNames);
+ if (!status.isOk()) {
+ ALOGW("%s: Playback capture is denied for uid %u as the package names could not be "
+ "retrieved from the package manager: %s", __func__, uid, status.toString8().c_str());
+ return std::nullopt;
+ }
+ if (packageNames.empty()) {
+ ALOGW("%s: Playback capture for uid %u is denied as no package name could be retrieved "
+ "from the package manager: %s", __func__, uid, status.toString8().c_str());
+ return std::nullopt;
+ }
+ std::vector<bool> isAllowed;
+ status = mPackageManager->isAudioPlaybackCaptureAllowed(packageNames, &isAllowed);
+ if (!status.isOk()) {
+ ALOGW("%s: Playback capture is denied for uid %u as the manifest property could not be "
+ "retrieved from the package manager: %s", __func__, uid, status.toString8().c_str());
+ return std::nullopt;
+ }
+ if (packageNames.size() != isAllowed.size()) {
+ ALOGW("%s: Playback capture is denied for uid %u as the package manager returned incoherent"
+ " response size: %zu != %zu", __func__, uid, packageNames.size(), isAllowed.size());
+ return std::nullopt;
+ }
+
+ // Zip together packageNames and isAllowed for debug logs
+ Packages& packages = mDebugLog[uid];
+ packages.resize(packageNames.size()); // Reuse all objects
+ std::transform(begin(packageNames), end(packageNames), begin(isAllowed),
+ begin(packages), [] (auto& name, bool isAllowed) -> Package {
+ return {std::move(name), isAllowed};
+ });
+
+ // Only allow playback record if all packages in this UID allow it
+ bool playbackCaptureAllowed = std::all_of(begin(isAllowed), end(isAllowed),
+ [](bool b) { return b; });
+
+ return playbackCaptureAllowed;
+}
+
+void MediaPackageManager::dump(int fd, int spaces) const {
+ dprintf(fd, "%*sAllow playback capture log:\n", spaces, "");
+ if (mPackageManager == nullptr) {
+ dprintf(fd, "%*sNo package manager\n", spaces + 2, "");
+ }
+ dprintf(fd, "%*sPackage manager errors: %u\n", spaces + 2, "", mPackageManagerErrors);
+
+ for (const auto& uidCache : mDebugLog) {
+ for (const auto& package : std::get<Packages>(uidCache)) {
+ dprintf(fd, "%*s- uid=%5u, allowPlaybackCapture=%s, packageName=%s\n", spaces + 2, "",
+ std::get<const uid_t>(uidCache),
+ package.playbackCaptureAllowed ? "true " : "false",
+ package.name.c_str());
+ }
+ }
+}
+
} // namespace android
diff --git a/media/utils/include/mediautils/ServiceUtilities.h b/media/utils/include/mediautils/ServiceUtilities.h
index 98f54c2..94370ee 100644
--- a/media/utils/include/mediautils/ServiceUtilities.h
+++ b/media/utils/include/mediautils/ServiceUtilities.h
@@ -14,13 +14,22 @@
* limitations under the License.
*/
+#ifndef ANDROID_MEDIAUTILS_SERVICEUTILITIES_H
+#define ANDROID_MEDIAUTILS_SERVICEUTILITIES_H
+
#include <unistd.h>
+#include <android/content/pm/IPackageManagerNative.h>
#include <binder/IMemory.h>
#include <binder/PermissionController.h>
#include <cutils/multiuser.h>
#include <private/android_filesystem_config.h>
+#include <map>
+#include <optional>
+#include <string>
+#include <vector>
+
namespace android {
// Audio permission utilities
@@ -72,4 +81,31 @@
bool dumpAllowed();
bool modifyPhoneStateAllowed(pid_t pid, uid_t uid);
status_t checkIMemory(const sp<IMemory>& iMemory);
+
+class MediaPackageManager {
+public:
+ /** Query the PackageManager to check if all apps of an UID allow playback capture. */
+ bool allowPlaybackCapture(uid_t uid) {
+ auto result = doIsAllowed(uid);
+ if (!result) {
+ mPackageManagerErrors++;
+ }
+ return result.value_or(false);
+ }
+ void dump(int fd, int spaces = 0) const;
+private:
+ static constexpr const char* nativePackageManagerName = "package_native";
+ std::optional<bool> doIsAllowed(uid_t uid);
+ sp<content::pm::IPackageManagerNative> retreivePackageManager();
+ sp<content::pm::IPackageManagerNative> mPackageManager; // To check apps manifest
+ uint_t mPackageManagerErrors = 0;
+ struct Package {
+ std::string name;
+ bool playbackCaptureAllowed = false;
+ };
+ using Packages = std::vector<Package>;
+ std::map<uid_t, Packages> mDebugLog;
+};
}
+
+#endif // ANDROID_MEDIAUTILS_SERVICEUTILITIES_H