Run audio services in audioserver instead of mediaserver
audioflinger, audiopolicy, (fm) radio, soundtrigger moved to audioserver.
medialog is removed from mediaserver.
audioserver has same permissions and rights as mediaserver.
mediaserver is allowed to specify client uid to audioserver.
Subsequent CL will add medialog to audioserver.
TBD: Pare down permissions.
Bug: 24511453
Change-Id: Iccaa08b874a502710d142e72f8abbb3d97c44cfa
diff --git a/services/audioflinger/AudioFlinger.cpp b/services/audioflinger/AudioFlinger.cpp
index 385e0b9..462a676 100644
--- a/services/audioflinger/AudioFlinger.cpp
+++ b/services/audioflinger/AudioFlinger.cpp
@@ -1457,8 +1457,15 @@
cblk.clear();
buffers.clear();
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (!isTrustedCallingUid(callingUid)) {
+ ALOGW_IF(clientUid != callingUid,
+ "%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, clientUid);
+ clientUid = callingUid;
+ }
+
// check calling permissions
- if (!recordingAllowed(opPackageName)) {
+ if (!recordingAllowed(opPackageName, tid, clientUid)) {
ALOGE("openRecord() permission denied: recording not allowed");
lStatus = PERMISSION_DENIED;
goto Exit;
@@ -1508,7 +1515,6 @@
}
ALOGV("openRecord() lSessionId: %d input %d", lSessionId, input);
- // TODO: the uid should be passed in as a parameter to openRecord
recordTrack = thread->createRecordTrack_l(client, sampleRate, format, channelMask,
frameCount, lSessionId, notificationFrames,
clientUid, flags, tid, &lStatus);
@@ -2591,7 +2597,7 @@
// check recording permission for visualizer
if ((memcmp(&desc.type, SL_IID_VISUALIZATION, sizeof(effect_uuid_t)) == 0) &&
- !recordingAllowed(opPackageName)) {
+ !recordingAllowed(opPackageName, pid, IPCThreadState::self()->getCallingUid())) {
lStatus = PERMISSION_DENIED;
goto Exit;
}
diff --git a/services/audioflinger/ServiceUtilities.cpp b/services/audioflinger/ServiceUtilities.cpp
index 2e68dad..afc2440 100644
--- a/services/audioflinger/ServiceUtilities.cpp
+++ b/services/audioflinger/ServiceUtilities.cpp
@@ -32,29 +32,37 @@
// Not valid until initialized by AudioFlinger constructor. It would have to be
// re-initialized if the process containing AudioFlinger service forks (which it doesn't).
+// This is often used to validate binder interface calls within audioserver
+// (e.g. AudioPolicyManager to AudioFlinger).
pid_t getpid_cached;
-bool recordingAllowed(const String16& opPackageName) {
- // Note: We are getting the UID from the calling IPC thread state because all
- // clients that perform recording create AudioRecord in their own processes
- // and the system does not create AudioRecord objects on behalf of apps. This
- // differs from playback where in some situations the system recreates AudioTrack
- // instances associated with a client's MediaPlayer on behalf of this client.
- // In the latter case we have to store the client UID and pass in along for
- // security checks.
+// A trusted calling UID may specify the client UID as part of a binder interface call.
+// otherwise the calling UID must be equal to the client UID.
+bool isTrustedCallingUid(uid_t uid) {
+ switch (uid) {
+ case AID_MEDIA:
+ case AID_AUDIOSERVER:
+ return true;
+ default:
+ return false;
+ }
+}
+bool recordingAllowed(const String16& opPackageName, pid_t pid, uid_t uid) {
+ // we're always OK.
if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true;
+
static const String16 sRecordAudio("android.permission.RECORD_AUDIO");
+ // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder)
+ // may open a record track on behalf of a client. Note that pid may be a tid.
// IMPORTANT: Don't use PermissionCache - a runtime permission and may change.
