Add attributionTag to audio-recordings
... by replacing packageName/uid/pid by the Identity class.
This allows us to track which parts of the app trigger audio-recordings.
90% of the code is just sending around the additional parameters.
This adds it for the Java and native API.
Test: atest CtsAppOpsTestCases
CtsNativeMediaAAudioTestCases
Fixes: 160150145
Change-Id: Ibd7b884f7fcd4668a4e27f997e59cfc3217a9e89
diff --git a/services/audiopolicy/AudioPolicyInterface.h b/services/audiopolicy/AudioPolicyInterface.h
index 9132086..b0b0179 100644
--- a/services/audiopolicy/AudioPolicyInterface.h
+++ b/services/audiopolicy/AudioPolicyInterface.h
@@ -21,6 +21,7 @@
#include <media/AudioSystem.h>
#include <media/AudioPolicy.h>
#include <media/DeviceDescriptorBase.h>
+#include <android/media/permission/Identity.h>
#include <utils/String8.h>
namespace android {
@@ -122,7 +123,7 @@
audio_io_handle_t *output,
audio_session_t session,
audio_stream_type_t *stream,
- uid_t uid,
+ const media::permission::Identity& identity,
const audio_config_t *config,
audio_output_flags_t *flags,
audio_port_handle_t *selectedDeviceId,
@@ -141,7 +142,7 @@
audio_io_handle_t *input,
audio_unique_id_t riid,
audio_session_t session,
- uid_t uid,
+ const media::permission::Identity& identity,
const audio_config_base_t *config,
audio_input_flags_t flags,
audio_port_handle_t *selectedDeviceId,
diff --git a/services/audiopolicy/fuzzer/Android.bp b/services/audiopolicy/fuzzer/Android.bp
index 5dbcebd..38bdedc 100644
--- a/services/audiopolicy/fuzzer/Android.bp
+++ b/services/audiopolicy/fuzzer/Android.bp
@@ -50,6 +50,7 @@
"libbinder",
"libaudiopolicy",
"libaudiopolicymanagerdefault",
+ "media_permission-aidl-cpp",
],
static_libs: [
"android.hardware.audio.common@7.0-enums",
diff --git a/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp b/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp
index 692ce08..1177b95 100644
--- a/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp
+++ b/services/audiopolicy/fuzzer/audiopolicy_fuzzer.cpp
@@ -26,6 +26,7 @@
#include <Serializer.h>
#include <android-base/file.h>
+#include <android/media/permission/Identity.h>
#include <libxml/parser.h>
#include <libxml/xinclude.h>
#include <media/AudioPolicy.h>
@@ -46,6 +47,8 @@
using namespace ::android::audio::policy::configuration::V7_0;
}
+using media::permission::Identity;
+
static const std::vector<audio_format_t> kAudioFormats = [] {
std::vector<audio_format_t> result;
for (const auto enumVal : xsdc_enum_range<xsd::AudioFormat>{}) {
@@ -246,7 +249,10 @@
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::output_type_t outputType;
- if (mManager->getOutputForAttr(&attr, output, AUDIO_SESSION_NONE, &stream, 0 /*uid*/, &config,
+ // TODO b/182392769: use identity util
+ Identity i;
+ i.uid = 0;
+ if (mManager->getOutputForAttr(&attr, output, AUDIO_SESSION_NONE, &stream, i, &config,
&flags, selectedDeviceId, portId, {}, &outputType) != OK) {
return false;
}
@@ -270,7 +276,9 @@
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::input_type_t inputType;
- if (mManager->getInputForAttr(&attr, &input, riid, AUDIO_SESSION_NONE, 0 /*uid*/, &config,
+ Identity i;
+ i.uid = 0;
+ if (mManager->getInputForAttr(&attr, &input, riid, AUDIO_SESSION_NONE, i, &config,
flags, selectedDeviceId, &inputType, portId) != OK) {
return false;
}
diff --git a/services/audiopolicy/managerdefault/Android.bp b/services/audiopolicy/managerdefault/Android.bp
index 5572beb..b111db4 100644
--- a/services/audiopolicy/managerdefault/Android.bp
+++ b/services/audiopolicy/managerdefault/Android.bp
@@ -34,6 +34,8 @@
// a dependency on it in the device makefile. There will be no build time
// conflict with libaudiopolicyenginedefault.
