Add attributionTag to audio-recordings
... by replacing packageName/uid/pid by the Identity class.
This allows us to track which parts of the app trigger audio-recordings.
90% of the code is just sending around the additional parameters.
This adds it for the Java and native API.
Test: atest CtsAppOpsTestCases
CtsNativeMediaAAudioTestCases
Fixes: 160150145
Change-Id: Ibd7b884f7fcd4668a4e27f997e59cfc3217a9e89
diff --git a/services/audioflinger/Android.bp b/services/audioflinger/Android.bp
index 518ef9a..2294c49 100644
--- a/services/audioflinger/Android.bp
+++ b/services/audioflinger/Android.bp
@@ -80,6 +80,7 @@
"libmedia_helper",
"libshmemcompat",
"libvibrator",
+ "media_permission-aidl-cpp",
],
static_libs: [
@@ -93,6 +94,10 @@
"libmedia_headers",
],
+ export_shared_lib_headers: [
+ "media_permission-aidl-cpp",
+ ],
+
cflags: [
"-DSTATE_QUEUE_INSTANTIATIONS=\"StateQueueInstantiations.cpp\"",
"-fvisibility=hidden",
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index dacb758..6678287 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -103,6 +103,7 @@
namespace android {
using media::IEffectClient;
+using media::permission::Identity;
static const char kDeadlockedString[] = "AudioFlinger may be deadlocked\n";
static const char kHardwareLockedString[] = "Hardware lock is taken\n";
@@ -355,7 +356,7 @@
ret = AudioSystem::getOutputForAttr(&localAttr, &io,
actualSessionId,
- &streamType, client.clientPid, client.clientUid,
+ &streamType, client.identity,
&fullConfig,
(audio_output_flags_t)(AUDIO_OUTPUT_FLAG_MMAP_NOIRQ |
AUDIO_OUTPUT_FLAG_DIRECT),
@@ -366,9 +367,7 @@
ret = AudioSystem::getInputForAttr(&localAttr, &io,
RECORD_RIID_INVALID,
actualSessionId,
- client.clientPid,
- client.clientUid,
- client.packageName,
+ client.identity,
config,
AUDIO_INPUT_FLAG_MMAP_NOIRQ, deviceId, &portId);
}
@@ -772,27 +771,33 @@
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE;
std::vector<audio_io_handle_t> secondaryOutputs;
- bool updatePid = (input.clientInfo.clientPid == -1);
+ // TODO b/182392553: refactor or make clearer
+ pid_t clientPid =
+ VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(input.clientInfo.identity.pid));
+ bool updatePid = (clientPid == (pid_t)-1);
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- uid_t clientUid = input.clientInfo.clientUid;
+ uid_t clientUid =
+ VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(input.clientInfo.identity.uid));
audio_io_handle_t effectThreadId = AUDIO_IO_HANDLE_NONE;
std::vector<int> effectIds;
audio_attributes_t localAttr = input.attr;
+ Identity adjIdentity = input.clientInfo.identity;
if (!isAudioServerOrMediaServerUid(callingUid)) {
ALOGW_IF(clientUid != callingUid,
"%s uid %d tried to pass itself off as %d",
__FUNCTION__, callingUid, clientUid);
+ adjIdentity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
clientUid = callingUid;
updatePid = true;
}
- pid_t clientPid = input.clientInfo.clientPid;
const pid_t callingPid = IPCThreadState::self()->getCallingPid();
if (updatePid) {
- ALOGW_IF(clientPid != -1 && clientPid != callingPid,
+ ALOGW_IF(clientPid != (pid_t)-1 && clientPid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
__func__, callingUid, callingPid, clientPid);
clientPid = callingPid;
+ adjIdentity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
}
audio_session_t sessionId = input.sessionId;
@@ -807,7 +812,7 @@
output.outputId = AUDIO_IO_HANDLE_NONE;
output.selectedDeviceId = input.selectedDeviceId;
lStatus = AudioSystem::getOutputForAttr(&localAttr, &output.outputId, sessionId, &streamType,
- clientPid, clientUid, &input.config, input.flags,
+ adjIdentity, &input.config, input.flags,
&output.selectedDeviceId, &portId, &secondaryOutputs);
if (lStatus != NO_ERROR || output.outputId == AUDIO_IO_HANDLE_NONE) {
@@ -872,9 +877,8 @@
&output.frameCount, &output.notificationFrameCount,
input.notificationsPerBuffer, input.speed,
input.sharedBuffer, sessionId, &output.flags,
- callingPid, input.clientInfo.clientTid, clientUid,
- &lStatus, portId, input.audioTrackCallback,
- input.opPackageName);
+ callingPid, adjIdentity, input.clientInfo.clientTid,
+ &lStatus, portId, input.audioTrackCallback);
LOG_ALWAYS_FATAL_IF((lStatus == NO_ERROR) && (track == 0));
// we don't abort yet if lStatus != NO_ERROR; there is still work to be done regardless
@@ -2032,23 +2036,25 @@
output.buffers.clear();
output.inputId = AUDIO_IO_HANDLE_NONE;
- bool updatePid = (input.clientInfo.clientPid == -1);
+ // TODO b/182392553: refactor or clean up
+ Identity adjIdentity = input.clientInfo.identity;
+ bool updatePid = (adjIdentity.pid == -1);
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- uid_t clientUid = input.clientInfo.clientUid;
+ const uid_t currentUid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(adjIdentity.uid));
if (!isAudioServerOrMediaServerUid(callingUid)) {
- ALOGW_IF(clientUid != callingUid,
+ ALOGW_IF(currentUid != callingUid,
"%s uid %d tried to pass itself off as %d",
- __FUNCTION__, callingUid, clientUid);
- clientUid = callingUid;
+ __FUNCTION__, callingUid, currentUid);
+ adjIdentity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
updatePid = true;
}
- pid_t clientPid = input.clientInfo.clientPid;
const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ const pid_t currentPid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(adjIdentity.pid));
if (updatePid) {
- ALOGW_IF(clientPid != -1 && clientPid != callingPid,
+ ALOGW_IF(currentPid != (pid_t)-1 && currentPid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
- __func__, callingUid, callingPid, clientPid);
- clientPid = callingPid;
+ __func__, callingUid, callingPid, currentPid);
+ adjIdentity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
}
// we don't yet support anything other than linear PCM
@@ -2076,7 +2082,7 @@
output.selectedDeviceId = input.selectedDeviceId;
output.flags = input.flags;
- client = registerPid(clientPid);
+ client = registerPid(VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(adjIdentity.pid)));
// Not a conventional loop, but a retry loop for at most two iterations total.
