commit dcb162f3aed807d1e51f29e2454ade584439992e
author Eric Laurent <elaurent@google.com> Fri Jul 11 09:14:45 2014 -0700
committer Eric Laurent <elaurent@google.com> Wed Jul 16 17:48:26 2014 +0000
tree d5430215f699eb9feea7cdf01751dcc2c83da123
parent 671160ffe81592efa376dc1ff0fc3f4ddcdebc35

sound trigger: added permission checks

Add check for android.permission.CAPTURE_AUDIO_HOTWORD
to all sound trigger binder calls on server side.

Bug: 12378680.
Change-Id: Ic3fd70e947882cdf5f4d4a4fe609a2c5a8236fd5

services/soundtrigger/SoundTriggerHwService.cpp

diff --git a/services/soundtrigger/SoundTriggerHwService.cpp b/services/soundtrigger/SoundTriggerHwService.cpp
index 747af79..3654136 100644
--- a/services/soundtrigger/SoundTriggerHwService.cpp
+++ b/services/soundtrigger/SoundTriggerHwService.cpp
@@ -22,18 +22,18 @@
 #include <sys/types.h>
 #include <pthread.h>
 
+#include <system/sound_trigger.h>
+#include <cutils/atomic.h>
+#include <cutils/properties.h>
+#include <utils/Errors.h>
+#include <utils/Log.h>
 #include <binder/IServiceManager.h>
 #include <binder/MemoryBase.h>
 #include <binder/MemoryHeapBase.h>
-#include <cutils/atomic.h>
-#include <cutils/properties.h>
 #include <hardware/hardware.h>
-#include <utils/Errors.h>
-#include <utils/Log.h>
-
-#include "SoundTriggerHwService.h"
-#include <system/sound_trigger.h>
 #include <hardware/sound_trigger.h>
+#include <ServiceUtilities.h>
+#include "SoundTriggerHwService.h"
 
 namespace android {
 
@@ -103,6 +103,10 @@
                              uint32_t *numModules)
 {
     ALOGV("listModules");
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
+
     AutoMutex lock(mServiceLock);
     if (numModules == NULL || (*numModules != 0 && modules == NULL)) {
         return BAD_VALUE;
@@ -120,6 +124,10 @@
                         sp<ISoundTrigger>& moduleInterface)
 {
     ALOGV("attach module %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
+
     AutoMutex lock(mServiceLock);
     moduleInterface.clear();
     if (client == 0) {
@@ -139,8 +147,8 @@
 }
 
 void SoundTriggerHwService::detachModule(sp<Module> module) {
-    AutoMutex lock(mServiceLock);
     ALOGV("detachModule");
+    AutoMutex lock(mServiceLock);
     module->clearClient();
 }
 
@@ -310,6 +318,9 @@
 
 void SoundTriggerHwService::Module::detach() {
     ALOGV("detach()");
+    if (!captureHotwordAllowed()) {
+        return;
+    }
     {
         AutoMutex lock(mLock);
         for (size_t i = 0; i < mModels.size(); i++) {
@@ -337,6 +348,9 @@
                                 sound_model_handle_t *handle)
 {
     ALOGV("loadSoundModel() handle");
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     if (modelMemory == 0 || modelMemory->pointer() == NULL) {
         ALOGE("loadSoundModel() modelMemory is 0 or has NULL pointer()");
@@ -361,6 +375,9 @@
 status_t SoundTriggerHwService::Module::unloadSoundModel(sound_model_handle_t handle)
 {
     ALOGV("unloadSoundModel() model handle %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     AutoMutex lock(mLock);
     ssize_t index = mModels.indexOfKey(handle);
@@ -380,6 +397,9 @@
                                  const sp<IMemory>& dataMemory)
 {
     ALOGV("startRecognition() model handle %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     if (dataMemory != 0 && dataMemory->pointer() == NULL) {
         ALOGE("startRecognition() dataMemory is non-0 but has NULL pointer()");
@@ -415,6 +435,9 @@
 status_t SoundTriggerHwService::Module::stopRecognition(sound_model_handle_t handle)
 {
     ALOGV("stopRecognition() model handle %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     AutoMutex lock(mLock);
     sp<Model> model = getModel(handle);