"libaudiopolicyenginedefault",
+ "media_permission-aidl-cpp",
+ "libaudioclient_aidl_conversion",
],
header_libs: [
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
index 6b664dd..a91e6c1 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
@@ -52,6 +52,8 @@
namespace android {
+using media::permission::Identity;
+
//FIXME: workaround for truncated touch sounds
// to be removed when the problem is handled by system UI
#define TOUCH_SOUND_FIXED_DELAY_MS 100
@@ -1130,7 +1132,7 @@
audio_io_handle_t *output,
audio_session_t session,
audio_stream_type_t *stream,
- uid_t uid,
+ const Identity& identity,
const audio_config_t *config,
audio_output_flags_t *flags,
audio_port_handle_t *selectedDeviceId,
@@ -1142,6 +1144,8 @@
if (*portId != AUDIO_PORT_HANDLE_NONE) {
return INVALID_OPERATION;
}
+ const uid_t uid = VALUE_OR_RETURN_STATUS(
+ aidl2legacy_int32_t_uid_t(identity.uid));
const audio_port_handle_t requestedPortId = *selectedDeviceId;
audio_attributes_t resultAttr;
bool isRequestedDeviceForExclusiveUse = false;
@@ -2110,7 +2114,7 @@
audio_io_handle_t *input,
audio_unique_id_t riid,
audio_session_t session,
- uid_t uid,
+ const Identity& identity,
const audio_config_base_t *config,
audio_input_flags_t flags,
audio_port_handle_t *selectedDeviceId,
@@ -2129,6 +2133,7 @@
sp<AudioInputDescriptor> inputDesc;
sp<RecordClientDescriptor> clientDesc;
audio_port_handle_t requestedDeviceId = *selectedDeviceId;
+ uid_t uid = VALUE_OR_RETURN_STATUS(aidl2legacy_int32_t_uid_t(identity.uid));
bool isSoundTrigger;
// The supplied portId must be AUDIO_PORT_HANDLE_NONE
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.h b/services/audiopolicy/managerdefault/AudioPolicyManager.h
index bdf82ef..1757187 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.h
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.h
@@ -116,7 +116,7 @@
audio_io_handle_t *output,
audio_session_t session,
audio_stream_type_t *stream,
- uid_t uid,
+ const media::permission::Identity& identity,
const audio_config_t *config,
audio_output_flags_t *flags,
audio_port_handle_t *selectedDeviceId,
@@ -130,7 +130,7 @@
audio_io_handle_t *input,
audio_unique_id_t riid,
audio_session_t session,
- uid_t uid,
+ const media::permission::Identity& identity,
const audio_config_base_t *config,
audio_input_flags_t flags,
audio_port_handle_t *selectedDeviceId,
diff --git a/services/audiopolicy/service/Android.bp b/services/audiopolicy/service/Android.bp
index 439f9f0..d5ba756 100644
--- a/services/audiopolicy/service/Android.bp
+++ b/services/audiopolicy/service/Android.bp
@@ -44,10 +44,12 @@
"audiopolicy-aidl-cpp",
"audiopolicy-types-aidl-cpp",
"capture_state_listener-aidl-cpp",
+ "media_permission-aidl-cpp",
],
static_libs: [
"libaudiopolicycomponents",
+ "media_permission-aidl-cpp",
],
header_libs: [
@@ -66,5 +68,6 @@
export_shared_lib_headers: [
"libsensorprivacy",
+ "media_permission-aidl-cpp",
],
}
diff --git a/services/audiopolicy/service/AudioPolicyEffects.cpp b/services/audiopolicy/service/AudioPolicyEffects.cpp
index 5dac55b..8426a77 100644
--- a/services/audiopolicy/service/AudioPolicyEffects.cpp
+++ b/services/audiopolicy/service/AudioPolicyEffects.cpp
@@ -35,6 +35,8 @@
namespace android {
+using media::permission::Identity;
+
// ----------------------------------------------------------------------------
// AudioPolicyEffects Implementation
// ----------------------------------------------------------------------------
@@ -121,7 +123,9 @@
Vector <EffectDesc *> effects = mInputSources.valueAt(index)->mEffects;
for (size_t i = 0; i < effects.size(); i++) {
EffectDesc *effect = effects[i];
- sp<AudioEffect> fx = new AudioEffect(String16("android"));
+ Identity identity;
+ identity.packageName = "android";
+ sp<AudioEffect> fx = new AudioEffect(identity);
fx->set(NULL, &effect->mUuid, -1, 0, 0, audioSession, input);
status_t status = fx->initCheck();
if (status != NO_ERROR && status != ALREADY_EXISTS) {
@@ -270,7 +274,9 @@
Vector <EffectDesc *> effects = mOutputStreams.valueAt(index)->mEffects;
for (size_t i = 0; i < effects.size(); i++) {
EffectDesc *effect = effects[i];
- sp<AudioEffect> fx = new AudioEffect(String16("android"));
+ Identity identity;
+ identity.packageName = "android";
+ sp<AudioEffect> fx = new AudioEffect(identity);
fx->set(NULL, &effect->mUuid, 0, 0, 0, audioSession, output);
status_t status = fx->initCheck();