// Try first maybe with FAST flag then try again without FAST flag if that fails.
@@ -2096,9 +2102,7 @@
input.riid,
sessionId,
// FIXME compare to AudioTrack
- clientPid,
- clientUid,
- input.opPackageName,
+ adjIdentity,
&input.config,
output.flags, &output.selectedDeviceId, &portId);
if (lStatus != NO_ERROR) {
@@ -2125,10 +2129,9 @@
input.config.format, input.config.channel_mask,
&output.frameCount, sessionId,
&output.notificationFrameCount,
- callingPid, clientUid, &output.flags,
+ callingPid, adjIdentity, &output.flags,
input.clientInfo.clientTid,
- &lStatus, portId,
- input.opPackageName);
+ &lStatus, portId);
LOG_ALWAYS_FATAL_IF((lStatus == NO_ERROR) && (recordTrack == 0));
// lStatus == BAD_TYPE means FAST flag was rejected: request a new input from
@@ -3521,9 +3524,7 @@
const int32_t priority = request.priority;
const AudioDeviceTypeAddr device = VALUE_OR_RETURN_STATUS(
aidl2legacy_AudioDeviceTypeAddress(request.device));
- const String16 opPackageName = VALUE_OR_RETURN_STATUS(
- aidl2legacy_string_view_String16(request.opPackageName));
- pid_t pid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(request.pid));
+ Identity adjIdentity = request.identity;
const audio_session_t sessionId = VALUE_OR_RETURN_STATUS(
aidl2legacy_int32_t_audio_session_t(request.sessionId));
audio_io_handle_t io = VALUE_OR_RETURN_STATUS(
@@ -3539,17 +3540,21 @@
status_t lStatus = NO_ERROR;
+ // TODO b/182392553: refactor or make clearer
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- if (pid == -1 || !isAudioServerOrMediaServerUid(callingUid)) {
+ adjIdentity.uid = VALUE_OR_RETURN_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
+ pid_t currentPid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_pid_t(adjIdentity.pid));
+ if (currentPid == -1 || !isAudioServerOrMediaServerUid(callingUid)) {
const pid_t callingPid = IPCThreadState::self()->getCallingPid();
- ALOGW_IF(pid != -1 && pid != callingPid,
+ ALOGW_IF(currentPid != -1 && currentPid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
- __func__, callingUid, callingPid, pid);
- pid = callingPid;
+ __func__, callingUid, callingPid, currentPid);
+ adjIdentity.pid = VALUE_OR_RETURN_STATUS(legacy2aidl_pid_t_int32_t(callingPid));
+ currentPid = callingPid;
}
ALOGV("createEffect pid %d, effectClient %p, priority %d, sessionId %d, io %d, factory %p",
- pid, effectClient.get(), priority, sessionId, io, mEffectsFactoryHal.get());
+ adjIdentity.pid, effectClient.get(), priority, sessionId, io, mEffectsFactoryHal.get());
if (mEffectsFactoryHal == 0) {
ALOGE("%s: no effects factory hal", __func__);
@@ -3577,7 +3582,7 @@
goto Exit;
}
} else if (sessionId == AUDIO_SESSION_DEVICE) {
- if (!modifyDefaultAudioEffectsAllowed(pid, callingUid)) {
+ if (!modifyDefaultAudioEffectsAllowed(adjIdentity)) {
ALOGE("%s: device effect permission denied for uid %d", __func__, callingUid);
lStatus = PERMISSION_DENIED;
goto Exit;
@@ -3622,7 +3627,7 @@
// check recording permission for visualizer
if ((memcmp(&descOut.type, SL_IID_VISUALIZATION, sizeof(effect_uuid_t)) == 0) &&
// TODO: Do we need to start/stop op - i.e. is there recording being performed?