- const bool ok = checkCallingPermission(sRecordAudio);
+ const bool ok = checkPermission(sRecordAudio, pid, uid);
if (!ok) {
ALOGE("Request requires android.permission.RECORD_AUDIO");
return false;
}
- const uid_t uid = IPCThreadState::self()->getCallingUid();
-
// To permit command-line native tests
if (uid == AID_ROOT) return true;
diff --git a/services/audioflinger/ServiceUtilities.h b/services/audioflinger/ServiceUtilities.h
index fba6dce..1e79553 100644
--- a/services/audioflinger/ServiceUtilities.h
+++ b/services/audioflinger/ServiceUtilities.h
@@ -19,8 +19,8 @@
namespace android {
extern pid_t getpid_cached;
-
-bool recordingAllowed(const String16& opPackageName);
+bool isTrustedCallingUid(uid_t uid);
+bool recordingAllowed(const String16& opPackageName, pid_t pid, uid_t uid);
bool captureAudioOutputAllowed();
bool captureHotwordAllowed();
bool settingsAllowed();
diff --git a/services/audioflinger/Threads.cpp b/services/audioflinger/Threads.cpp
index 553970b..4d3747a 100644
--- a/services/audioflinger/Threads.cpp
+++ b/services/audioflinger/Threads.cpp
@@ -914,14 +914,14 @@
status = mPowerManager->acquireWakeLockWithUid(POWERMANAGER_PARTIAL_WAKE_LOCK,
binder,
getWakeLockTag(),
- String16("media"),
+ String16("audioserver"),
uid,
true /* FIXME force oneway contrary to .aidl */);
} else {
status = mPowerManager->acquireWakeLock(POWERMANAGER_PARTIAL_WAKE_LOCK,
binder,
getWakeLockTag(),
- String16("media"),
+ String16("audioserver"),
true /* FIXME force oneway contrary to .aidl */);
}
if (status == NO_ERROR) {
diff --git a/services/audioflinger/Tracks.cpp b/services/audioflinger/Tracks.cpp
index 0e24b52..b1638ea 100644
--- a/services/audioflinger/Tracks.cpp
+++ b/services/audioflinger/Tracks.cpp
@@ -100,13 +100,11 @@
mType(type),
mThreadIoHandle(thread->id())
{
- // if the caller is us, trust the specified uid
- if (IPCThreadState::self()->getCallingPid() != getpid_cached || clientUid == -1) {
- int newclientUid = IPCThreadState::self()->getCallingUid();
- if (clientUid != -1 && clientUid != newclientUid) {
- ALOGW("uid %d tried to pass itself off as %d", newclientUid, clientUid);
- }
- clientUid = newclientUid;
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (!isTrustedCallingUid(callingUid) || clientUid == -1) {
+ ALOGW_IF(clientUid != -1 && clientUid != (int)callingUid,
+ "%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, clientUid);
+ clientUid = (int)callingUid;
}
// clientUid contains the uid of the app that is responsible for this track, so we can blame
// battery usage on it.
diff --git a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
index 41a3fcb..8c976aa 100644
--- a/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
+++ b/services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp
@@ -164,13 +164,11 @@
ALOGV("getOutput()");
Mutex::Autolock _l(mLock);
- // if the caller is us, trust the specified uid
- if (IPCThreadState::self()->getCallingPid() != getpid_cached || uid == (uid_t)-1) {
- uid_t newclientUid = IPCThreadState::self()->getCallingUid();
- if (uid != (uid_t)-1 && uid != newclientUid) {
- ALOGW("%s uid %d tried to pass itself off as %d", __FUNCTION__, newclientUid, uid);
- }
- uid = newclientUid;
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (!isTrustedCallingUid(callingUid) || uid == (uid_t)-1) {
+ ALOGW_IF(uid != (uid_t)-1 && uid != callingUid,
+ "%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, uid);
+ uid = callingUid;
}
return mAudioPolicyManager->getOutputForAttr(attr, output, session, stream, uid, samplingRate,
format, channelMask, flags, selectedDeviceId, offloadInfo);
@@ -284,13 +282,11 @@
sp<AudioPolicyEffects>audioPolicyEffects;
status_t status;
AudioPolicyInterface::input_type_t inputType;
- // if the caller is us, trust the specified uid
- if (IPCThreadState::self()->getCallingPid() != getpid_cached || uid == (uid_t)-1) {
- uid_t newclientUid = IPCThreadState::self()->getCallingUid();
- if (uid != (uid_t)-1 && uid != newclientUid) {
- ALOGW("%s uid %d tried to pass itself off as %d", __FUNCTION__, newclientUid, uid);
- }
- uid = newclientUid;
+ const uid_t callingUid = IPCThreadState::self()->getCallingUid();
+ if (!isTrustedCallingUid(callingUid) || uid == (uid_t)-1) {
+ ALOGW_IF(uid != (uid_t)-1 && uid != callingUid,
+ "%s uid %d tried to pass itself off as %d", __FUNCTION__, callingUid, uid);
+ uid = callingUid;
}
{