if (status != NO_ERROR && status != ALREADY_EXISTS) {
@@ -970,7 +976,9 @@
for (const auto& deviceEffectsIter : mDeviceEffects) {
const auto& deviceEffects = deviceEffectsIter.second;
for (const auto& effectDesc : deviceEffects->mEffectDescriptors->mEffects) {
- sp<AudioEffect> fx = new AudioEffect(String16("android"));
+ Identity identity;
+ identity.packageName = "android";
+ sp<AudioEffect> fx = new AudioEffect(identity);
fx->set(EFFECT_UUID_NULL, &effectDesc->mUuid, 0, nullptr,
nullptr, AUDIO_SESSION_DEVICE, AUDIO_IO_HANDLE_NONE,
AudioDeviceTypeAddr{deviceEffects->getDeviceType(),
diff --git a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
index 07122cc..bf8f2ee 100644
--- a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
+++ b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
@@ -25,6 +25,7 @@
#include <media/MediaMetricsItem.h>
#include <media/PolicyAidlConversion.h>
#include <utils/Log.h>
+#include <android/media/permission/Identity.h>
#define VALUE_OR_RETURN_BINDER_STATUS(x) \
({ auto _tmp = (x); \
@@ -42,6 +43,7 @@
namespace android {
using binder::Status;
using aidl_utils::binderStatusFromStatusT;
+using media::permission::Identity;
const std::vector<audio_usage_t>& SYSTEM_USAGES = {
AUDIO_USAGE_CALL_ASSISTANT,
@@ -62,15 +64,15 @@
}
status_t AudioPolicyService::validateUsage(audio_usage_t usage) {
- return validateUsage(usage, IPCThreadState::self()->getCallingPid(),
- IPCThreadState::self()->getCallingUid());
+ return validateUsage(usage, getCallingIdentity());
}
-status_t AudioPolicyService::validateUsage(audio_usage_t usage, pid_t pid, uid_t uid) {
+status_t AudioPolicyService::validateUsage(audio_usage_t usage, const Identity& identity) {
if (isSystemUsage(usage)) {
if (isSupportedSystemUsage(usage)) {
- if (!modifyAudioRoutingAllowed(pid, uid)) {
- ALOGE("permission denied: modify audio routing not allowed for uid %d", uid);
+ if (!modifyAudioRoutingAllowed(identity)) {
+ ALOGE(("permission denied: modify audio routing not allowed "
+ "for identity %s"), identity.toString().c_str());
return PERMISSION_DENIED;
}
} else {
@@ -276,8 +278,7 @@
Status AudioPolicyService::getOutputForAttr(const media::AudioAttributesInternal& attrAidl,
int32_t sessionAidl,
- int32_t pidAidl,
- int32_t uidAidl,
+ const Identity& identity,
const media::AudioConfig& configAidl,
int32_t flagsAidl,
int32_t selectedDeviceIdAidl,
@@ -288,8 +289,6 @@
audio_session_t session = VALUE_OR_RETURN_BINDER_STATUS(
aidl2legacy_int32_t_audio_session_t(sessionAidl));
audio_stream_type_t stream = AUDIO_STREAM_DEFAULT;
- pid_t pid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_pid_t(pidAidl));
- uid_t uid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(uidAidl));
audio_config_t config = VALUE_OR_RETURN_BINDER_STATUS(
aidl2legacy_AudioConfig_audio_config_t(configAidl));
audio_output_flags_t flags = VALUE_OR_RETURN_BINDER_STATUS(
@@ -307,22 +306,28 @@
RETURN_IF_BINDER_ERROR(
binderStatusFromStatusT(AudioValidator::validateAudioAttributes(attr, "68953950")));
- RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, pid, uid)));
+ RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, identity)));
ALOGV("%s()", __func__);
Mutex::Autolock _l(mLock);
+ // TODO b/182392553: refactor or remove
+ Identity adjIdentity = identity;
const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- if (!isAudioServerOrMediaServerUid(callingUid) || uid == (uid_t)-1) {
- ALOGW_IF(uid != (uid_t)-1 && uid != callingUid,
- "%s uid %d tried to pass itself off as %d", __func__, callingUid, uid);
- uid = callingUid;
+ if (!isAudioServerOrMediaServerUid(callingUid) || identity.uid == -1) {
+ int32_t callingUidAidl = VALUE_OR_RETURN_BINDER_STATUS(
+ legacy2aidl_uid_t_int32_t(callingUid));
+ ALOGW_IF(identity.uid != -1 && identity.uid != callingUidAidl,
+ "%s uid %d tried to pass itself off as %d", __func__,
+ callingUidAidl, identity.uid);
+ adjIdentity.uid = callingUidAidl;
}
- if (!mPackageManager.allowPlaybackCapture(uid)) {
+ if (!mPackageManager.allowPlaybackCapture(VALUE_OR_RETURN_BINDER_STATUS(
+ aidl2legacy_int32_t_uid_t(adjIdentity.uid)))) {
attr.flags = static_cast<audio_flags_mask_t>(attr.flags | AUDIO_FLAG_NO_MEDIA_PROJECTION);
}
if (((attr.flags & (AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE)) != 0)
- && !bypassInterruptionPolicyAllowed(pid, uid)) {
+ && !bypassInterruptionPolicyAllowed(identity)) {
attr.flags = static_cast<audio_flags_mask_t>(