- !recordingAllowed(opPackageName, pid, callingUid)) {
+ !recordingAllowed(adjIdentity)) {
lStatus = PERMISSION_DENIED;
goto Exit;
}
@@ -3648,7 +3653,7 @@
Mutex::Autolock _l(mLock);
if (sessionId == AUDIO_SESSION_DEVICE) {
- sp<Client> client = registerPid(pid);
+ sp<Client> client = registerPid(currentPid);
ALOGV("%s device type %#x address %s", __func__, device.mType, device.getAddress());
handle = mDeviceEffectManager.createEffect_l(
&descOut, device, client, effectClient, mPatchPanel.patches_l(),
@@ -3752,7 +3757,7 @@
}
}
- sp<Client> client = registerPid(pid);
+ sp<Client> client = registerPid(currentPid);
// create effect on selected output thread
bool pinned = !audio_is_global_session(sessionId) && isSessionAcquired_l(sessionId);
diff --git a/services/audioflinger/MmapTracks.h b/services/audioflinger/MmapTracks.h
index b83f6b5..ba868d7 100644
--- a/services/audioflinger/MmapTracks.h
+++ b/services/audioflinger/MmapTracks.h
@@ -29,8 +29,7 @@
audio_channel_mask_t channelMask,
audio_session_t sessionId,
bool isOut,
- uid_t uid,
- pid_t pid,
+ const media::permission::Identity& identity,
pid_t creatorPid,
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE);
virtual ~MmapTrack();
diff --git a/services/audioflinger/PlaybackTracks.h b/services/audioflinger/PlaybackTracks.h
index c70d6f9..a5b3077 100644
--- a/services/audioflinger/PlaybackTracks.h
+++ b/services/audioflinger/PlaybackTracks.h
@@ -15,6 +15,8 @@
** limitations under the License.
*/
+#include <android/media/permission/Identity.h>
+
#ifndef INCLUDING_FROM_AUDIOFLINGER_H
#error This header file should only be included from AudioFlinger.h
#endif
@@ -26,11 +28,13 @@
bool hasOpPlayAudio() const;
static sp<OpPlayAudioMonitor> createIfNeeded(
- uid_t uid, const audio_attributes_t& attr, int id, audio_stream_type_t streamType,
- const std::string& opPackageName);
+ const android::media::permission::Identity& identity,
+ const audio_attributes_t& attr, int id,
+ audio_stream_type_t streamType);
private:
- OpPlayAudioMonitor(uid_t uid, audio_usage_t usage, int id, const String16& opPackageName);
+ OpPlayAudioMonitor(const android::media::permission::Identity& identity,
+ audio_usage_t usage, int id);
void onFirstRef() override;
static void getPackagesForUid(uid_t uid, Vector<String16>& packages);
@@ -50,10 +54,9 @@
void checkPlayAudioForUsage();
std::atomic_bool mHasOpPlayAudio;
- const uid_t mUid;
+ const android::media::permission::Identity mIdentity;
const int32_t mUsage; // on purpose not audio_usage_t because always checked in appOps as int32_t
const int mId; // for logging purposes only
- const String16 mOpPackageName;
};
// playback track
@@ -72,14 +75,13 @@
const sp<IMemory>& sharedBuffer,
audio_session_t sessionId,
pid_t creatorPid,
- uid_t uid,
+ const media::permission::Identity& identity,
audio_output_flags_t flags,
track_type type,
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE,
/** default behaviour is to start when there are as many frames
* ready as possible (aka. Buffer is full). */
- size_t frameCountToBeReady = SIZE_MAX,
- const std::string opPackageName = "");
+ size_t frameCountToBeReady = SIZE_MAX);
virtual ~Track();
virtual status_t initCheck() const;
@@ -336,7 +338,7 @@
audio_format_t format,
audio_channel_mask_t channelMask,
size_t frameCount,
- uid_t uid);
+ android::media::permission::Identity& identity);
virtual ~OutputTrack();
virtual status_t start(AudioSystem::sync_event_t event =
diff --git a/services/audioflinger/RecordTracks.h b/services/audioflinger/RecordTracks.h
index d87239d..4d03441 100644
--- a/services/audioflinger/RecordTracks.h
+++ b/services/audioflinger/RecordTracks.h
@@ -26,10 +26,10 @@
bool hasOpRecordAudio() const;
static sp<OpRecordAudioMonitor> createIfNeeded
- (uid_t uid, const audio_attributes_t& attr, const String16& opPackageName);
+ (const media::permission::Identity& identity, const audio_attributes_t& attr);
private:
- OpRecordAudioMonitor(uid_t uid, const String16& opPackageName);
+ explicit OpRecordAudioMonitor(const media::permission::Identity& identity);
void onFirstRef() override;
AppOpsManager mAppOpsManager;
@@ -49,8 +49,7 @@
void checkRecordAudio();
std::atomic_bool mHasOpRecordAudio;
- const uid_t mUid;
- const String16 mPackage;
+ const media::permission::Identity mIdentity;
};
// record track
@@ -67,10 +66,9 @@
size_t bufferSize,
audio_session_t sessionId,
pid_t creatorPid,
- uid_t uid,
+ const media::permission::Identity& identity,
audio_input_flags_t flags,
track_type type,
- const String16& opPackageName,
audio_port_handle_t portId = AUDIO_PORT_HANDLE_NONE);
virtual ~RecordTrack();
virtual status_t initCheck() const;
@@ -149,7 +147,7 @@
// used to enforce OP_RECORD_AUDIO
uid_t mUid;
- String16 mOpPackageName;
+ media::permission::Identity mIdentity;
sp<OpRecordAudioMonitor> mOpRecordAudioMonitor;
};
diff --git a/services/audioflinger/Threads.cpp b/services/audioflinger/Threads.cpp
index eaf0d10..90f7a61 100644
--- a/services/audioflinger/Threads.cpp
+++ b/services/audioflinger/Threads.cpp
@@ -108,6 +108,7 @@
// TODO: Move these macro/inlines to a header file.