attr.flags & ~(AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE));
}
@@ -330,7 +335,7 @@
AudioPolicyInterface::output_type_t outputType;
status_t result = mAudioPolicyManager->getOutputForAttr(&attr, &output, session,
&stream,
- uid,
+ adjIdentity,
&config,
&flags, &selectedDeviceId, &portId,
&secondaryOutputs,
@@ -343,16 +348,16 @@
case AudioPolicyInterface::API_OUTPUT_LEGACY:
break;
case AudioPolicyInterface::API_OUTPUT_TELEPHONY_TX:
- if (!modifyPhoneStateAllowed(pid, uid)) {
+ if (!modifyPhoneStateAllowed(adjIdentity)) {
ALOGE("%s() permission denied: modify phone state not allowed for uid %d",
- __func__, uid);
+ __func__, adjIdentity.uid);
result = PERMISSION_DENIED;
}
break;
case AudioPolicyInterface::API_OUT_MIX_PLAYBACK:
- if (!modifyAudioRoutingAllowed(pid, uid)) {
+ if (!modifyAudioRoutingAllowed(adjIdentity)) {
ALOGE("%s() permission denied: modify audio routing not allowed for uid %d",
- __func__, uid);
+ __func__, adjIdentity.uid);
result = PERMISSION_DENIED;
}
break;
@@ -365,8 +370,8 @@
if (result == NO_ERROR) {
sp<AudioPlaybackClient> client =
- new AudioPlaybackClient(attr, output, uid, pid, session, portId, selectedDeviceId,
- stream);
+ new AudioPlaybackClient(attr, output, adjIdentity, session,
+ portId, selectedDeviceId, stream);
mAudioPlaybackClients.add(portId, client);
_aidl_return->output = VALUE_OR_RETURN_BINDER_STATUS(
@@ -502,9 +507,7 @@
int32_t inputAidl,
int32_t riidAidl,
int32_t sessionAidl,
- int32_t pidAidl,
- int32_t uidAidl,
- const std::string& opPackageNameAidl,
+ const Identity& identity,
const media::AudioConfigBase& configAidl,
int32_t flagsAidl,
int32_t selectedDeviceIdAidl,
@@ -517,10 +520,6 @@
aidl2legacy_int32_t_audio_unique_id_t(riidAidl));
audio_session_t session = VALUE_OR_RETURN_BINDER_STATUS(
aidl2legacy_int32_t_audio_session_t(sessionAidl));
- pid_t pid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_pid_t(pidAidl));
- uid_t uid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(uidAidl));
- String16 opPackageName = VALUE_OR_RETURN_BINDER_STATUS(
- aidl2legacy_string_view_String16(opPackageNameAidl));
audio_config_base_t config = VALUE_OR_RETURN_BINDER_STATUS(
aidl2legacy_AudioConfigBase_audio_config_base_t(configAidl));
audio_input_flags_t flags = VALUE_OR_RETURN_BINDER_STATUS(
@@ -536,7 +535,6 @@
RETURN_IF_BINDER_ERROR(
binderStatusFromStatusT(AudioValidator::validateAudioAttributes(attr, "68953950")));
- RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, pid, uid)));
audio_source_t inputSource = attr.source;
if (inputSource == AUDIO_SOURCE_DEFAULT) {
@@ -552,34 +550,42 @@
return binderStatusFromStatusT(BAD_VALUE);
}
- bool updatePid = (pid == -1);
- const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ // Make sure identity represents the current caller
+ Identity adjIdentity = identity;
+ // TODO b/182392553: refactor or remove
+ bool updatePid = (identity.pid == -1);
+ const uid_t callingUid =IPCThreadState::self()->getCallingUid();
+ const uid_t currentUid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(identity.uid));
if (!isAudioServerOrMediaServerUid(callingUid)) {
- ALOGW_IF(uid != (uid_t)-1 && uid != callingUid,
- "%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, uid);
- uid = callingUid;
+ ALOGW_IF(currentUid != (uid_t)-1 && currentUid != callingUid,
+ "%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid,
+ currentUid);
+ adjIdentity.uid = VALUE_OR_RETURN_BINDER_STATUS(legacy2aidl_uid_t_int32_t(callingUid));
updatePid = true;
}
if (updatePid) {
- const pid_t callingPid = IPCThreadState::self()->getCallingPid();
- ALOGW_IF(pid != (pid_t)-1 && pid != callingPid,
+ const int32_t callingPid = VALUE_OR_RETURN_BINDER_STATUS(legacy2aidl_pid_t_int32_t(
+ IPCThreadState::self()->getCallingPid()));
+ ALOGW_IF(identity.pid != -1 && identity.pid != callingPid,
"%s uid %d pid %d tried to pass itself off as pid %d",
- __func__, callingUid, callingPid, pid);
- pid = callingPid;
+ __func__, adjIdentity.uid, callingPid, identity.pid);
+ adjIdentity.pid = callingPid;
}
+ RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr.usage, adjIdentity)));
+
// check calling permissions.
// Capturing from FM_TUNER source is controlled by captureTunerAudioInputAllowed() and
// captureAudioOutputAllowed() (deprecated) as this does not affect users privacy
// as does capturing from an actual microphone.
- if (!(recordingAllowed(opPackageName, pid, uid) || attr.source == AUDIO_SOURCE_FM_TUNER)) {
- ALOGE("%s permission denied: recording not allowed for uid %d pid %d",
- __func__, uid, pid);
+ if (!(recordingAllowed(adjIdentity) || attr.source == AUDIO_SOURCE_FM_TUNER)) {
+ ALOGE("%s permission denied: recording not allowed for %s",
+ __func__, adjIdentity.toString().c_str());
return binderStatusFromStatusT(PERMISSION_DENIED);
}
- bool canCaptureOutput = captureAudioOutputAllowed(pid, uid);
+ bool canCaptureOutput = captureAudioOutputAllowed(adjIdentity);
if ((inputSource == AUDIO_SOURCE_VOICE_UPLINK ||
inputSource == AUDIO_SOURCE_VOICE_DOWNLINK ||
inputSource == AUDIO_SOURCE_VOICE_CALL ||
@@ -589,12 +595,12 @@
}
if (inputSource == AUDIO_SOURCE_FM_TUNER
- && !captureTunerAudioInputAllowed(pid, uid)
+ && !captureTunerAudioInputAllowed(adjIdentity)
&& !canCaptureOutput) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
- bool canCaptureHotword = captureHotwordAllowed(opPackageName, pid, uid);
+ bool canCaptureHotword = captureHotwordAllowed(adjIdentity);
if ((inputSource == AUDIO_SOURCE_HOTWORD) && !canCaptureHotword) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
@@ -602,7 +608,7 @@
if (((flags & AUDIO_INPUT_FLAG_HW_HOTWORD) != 0)
&& !canCaptureHotword) {
ALOGE("%s: permission denied: hotword mode not allowed"
- " for uid %d pid %d", __func__, uid, pid);
+ " for uid %d pid %d", __func__, adjIdentity.uid, adjIdentity.pid);
return binderStatusFromStatusT(PERMISSION_DENIED);
}
@@ -615,10 +621,11 @@
{
AutoCallerClear acc;
// the audio_in_acoustics_t parameter is ignored by get_input()
- status = mAudioPolicyManager->getInputForAttr(&attr, &input, riid, session, uid,
- &config,
+ status = mAudioPolicyManager->getInputForAttr(&attr, &input, riid, session,
+ adjIdentity, &config,
flags, &selectedDeviceId,
&inputType, &portId);
+
}
audioPolicyEffects = mAudioPolicyEffects;
@@ -639,7 +646,7 @@
}
break;
case AudioPolicyInterface::API_INPUT_MIX_EXT_POLICY_REROUTE:
- if (!modifyAudioRoutingAllowed(pid, uid)) {
+ if (!modifyAudioRoutingAllowed(adjIdentity)) {
ALOGE("getInputForAttr() permission denied: modify audio routing not allowed");
status = PERMISSION_DENIED;
}
@@ -659,8 +666,8 @@
return binderStatusFromStatusT(status);
}
- sp<AudioRecordClient> client = new AudioRecordClient(attr, input, uid, pid, session, portId,
- selectedDeviceId, opPackageName,
+ sp<AudioRecordClient> client = new AudioRecordClient(attr, input, session, portId,
+ selectedDeviceId, adjIdentity,
canCaptureOutput, canCaptureHotword);
mAudioRecordClients.add(portId, client);
}
@@ -711,12 +718,15 @@
client = mAudioRecordClients.valueAt(index);
}
+ std::stringstream msg;
+ msg << "Audio recording on session " << client->session;
+
// check calling permissions
- if (!(startRecording(client->opPackageName, client->pid, client->uid,
- client->attributes.source)
+ if (!(startRecording(client->identity, String16(msg.str().c_str()),
+ client->attributes.source)
|| client->attributes.source == AUDIO_SOURCE_FM_TUNER)) {
- ALOGE("%s permission denied: recording not allowed for uid %d pid %d",
- __func__, client->uid, client->pid);
+ ALOGE("%s permission denied: recording not allowed for identity %s",
+ __func__, client->identity.toString().c_str());
return binderStatusFromStatusT(PERMISSION_DENIED);
}
@@ -760,11 +770,13 @@
item->setCString(kAudioPolicyRqstSrc,
toString(client->attributes.source).c_str());
item->setInt32(kAudioPolicyRqstSession, client->session);
- if (client->opPackageName.size() != 0) {
+ if (client->identity.packageName.has_value() &&
+ client->identity.packageName.value().size() != 0) {
item->setCString(kAudioPolicyRqstPkg,
- std::string(String8(client->opPackageName).string()).c_str());
+ client->identity.packageName.value().c_str());
} else {
- item->setCString(kAudioPolicyRqstPkg, std::to_string(client->uid).c_str());
+ item->setCString(kAudioPolicyRqstPkg,
+ std::to_string(client->identity.uid).c_str());
}
item->setCString(
kAudioPolicyRqstDevice, getDeviceTypeStrForPortId(client->deviceId).c_str());
@@ -780,12 +792,13 @@
item->setCString(kAudioPolicyActiveSrc,
toString(other->attributes.source).c_str());
item->setInt32(kAudioPolicyActiveSession, other->session);
- if (other->opPackageName.size() != 0) {
+ if (other->identity.packageName.has_value() &&
+ other->identity.packageName.value().size() != 0) {
item->setCString(kAudioPolicyActivePkg,
- std::string(String8(other->opPackageName).string()).c_str());
+ other->identity.packageName.value().c_str());
} else {
- item->setCString(kAudioPolicyRqstPkg,
- std::to_string(other->uid).c_str());
+ item->setCString(kAudioPolicyRqstPkg, std::to_string(
+ other->identity.uid).c_str());
}
item->setCString(kAudioPolicyActiveDevice,
getDeviceTypeStrForPortId(other->deviceId).c_str());
@@ -801,8 +814,7 @@
client->active = false;
client->startTimeNs = 0;