#define max(a, b) ((a) > (b) ? (a) : (b))
+
template <typename T>
static inline T min(const T& a, const T& b)
{
@@ -117,6 +118,7 @@
namespace android {
using media::IEffectClient;
+using media::permission::Identity;
// retry counts for buffer fill timeout
// 50 * ~20msecs = 1 second
@@ -2076,12 +2078,11 @@
audio_session_t sessionId,
audio_output_flags_t *flags,
pid_t creatorPid,
+ const Identity& identity,
pid_t tid,
- uid_t uid,
status_t *status,
audio_port_handle_t portId,
- const sp<media::IAudioTrackCallback>& callback,
- const std::string& opPackageName)
+ const sp<media::IAudioTrackCallback>& callback)
{
size_t frameCount = *pFrameCount;
size_t notificationFrameCount = *pNotificationFrameCount;
@@ -2172,8 +2173,8 @@
"sampleRate=%u mSampleRate=%u "
"hasFastMixer=%d tid=%d fastTrackAvailMask=%#x",
sharedBuffer.get(), frameCount, mFrameCount, format, mFormat,
- audio_is_linear_pcm(format),
- channelMask, sampleRate, mSampleRate, hasFastMixer(), tid, mFastTrackAvailMask);
+ audio_is_linear_pcm(format), channelMask, sampleRate,
+ mSampleRate, hasFastMixer(), tid, mFastTrackAvailMask);
*flags = (audio_output_flags_t)(*flags & ~AUDIO_OUTPUT_FLAG_FAST);
}
}
@@ -2372,8 +2373,8 @@
track = new Track(this, client, streamType, attr, sampleRate, format,
channelMask, frameCount,
nullptr /* buffer */, (size_t)0 /* bufferSize */, sharedBuffer,
- sessionId, creatorPid, uid, trackFlags, TrackBase::TYPE_DEFAULT, portId,
- SIZE_MAX /*frameCountToBeReady*/, opPackageName);
+ sessionId, creatorPid, identity, trackFlags, TrackBase::TYPE_DEFAULT,
+ portId, SIZE_MAX /*frameCountToBeReady*/);
lStatus = track != 0 ? track->initCheck() : (status_t) NO_MEMORY;
if (lStatus != NO_ERROR) {
@@ -6812,13 +6813,19 @@
// from different OutputTracks and their associated MixerThreads (e.g. one may
// nearly empty and the other may be dropping data).
+ // TODO b/182392769: use identity util, move to server edge
+ Identity identity = Identity();
+ identity.uid = VALUE_OR_FATAL(legacy2aidl_uid_t_int32_t(
+ IPCThreadState::self()->getCallingUid()));
+ identity.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(
+ IPCThreadState::self()->getCallingPid()));
sp<OutputTrack> outputTrack = new OutputTrack(thread,
this,
mSampleRate,
mFormat,
mChannelMask,
frameCount,
- IPCThreadState::self()->getCallingUid());
+ identity);
status_t status = outputTrack != 0 ? outputTrack->initCheck() : (status_t) NO_MEMORY;
if (status != NO_ERROR) {
ALOGE("addOutputTrack() initCheck failed %d", status);
@@ -7730,12 +7737,11 @@
audio_session_t sessionId,
size_t *pNotificationFrameCount,
pid_t creatorPid,
- uid_t uid,
+ const Identity& identity,
audio_input_flags_t *flags,
pid_t tid,
status_t *status,
- audio_port_handle_t portId,
- const String16& opPackageName)
+ audio_port_handle_t portId)
{
size_t frameCount = *pFrameCount;
size_t notificationFrameCount = *pNotificationFrameCount;
@@ -7868,8 +7874,8 @@
track = new RecordTrack(this, client, attr, sampleRate,
format, channelMask, frameCount,
- nullptr /* buffer */, (size_t)0 /* bufferSize */, sessionId, creatorPid, uid,
- *flags, TrackBase::TYPE_DEFAULT, opPackageName, portId);
+ nullptr /* buffer */, (size_t)0 /* bufferSize */, sessionId, creatorPid,
+ identity, *flags, TrackBase::TYPE_DEFAULT, portId);
lStatus = track->initCheck();
if (lStatus != NO_ERROR) {
@@ -8884,7 +8890,7 @@
audio_port_handle_t *handle)
{
ALOGV("%s clientUid %d mStandby %d mPortId %d *handle %d", __FUNCTION__,
- client.clientUid, mStandby, mPortId, *handle);
+ client.identity.uid, mStandby, mPortId, *handle);
if (mHalStream == 0) {
return NO_INIT;
}
@@ -8916,8 +8922,7 @@
ret = AudioSystem::getOutputForAttr(&mAttr, &io,
mSessionId,
&stream,
- client.clientPid,
- client.clientUid,
+ client.identity,
&config,
flags,
&deviceId,
@@ -8934,9 +8939,7 @@
ret = AudioSystem::getInputForAttr(&mAttr, &io,
RECORD_RIID_INVALID,
mSessionId,
- client.clientPid,
- client.clientUid,
- client.packageName,
+ client.identity,
&config,
AUDIO_INPUT_FLAG_MMAP_NOIRQ,
&deviceId,
@@ -8976,16 +8979,15 @@
// Given that MmapThread::mAttr is mutable, should a MmapTrack have attributes ?
sp<MmapTrack> track = new MmapTrack(this, attr == nullptr ? mAttr : *attr, mSampleRate, mFormat,
- mChannelMask, mSessionId, isOutput(), client.clientUid,
- client.clientPid, IPCThreadState::self()->getCallingPid(),
- portId);
+ mChannelMask, mSessionId, isOutput(), client.identity,
+ IPCThreadState::self()->getCallingPid(), portId);
if (isOutput()) {
// force volume update when a new track is added
mHalVolFloat = -1.0f;
} else if (!track->isSilenced_l()) {
for (const sp<MmapTrack> &t : mActiveTracks) {
- if (t->isSilenced_l() && t->uid() != client.clientUid)
+ if (t->isSilenced_l() && t->uid() != client.identity.uid)
t->invalidate();
}
}
diff --git a/services/audioflinger/Threads.h b/services/audioflinger/Threads.h
index c974252..5aa5169 100644
--- a/services/audioflinger/Threads.h
+++ b/services/audioflinger/Threads.h
@@ -882,12 +882,11 @@
audio_session_t sessionId,
audio_output_flags_t *flags,
pid_t creatorPid,
+ const media::permission::Identity& identity,
pid_t tid,
- uid_t uid,
status_t *status /*non-NULL*/,
audio_port_handle_t portId,
- const sp<media::IAudioTrackCallback>& callback,
- const std::string& opPackageName);
+ const sp<media::IAudioTrackCallback>& callback);
AudioStreamOut* getOutput() const;
AudioStreamOut* clearOutput();
@@ -1642,12 +1641,11 @@
audio_session_t sessionId,
size_t *pNotificationFrameCount,
pid_t creatorPid,
- uid_t uid,
+ const media::permission::Identity& identity,
audio_input_flags_t *flags,
pid_t tid,
status_t *status /*non-NULL*/,
- audio_port_handle_t portId,
- const String16& opPackageName);
+ audio_port_handle_t portId);
status_t start(RecordTrack* recordTrack,
AudioSystem::sync_event_t event,
diff --git a/services/audioflinger/Tracks.cpp b/services/audioflinger/Tracks.cpp
index 5454778..a86102f 100644
--- a/services/audioflinger/Tracks.cpp
+++ b/services/audioflinger/Tracks.cpp
@@ -65,6 +65,7 @@
using ::android::aidl_utils::binderStatusFromStatusT;
using binder::Status;
+using media::permission::Identity;
using media::VolumeShaper;
// ----------------------------------------------------------------------------
// TrackBase
@@ -237,6 +238,13 @@
}
}
+// TODO b/182392769: use identity util
+Identity audioServerIdentity() {
+ Identity i = Identity();
+ i.uid = AID_AUDIOSERVER;
+ return i;
+}
+
status_t AudioFlinger::ThreadBase::TrackBase::initCheck() const
{
status_t status;
@@ -489,10 +497,11 @@
// static
sp<AudioFlinger::PlaybackThread::OpPlayAudioMonitor>
AudioFlinger::PlaybackThread::OpPlayAudioMonitor::createIfNeeded(
- uid_t uid, const audio_attributes_t& attr, int id, audio_stream_type_t streamType,
- const std::string& opPackageName)
+ const Identity& identity, const audio_attributes_t& attr, int id,
+ audio_stream_type_t streamType)
{
Vector <String16> packages;
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid));
getPackagesForUid(uid, packages);
if (isServiceUid(uid)) {
if (packages.isEmpty()) {
@@ -515,31 +524,36 @@
return nullptr;
}
- String16 opPackageNameStr(opPackageName.c_str());
- if (opPackageName.empty()) {
+ // TODO b/182392769: use identity util
+ std::optional<std::string> opPackageNameStr = identity.packageName;
+ if (!identity.packageName.has_value()) {
// If no package name is provided by the client, use the first associated with the uid
if (!packages.isEmpty()) {
- opPackageNameStr = packages[0];
+ opPackageNameStr =
+ VALUE_OR_FATAL(legacy2aidl_String16_string(packages[0]));
}
} else {
// If the provided package name is invalid, we force app ops denial by clearing the package
// name passed to OpPlayAudioMonitor
+ String16 opPackageLegacy = VALUE_OR_FATAL(
+ aidl2legacy_string_view_String16(opPackageNameStr.value_or("")));
if (std::find_if(packages.begin(), packages.end(),
- [&opPackageNameStr](const auto& package) {
- return opPackageNameStr == package; }) == packages.end()) {
+ [&opPackageLegacy](const auto& package) {
+ return opPackageLegacy == package; }) == packages.end()) {
ALOGW("The package name(%s) provided does not correspond to the uid %d, "
- "force muting the track", opPackageName.c_str(), uid);
- // Set package name as an empty string so that hasOpPlayAudio will always return false.