updateUidStates_l();
- finishRecording(client->opPackageName, client->uid,
- client->attributes.source);
+ finishRecording(client->identity, client->attributes.source);
}
return binderStatusFromStatusT(status);
@@ -831,8 +843,7 @@
updateUidStates_l();
// finish the recording app op
- finishRecording(client->opPackageName, client->uid,
- client->attributes.source);
+ finishRecording(client->identity, client->attributes.source);
AutoCallerClear acc;
return binderStatusFromStatusT(mAudioPolicyManager->stopInput(portId));
}
@@ -1629,15 +1640,15 @@
bool needCaptureMediaOutput = std::any_of(mixes.begin(), mixes.end(), [](auto& mix) {
return mix.mAllowPrivilegedMediaPlaybackCapture; });
- const uid_t callingUid = IPCThreadState::self()->getCallingUid();
- const pid_t callingPid = IPCThreadState::self()->getCallingPid();
+ const Identity identity = getCallingIdentity();
- if (needCaptureMediaOutput && !captureMediaOutputAllowed(callingPid, callingUid)) {
+
+ if (needCaptureMediaOutput && !captureMediaOutputAllowed(identity)) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
if (needCaptureVoiceCommunicationOutput &&
- !captureVoiceCommunicationOutputAllowed(callingPid, callingUid)) {
+ !captureVoiceCommunicationOutputAllowed(identity)) {
return binderStatusFromStatusT(PERMISSION_DENIED);
}
diff --git a/services/audiopolicy/service/AudioPolicyService.cpp b/services/audiopolicy/service/AudioPolicyService.cpp
index 90ad81e..35b69d0 100644
--- a/services/audiopolicy/service/AudioPolicyService.cpp
+++ b/services/audiopolicy/service/AudioPolicyService.cpp
@@ -595,23 +595,24 @@
for (size_t i =0; i < mAudioRecordClients.size(); i++) {
sp<AudioRecordClient> current = mAudioRecordClients[i];
+ uid_t currentUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(current->identity.uid));
if (!current->active || (!isVirtualSource(current->attributes.source)
- && isUserSensorPrivacyEnabledForUid(current->uid))) {
+ && isUserSensorPrivacyEnabledForUid(currentUid))) {
continue;
}
- app_state_t appState = apmStatFromAmState(mUidPolicy->getUidState(current->uid));
+ app_state_t appState = apmStatFromAmState(mUidPolicy->getUidState(currentUid));
// clients which app is in IDLE state are not eligible for top active or
// latest active
if (appState == APP_STATE_IDLE) {
continue;
}
- bool isAccessibility = mUidPolicy->isA11yUid(current->uid);
+ bool isAccessibility = mUidPolicy->isA11yUid(currentUid);
// Clients capturing for Accessibility services or virtual sources are not considered
// for top or latest active to avoid masking regular clients started before
if (!isAccessibility && !isVirtualSource(current->attributes.source)) {
- bool isAssistant = mUidPolicy->isAssistantUid(current->uid);
+ bool isAssistant = mUidPolicy->isAssistantUid(currentUid);
bool isPrivacySensitive =
(current->attributes.flags & AUDIO_FLAG_CAPTURE_PRIVATE) != 0;
@@ -639,9 +640,11 @@
// if audio mode is IN_COMMUNICATION, make sure the audio mode owner
// is marked latest sensitive active even if another app qualifies.
if (current->startTimeNs > latestSensitiveStartNs
- || (isInCommunication && current->uid == mPhoneStateOwnerUid)) {
+ || (isInCommunication && currentUid == mPhoneStateOwnerUid)) {
if (!isInCommunication || latestSensitiveActiveOrComm == nullptr
- || latestSensitiveActiveOrComm->uid != mPhoneStateOwnerUid) {
+ || VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
+ latestSensitiveActiveOrComm->identity.uid))
+ != mPhoneStateOwnerUid) {
latestSensitiveActiveOrComm = current;
latestSensitiveStartNs = current->startTimeNs;
}
@@ -658,7 +661,7 @@
if (current->attributes.source != AUDIO_SOURCE_HOTWORD) {
onlyHotwordActive = false;
}
- if (current->uid == mPhoneStateOwnerUid) {
+ if (currentUid == mPhoneStateOwnerUid) {
isPhoneStateOwnerActive = true;
}
}
@@ -674,7 +677,9 @@
} else if (latestSensitiveActiveOrComm != nullptr) {
// if audio mode is IN_COMMUNICATION, favor audio mode owner over an app with
// foreground UI in case both are capturing with privacy sensitive flag.
- if (isInCommunication && latestSensitiveActiveOrComm->uid == mPhoneStateOwnerUid) {
+ uid_t latestActiveUid = VALUE_OR_FATAL(
+ aidl2legacy_int32_t_uid_t(latestSensitiveActiveOrComm->identity.uid));
+ if (isInCommunication && latestActiveUid == mPhoneStateOwnerUid) {
topSensitiveActive = latestSensitiveActiveOrComm;
topSensitiveStartNs = latestSensitiveStartNs;
}
@@ -692,20 +697,25 @@
for (size_t i =0; i < mAudioRecordClients.size(); i++) {
sp<AudioRecordClient> current = mAudioRecordClients[i];
+ uid_t currentUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
+ current->identity.uid));
if (!current->active) {
continue;
}
audio_source_t source = current->attributes.source;
- bool isTopOrLatestActive = topActive == nullptr ? false : current->uid == topActive->uid;
- bool isTopOrLatestSensitive = topSensitiveActive == nullptr ?
- false : current->uid == topSensitiveActive->uid;
+ bool isTopOrLatestActive = topActive == nullptr ? false :
+ current->identity.uid == topActive->identity.uid;
+ bool isTopOrLatestSensitive = topSensitiveActive == nullptr ? false :
+ current->identity.uid == topSensitiveActive->identity.uid;
auto canCaptureIfInCallOrCommunication = [&](const auto &recordClient) REQUIRES(mLock) {
+ uid_t recordUid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(
+ recordClient->identity.uid));
bool canCaptureCall = recordClient->canCaptureOutput;
bool canCaptureCommunication = recordClient->canCaptureOutput
|| !isPhoneStateOwnerActive
- || recordClient->uid == mPhoneStateOwnerUid;
+ || recordUid == mPhoneStateOwnerUid;
return !(isInCall && !canCaptureCall)
&& !(isInCommunication && !canCaptureCommunication);
};
@@ -724,10 +734,10 @@
if (isVirtualSource(source)) {
// Allow capture for virtual (remote submix, call audio TX or RX...) sources
allowCapture = true;
- } else if (isUserSensorPrivacyEnabledForUid(current->uid)) {
+ } else if (isUserSensorPrivacyEnabledForUid(currentUid)) {
// If sensor privacy is enabled, don't allow capture
allowCapture = false;
- } else if (mUidPolicy->isAssistantUid(current->uid)) {
+ } else if (mUidPolicy->isAssistantUid(currentUid)) {
// For assistant allow capture if:
// An accessibility service is on TOP or a RTT call is active
// AND the source is VOICE_RECOGNITION or HOTWORD
@@ -747,7 +757,7 @@
allowCapture = true;
}
}
- } else if (mUidPolicy->isA11yUid(current->uid)) {
+ } else if (mUidPolicy->isA11yUid(currentUid)) {
// For accessibility service allow capture if:
// The assistant is not on TOP
// AND there is no active privacy sensitive capture or call
@@ -773,7 +783,7 @@
&& canCaptureIfInCallOrCommunication(current)) {
allowCapture = true;
}
- } else if (mUidPolicy->isCurrentImeUid(current->uid)) {
+ } else if (mUidPolicy->isCurrentImeUid(currentUid)) {
// For current InputMethodService allow capture if:
// A RTT call is active AND the source is VOICE_RECOGNITION
if (rttCallActive && source == AUDIO_SOURCE_VOICE_RECOGNITION) {
@@ -781,7 +791,7 @@
}
}
setAppState_l(current->portId,
- allowCapture ? apmStatFromAmState(mUidPolicy->getUidState(current->uid)) :
+ allowCapture ? apmStatFromAmState(mUidPolicy->getUidState(currentUid)) :
APP_STATE_IDLE);
}
}
diff --git a/services/audiopolicy/service/AudioPolicyService.h b/services/audiopolicy/service/AudioPolicyService.h
index a11b2cc..15846ec 100644
--- a/services/audiopolicy/service/AudioPolicyService.h
+++ b/services/audiopolicy/service/AudioPolicyService.h
@@ -38,6 +38,8 @@
#include "CaptureStateNotifier.h"
#include <AudioPolicyInterface.h>
#include <android/hardware/BnSensorPrivacyListener.h>
+#include <android/media/permission/Identity.h>
+
#include <unordered_map>
namespace android {
@@ -79,15 +81,16 @@
media::AudioPolicyForcedConfig* _aidl_return) override;
binder::Status getOutput(media::AudioStreamType stream, int32_t* _aidl_return) override;
binder::Status getOutputForAttr(const media::AudioAttributesInternal& attr, int32_t session,
- int32_t pid, int32_t uid, const media::AudioConfig& config,
+ const media::permission::Identity &identity,
+ const media::AudioConfig& config,
int32_t flags, int32_t selectedDeviceId,
media::GetOutputForAttrResponse* _aidl_return) override;
binder::Status startOutput(int32_t portId) override;
binder::Status stopOutput(int32_t portId) override;
binder::Status releaseOutput(int32_t portId) override;
binder::Status getInputForAttr(const media::AudioAttributesInternal& attr, int32_t input,
- int32_t riid, int32_t session, int32_t pid, int32_t uid,
- const std::string& opPackageName,
+ int32_t riid, int32_t session,
+ const media::permission::Identity &identity,
const media::AudioConfigBase& config, int32_t flags,
int32_t selectedDeviceId,
media::GetInputForAttrResponse* _aidl_return) override;
@@ -339,7 +342,7 @@
bool isSupportedSystemUsage(audio_usage_t usage);
status_t validateUsage(audio_usage_t usage);
- status_t validateUsage(audio_usage_t usage, pid_t pid, uid_t uid);
+ status_t validateUsage(audio_usage_t usage, const media::permission::Identity& identity);
bool isUserSensorPrivacyEnabledForUid(uid_t uid);
@@ -784,18 +787,18 @@
class AudioClient : public virtual RefBase {
public:
AudioClient(const audio_attributes_t attributes,
- const audio_io_handle_t io, uid_t uid, pid_t pid,
+ const audio_io_handle_t io,
+ const media::permission::Identity& identity,
const audio_session_t session, audio_port_handle_t portId,
const audio_port_handle_t deviceId) :
- attributes(attributes), io(io), uid(uid), pid(pid),
+ attributes(attributes), io(io), identity(identity),
session(session), portId(portId), deviceId(deviceId), active(false) {}
~AudioClient() override = default;
const audio_attributes_t attributes; // source, flags ...