- opPackageNameStr = String16("");
+ "force muting the track", opPackageNameStr.value().c_str(), uid);
+ // Set null package name so hasOpPlayAudio will always return false.
+ opPackageNameStr = std::optional<std::string>();
}
}
- return new OpPlayAudioMonitor(uid, attr.usage, id, opPackageNameStr);
+ Identity adjIdentity = identity;
+ adjIdentity.packageName = opPackageNameStr;
+ return new OpPlayAudioMonitor(adjIdentity, attr.usage, id);
}
AudioFlinger::PlaybackThread::OpPlayAudioMonitor::OpPlayAudioMonitor(
- uid_t uid, audio_usage_t usage, int id, const String16& opPackageName)
- : mHasOpPlayAudio(true), mUid(uid), mUsage((int32_t) usage), mId(id),
- mOpPackageName(opPackageName)
+ const Identity& identity, audio_usage_t usage, int id)
+ : mHasOpPlayAudio(true), mIdentity(identity), mUsage((int32_t) usage), mId(id)
{
}
@@ -554,9 +568,11 @@
void AudioFlinger::PlaybackThread::OpPlayAudioMonitor::onFirstRef()
{
checkPlayAudioForUsage();
- if (mOpPackageName.size() != 0) {
+ if (mIdentity.packageName.has_value()) {
mOpCallback = new PlayAudioOpCallback(this);
- mAppOpsManager.startWatchingMode(AppOpsManager::OP_PLAY_AUDIO, mOpPackageName, mOpCallback);
+ mAppOpsManager.startWatchingMode(AppOpsManager::OP_PLAY_AUDIO,
+ VALUE_OR_FATAL(aidl2legacy_string_view_String16(mIdentity.packageName.value_or("")))
+ , mOpCallback);
}
}
@@ -569,11 +585,14 @@
// - not called from PlayAudioOpCallback because the callback is not installed in this case
void AudioFlinger::PlaybackThread::OpPlayAudioMonitor::checkPlayAudioForUsage()
{
- if (mOpPackageName.size() == 0) {
+ if (!mIdentity.packageName.has_value()) {
mHasOpPlayAudio.store(false);
} else {
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mIdentity.uid));
+ String16 packageName = VALUE_OR_FATAL(
+ aidl2legacy_string_view_String16(mIdentity.packageName.value_or("")));
bool hasIt = mAppOpsManager.checkAudioOpNoThrow(AppOpsManager::OP_PLAY_AUDIO,
- mUsage, mUid, mOpPackageName) == AppOpsManager::MODE_ALLOWED;
+ mUsage, uid, packageName) == AppOpsManager::MODE_ALLOWED;
ALOGD("OpPlayAudio: track:%d usage:%d %smuted", mId, mUsage, hasIt ? "not " : "");
mHasOpPlayAudio.store(hasIt);
}
@@ -623,12 +642,11 @@
const sp<IMemory>& sharedBuffer,
audio_session_t sessionId,
pid_t creatorPid,
- uid_t uid,
+ const Identity& identity,
audio_output_flags_t flags,
track_type type,
audio_port_handle_t portId,
- size_t frameCountToBeReady,
- const std::string opPackageName)
+ size_t frameCountToBeReady)
: TrackBase(thread, client, attr, sampleRate, format, channelMask, frameCount,
// TODO: Using unsecurePointer() has some associated security pitfalls
// (see declaration for details).
@@ -636,7 +654,8 @@
// issue (e.g. by copying).
(sharedBuffer != 0) ? sharedBuffer->unsecurePointer() : buffer,
(sharedBuffer != 0) ? sharedBuffer->size() : bufferSize,
- sessionId, creatorPid, uid, true /*isOut*/,
+ sessionId, creatorPid,
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)), true /*isOut*/,
(type == TYPE_PATCH) ? ( buffer == NULL ? ALLOC_LOCAL : ALLOC_NONE) : ALLOC_CBLK,
type,
portId,
@@ -651,8 +670,8 @@
mPresentationCompleteFrames(0),
mFrameMap(16 /* sink-frame-to-track-frame map memory */),
mVolumeHandler(new media::VolumeHandler(sampleRate)),
- mOpPlayAudioMonitor(OpPlayAudioMonitor::createIfNeeded(
- uid, attr, id(), streamType, opPackageName)),
+ mOpPlayAudioMonitor(OpPlayAudioMonitor::createIfNeeded(identity, attr, id(),
+ streamType)),
// mSinkTimestamp
mFrameCountToBeReady(frameCountToBeReady),
mFastIndex(-1),
@@ -674,6 +693,7 @@
return;
}
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid));
if (!thread->isTrackAllowed_l(channelMask, format, sessionId, uid)) {
ALOGE("%s(%d): no more tracks available", __func__, mId);
releaseCblk(); // this makes the track invalid.
@@ -718,8 +738,10 @@
// HapticGenerator effect, which will generate haptic data, on the track. In that case,
// external vibration is always created for all tracks attached to haptic playback thread.
mAudioVibrationController = new AudioVibrationController(this);
+ std::string packageName = identity.packageName.has_value() ?
+ identity.packageName.value() : "";
mExternalVibration = new os::ExternalVibration(
- mUid, opPackageName, mAttr, mAudioVibrationController);
+ mUid, packageName, mAttr, mAudioVibrationController);
}
// Once this item is logged by the server, the client can add properties.
@@ -1821,12 +1843,12 @@
audio_format_t format,
audio_channel_mask_t channelMask,
size_t frameCount,
- uid_t uid)
+ Identity& identity)
: Track(playbackThread, NULL, AUDIO_STREAM_PATCH,
audio_attributes_t{} /* currently unused for output track */,
sampleRate, format, channelMask, frameCount,
nullptr /* buffer */, (size_t)0 /* bufferSize */, nullptr /* sharedBuffer */,
- AUDIO_SESSION_NONE, getpid(), uid, AUDIO_OUTPUT_FLAG_NONE,
+ AUDIO_SESSION_NONE, getpid(), identity, AUDIO_OUTPUT_FLAG_NONE,
TYPE_OUTPUT),
mActive(false), mSourceThread(sourceThread)
{
@@ -2056,8 +2078,8 @@
audio_attributes_t{} /* currently unused for patch track */,
sampleRate, format, channelMask, frameCount,
buffer, bufferSize, nullptr /* sharedBuffer */,
- AUDIO_SESSION_NONE, getpid(), AID_AUDIOSERVER, flags, TYPE_PATCH,
- AUDIO_PORT_HANDLE_NONE, frameCountToBeReady),
+ AUDIO_SESSION_NONE, getpid(), audioServerIdentity(), flags,
+ TYPE_PATCH, AUDIO_PORT_HANDLE_NONE, frameCountToBeReady),
PatchTrackBase(new ClientProxy(mCblk, mBuffer, frameCount, mFrameSize, true, true),
*playbackThread, timeout)
{
@@ -2194,41 +2216,44 @@
// static
sp<AudioFlinger::RecordThread::OpRecordAudioMonitor>
AudioFlinger::RecordThread::OpRecordAudioMonitor::createIfNeeded(
- uid_t uid, const audio_attributes_t& attr, const String16& opPackageName)
+ const Identity& identity, const audio_attributes_t& attr)
{
- if (isServiceUid(uid)) {
- ALOGV("not silencing record for service uid:%d pack:%s",
- uid, String8(opPackageName).string());
+ if (isServiceUid(identity.uid)) {
+ ALOGV("not silencing record for service %s",
+ identity.toString().c_str());
return nullptr;
}
// Capturing from FM TUNER output is not controlled by OP_RECORD_AUDIO
// because it does not affect users privacy as does capturing from an actual microphone.
if (attr.source == AUDIO_SOURCE_FM_TUNER) {
- ALOGV("not muting FM TUNER capture for uid %d", uid);
+ ALOGV("not muting FM TUNER capture for uid %d", identity.uid);
return nullptr;
}
- if (opPackageName.size() == 0) {
+ if (!identity.packageName.has_value() || identity.packageName.value().size() == 0) {
Vector<String16> packages;
// no package name, happens with SL ES clients
// query package manager to find one
PermissionController permissionController;
- permissionController.getPackagesForUid(uid, packages);
+ permissionController.getPackagesForUid(identity.uid, packages);
if (packages.isEmpty()) {
return nullptr;
} else {
- ALOGV("using pack:%s for uid:%d", String8(packages[0]).string(), uid);
- return new OpRecordAudioMonitor(uid, packages[0]);
+ Identity adjIdentity = identity;
+ adjIdentity.packageName =
+ VALUE_OR_FATAL(legacy2aidl_String16_string(packages[0]));
+ ALOGV("using identity:%s", adjIdentity.toString().c_str());
+ return new OpRecordAudioMonitor(adjIdentity);
}
}
- return new OpRecordAudioMonitor(uid, opPackageName);
+ return new OpRecordAudioMonitor(identity);
}
AudioFlinger::RecordThread::OpRecordAudioMonitor::OpRecordAudioMonitor(
- uid_t uid, const String16& opPackageName)
- : mHasOpRecordAudio(true), mUid(uid), mPackage(opPackageName)
+ const Identity& identity)
+ : mHasOpRecordAudio(true), mIdentity(identity)
{
}
@@ -2244,8 +2269,10 @@
{
checkRecordAudio();
mOpCallback = new RecordAudioOpCallback(this);
- ALOGV("start watching OP_RECORD_AUDIO for pack:%s", String8(mPackage).string());
- mAppOpsManager.startWatchingMode(AppOpsManager::OP_RECORD_AUDIO, mPackage, mOpCallback);
+ ALOGV("start watching OP_RECORD_AUDIO for %s", mIdentity.toString().c_str());
+ mAppOpsManager.startWatchingMode(AppOpsManager::OP_RECORD_AUDIO,