const audio_io_handle_t io; // audio HAL stream IO handle
- const uid_t uid; // client UID
- const pid_t pid; // client PID
+ const media::permission::Identity& identity; //client identity
const audio_session_t session; // audio session ID
const audio_port_handle_t portId;
const audio_port_handle_t deviceId; // selected input device port ID
@@ -808,16 +811,17 @@
class AudioRecordClient : public AudioClient {
public:
AudioRecordClient(const audio_attributes_t attributes,
- const audio_io_handle_t io, uid_t uid, pid_t pid,
+ const audio_io_handle_t io,
const audio_session_t session, audio_port_handle_t portId,
- const audio_port_handle_t deviceId, const String16& opPackageName,
+ const audio_port_handle_t deviceId,
+ const media::permission::Identity& identity,
bool canCaptureOutput, bool canCaptureHotword) :
- AudioClient(attributes, io, uid, pid, session, portId, deviceId),
- opPackageName(opPackageName), startTimeNs(0),
+ AudioClient(attributes, io, identity,
+ session, portId, deviceId), identity(identity), startTimeNs(0),
canCaptureOutput(canCaptureOutput), canCaptureHotword(canCaptureHotword) {}
~AudioRecordClient() override = default;
- const String16 opPackageName; // client package name
+ const media::permission::Identity identity; // identity of client
nsecs_t startTimeNs;
const bool canCaptureOutput;
const bool canCaptureHotword;
@@ -829,10 +833,11 @@
class AudioPlaybackClient : public AudioClient {
public:
AudioPlaybackClient(const audio_attributes_t attributes,
- const audio_io_handle_t io, uid_t uid, pid_t pid,
+ const audio_io_handle_t io, media::permission::Identity identity,
const audio_session_t session, audio_port_handle_t portId,
audio_port_handle_t deviceId, audio_stream_type_t stream) :
- AudioClient(attributes, io, uid, pid, session, portId, deviceId), stream(stream) {}
+ AudioClient(attributes, io, identity, session, portId,
+ deviceId), stream(stream) {}
~AudioPlaybackClient() override = default;
const audio_stream_type_t stream;
diff --git a/services/audiopolicy/tests/Android.bp b/services/audiopolicy/tests/Android.bp
index d10fcb9..f480210 100644
--- a/services/audiopolicy/tests/Android.bp
+++ b/services/audiopolicy/tests/Android.bp
@@ -25,6 +25,7 @@
"libmedia_helper",
"libutils",
"libxml2",
+ "media_permission-aidl-cpp",
],
static_libs: [
diff --git a/services/audiopolicy/tests/audiopolicymanager_tests.cpp b/services/audiopolicy/tests/audiopolicymanager_tests.cpp
index a8ede90..21ebac13 100644
--- a/services/audiopolicy/tests/audiopolicymanager_tests.cpp
+++ b/services/audiopolicy/tests/audiopolicymanager_tests.cpp
@@ -25,6 +25,7 @@
#define LOG_TAG "APM_Test"
#include <Serializer.h>
#include <android-base/file.h>
+#include <android/media/permission/Identity.h>
#include <media/AudioPolicy.h>
#include <media/PatchBuilder.h>
#include <media/RecordingActivityTracker.h>
@@ -39,6 +40,7 @@
using namespace android;
using testing::UnorderedElementsAre;
+using media::permission::Identity;
TEST(AudioPolicyManagerTestInit, EngineFailure) {
AudioPolicyTestClient client;
@@ -214,8 +216,11 @@
if (!portId) portId = &localPortId;
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::output_type_t outputType;
+ // TODO b/182392769: use identity util
+ Identity i = Identity();
+ i.uid = 0;
ASSERT_EQ(OK, mManager->getOutputForAttr(
- &attr, output, AUDIO_SESSION_NONE, &stream, 0 /*uid*/, &config, &flags,
+ &attr, output, AUDIO_SESSION_NONE, &stream, i, &config, &flags,
selectedDeviceId, portId, {}, &outputType));
ASSERT_NE(AUDIO_PORT_HANDLE_NONE, *portId);
ASSERT_NE(AUDIO_IO_HANDLE_NONE, *output);
@@ -239,8 +244,11 @@
if (!portId) portId = &localPortId;
*portId = AUDIO_PORT_HANDLE_NONE;
AudioPolicyInterface::input_type_t inputType;
+ // TODO b/182392769: use identity util
+ Identity i = Identity();
+ i.uid = 0;
ASSERT_EQ(OK, mManager->getInputForAttr(
- &attr, &input, riid, AUDIO_SESSION_NONE, 0 /*uid*/, &config, flags,
+ &attr, &input, riid, AUDIO_SESSION_NONE, i, &config, flags,
selectedDeviceId, &inputType, portId));
ASSERT_NE(AUDIO_PORT_HANDLE_NONE, *portId);
}