+ VALUE_OR_FATAL(aidl2legacy_string_view_String16(mIdentity.packageName.value_or(""))),
+ mOpCallback);
}
bool AudioFlinger::RecordThread::OpRecordAudioMonitor::hasOpRecordAudio() const {
@@ -2260,14 +2287,17 @@
// - not called from RecordAudioOpCallback because the callback is not installed in this case
void AudioFlinger::RecordThread::OpRecordAudioMonitor::checkRecordAudio()
{
+
const int32_t mode = mAppOpsManager.checkOp(AppOpsManager::OP_RECORD_AUDIO,
- mUid, mPackage);
+ mIdentity.uid, VALUE_OR_FATAL(aidl2legacy_string_view_String16(
+ mIdentity.packageName.value_or(""))));
const bool hasIt = (mode == AppOpsManager::MODE_ALLOWED);
// verbose logging only log when appOp changed
ALOGI_IF(hasIt != mHasOpRecordAudio.load(),
- "OP_RECORD_AUDIO missing, %ssilencing record uid%d pack:%s",
- hasIt ? "un" : "", mUid, String8(mPackage).string());
+ "OP_RECORD_AUDIO missing, %ssilencing record %s",
+ hasIt ? "un" : "", mIdentity.toString().c_str());
mHasOpRecordAudio.store(hasIt);
+
}
AudioFlinger::RecordThread::OpRecordAudioMonitor::RecordAudioOpCallback::RecordAudioOpCallback(
@@ -2361,14 +2391,15 @@
size_t bufferSize,
audio_session_t sessionId,
pid_t creatorPid,
- uid_t uid,
+ const Identity& identity,
audio_input_flags_t flags,
track_type type,
- const String16& opPackageName,
audio_port_handle_t portId)
: TrackBase(thread, client, attr, sampleRate, format,
channelMask, frameCount, buffer, bufferSize, sessionId,
- creatorPid, uid, false /*isOut*/,
+ creatorPid,
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)),
+ false /*isOut*/,
(type == TYPE_DEFAULT) ?
((flags & AUDIO_INPUT_FLAG_FAST) ? ALLOC_PIPE : ALLOC_CBLK) :
((buffer == NULL) ? ALLOC_LOCAL : ALLOC_NONE),
@@ -2380,7 +2411,7 @@
mRecordBufferConverter(NULL),
mFlags(flags),
mSilenced(false),
- mOpRecordAudioMonitor(OpRecordAudioMonitor::createIfNeeded(uid, attr, opPackageName))
+ mOpRecordAudioMonitor(OpRecordAudioMonitor::createIfNeeded(mIdentity, attr))
{
if (mCblk == NULL) {
return;
@@ -2421,7 +2452,9 @@
#endif
// Once this item is logged by the server, the client can add properties.
- mTrackMetrics.logConstructor(creatorPid, uid, id());
+ pid_t pid = VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(mIdentity.pid));
+ uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(mIdentity.uid));
+ mTrackMetrics.logConstructor(pid, uid, id());
}
AudioFlinger::RecordThread::RecordTrack::~RecordTrack()
@@ -2692,11 +2725,12 @@
: RecordTrack(recordThread, NULL,
audio_attributes_t{} /* currently unused for patch track */,
sampleRate, format, channelMask, frameCount,
- buffer, bufferSize, AUDIO_SESSION_NONE, getpid(), AID_AUDIOSERVER,
- flags, TYPE_PATCH, String16()),
+ buffer, bufferSize, AUDIO_SESSION_NONE, getpid(),
+ audioServerIdentity(), flags, TYPE_PATCH),
PatchTrackBase(new ClientProxy(mCblk, mBuffer, frameCount, mFrameSize, false, true),
*recordThread, timeout)
{
+ mIdentity.pid = VALUE_OR_FATAL(legacy2aidl_pid_t_int32_t(getpid()));
ALOGV("%s(%d): sampleRate %d mPeerTimeout %d.%03d sec",
__func__, mId, sampleRate,
(int)mPeerTimeout.tv_sec,
@@ -2970,21 +3004,24 @@
audio_channel_mask_t channelMask,
audio_session_t sessionId,
bool isOut,
- uid_t uid,
- pid_t pid,
+ const Identity& identity,
pid_t creatorPid,
audio_port_handle_t portId)
: TrackBase(thread, NULL, attr, sampleRate, format,
channelMask, (size_t)0 /* frameCount */,
nullptr /* buffer */, (size_t)0 /* bufferSize */,
- sessionId, creatorPid, uid, isOut,
+ sessionId, creatorPid,
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)),
+ isOut,
ALLOC_NONE,
TYPE_DEFAULT, portId,
std::string(AMEDIAMETRICS_KEY_PREFIX_AUDIO_MMAP) + std::to_string(portId)),
- mPid(pid), mSilenced(false), mSilencedNotified(false)
+ mPid(VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.pid))),
+ mSilenced(false), mSilencedNotified(false)
{
// Once this item is logged by the server, the client can add properties.
- mTrackMetrics.logConstructor(creatorPid, uid, id());
+ mTrackMetrics.logConstructor(creatorPid,
+ VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(identity.uid)), id());
}
AudioFlinger::MmapThread::MmapTrack::~MmapTrack()