Gitiles
Code Review Sign In
review.evervolv.com / android_frameworks_av / af63882e6a3519b734536072ed0b5c86edf82202 / . / media / utils / ServiceUtilities.cpp
blob: 491823ef4c4ce45f8441f35bc61a2469011b199b [file] [log] [blame]
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Eric Laurent9b11c022018-06-06 19:19:22 -0700[diff] [blame]17#define LOG_TAG "ServiceUtilities"
18
Andy Hunga85efab2019-12-23 11:41:29 -0800[diff] [blame]19#include <audio_utils/clock.h>
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]20#include <binder/AppOpsManager.h>
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]21#include <binder/IPCThreadState.h>
22#include <binder/IServiceManager.h>
23#include <binder/PermissionCache.h>
Andy Hungab7ef302018-05-15 19:35:29 -0700[diff] [blame]24#include "mediautils/ServiceUtilities.h"
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]25
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]26#include <iterator>
27#include <algorithm>
Andy Hunga85efab2019-12-23 11:41:29 -0800[diff] [blame]28#include <pwd.h>
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]29
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]30/* When performing permission checks we do not use permission cache for
31 * runtime permissions (protection level dangerous) as they may change at
32 * runtime. All other permissions (protection level normal and dangerous)
33 * can be cached as they never change. Of course all permission checked
34 * here are platform defined.
35 */
36
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]37namespace android {
38
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]39static const String16 sAndroidPermissionRecordAudio("android.permission.RECORD_AUDIO");
Eric Laurent42984412019-05-09 17:57:03 -0700[diff] [blame]40static const String16 sModifyPhoneState("android.permission.MODIFY_PHONE_STATE");
41static const String16 sModifyAudioRouting("android.permission.MODIFY_AUDIO_ROUTING");
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]42
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]43static String16 resolveCallingPackage(PermissionController& permissionController,
44 const String16& opPackageName, uid_t uid) {
45 if (opPackageName.size() > 0) {
46 return opPackageName;
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]47 }
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]48 // In some cases the calling code has no access to the package it runs under.
49 // For example, code using the wilhelm framework's OpenSL-ES APIs. In this
50 // case we will get the packages for the calling UID and pick the first one
51 // for attributing the app op. This will work correctly for runtime permissions
52 // as for legacy apps we will toggle the app op for all packages in the UID.
53 // The caveat is that the operation may be attributed to the wrong package and
54 // stats based on app ops may be slightly off.
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]55 Vector<String16> packages;
56 permissionController.getPackagesForUid(uid, packages);
57 if (packages.isEmpty()) {
58 ALOGE("No packages for uid %d", uid);
59 return opPackageName; // empty string
60 }
61 return packages[0];
62}
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]63
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]64static bool checkRecordingInternal(const String16& opPackageName, pid_t pid,
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]65 uid_t uid, bool start, bool isHotwordSource) {
Eric Laurent58a0dd82019-10-24 12:42:17 -0700[diff] [blame]66 // Okay to not track in app ops as audio server or media server is us and if
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]67 // device is rooted security model is considered compromised.
Jeffrey Carlyle62cc92b2019-09-17 11:15:15 -0700[diff] [blame]68 // system_server loses its RECORD_AUDIO permission when a secondary
69 // user is active, but it is a core system service so let it through.
70 // TODO(b/141210120): UserManager.DISALLOW_RECORD_AUDIO should not affect system user 0
Eric Laurent58a0dd82019-10-24 12:42:17 -0700[diff] [blame]71 if (isAudioServerOrMediaServerOrSystemServerOrRootUid(uid)) return true;
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]72
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]73 // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder)
74 // may open a record track on behalf of a client. Note that pid may be a tid.
75 // IMPORTANT: DON'T USE PermissionCache - RUNTIME PERMISSIONS CHANGE.
76 PermissionController permissionController;
77 const bool ok = permissionController.checkPermission(sAndroidPermissionRecordAudio, pid, uid);
78 if (!ok) {
79 ALOGE("Request requires %s", String8(sAndroidPermissionRecordAudio).c_str());
80 return false;
81 }
82
83 String16 resolvedOpPackageName = resolveCallingPackage(
84 permissionController, opPackageName, uid);
85 if (resolvedOpPackageName.size() == 0) {
86 return false;
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]87 }
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]88
89 AppOpsManager appOps;
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]90 const int32_t opRecordAudio = appOps.permissionToOpCode(sAndroidPermissionRecordAudio);
91
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]92 if (start) {
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]93 const int32_t op = isHotwordSource ?
94 AppOpsManager::OP_RECORD_AUDIO_HOTWORD : opRecordAudio;
Mikhail Naganov70ff2372020-12-07 22:18:49 +0000[diff] [blame]95 if (int32_t mode = appOps.startOpNoThrow(
96 op, uid, resolvedOpPackageName, /*startIfModeDefault*/ false);
97 mode != AppOpsManager::MODE_ALLOWED) {
98 ALOGE("Request start for \"%s\" (uid %d) denied by app op: %d, mode: %d",
99 String8(resolvedOpPackageName).c_str(), uid, op, mode);
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]100 return false;
101 }
102 } else {
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]103 // Always use OP_RECORD_AUDIO for checks at creation time.
104 if (int32_t mode = appOps.checkOp(opRecordAudio, uid, resolvedOpPackageName);
Mikhail Naganov70ff2372020-12-07 22:18:49 +0000[diff] [blame]105 mode != AppOpsManager::MODE_ALLOWED) {
106 ALOGE("Request check for \"%s\" (uid %d) denied by app op: %d, mode: %d",
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]107 String8(resolvedOpPackageName).c_str(), uid, opRecordAudio, mode);
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]108 return false;
109 }
Svetoslav Ganov599ec462018-03-01 22:19:55 +0000[diff] [blame]110 }
111
112 return true;
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]113}
114
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]115bool recordingAllowed(const String16& opPackageName, pid_t pid, uid_t uid) {
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]116 return checkRecordingInternal(opPackageName, pid, uid, /*start*/ false,
117 /*is_hotword_source*/ false);
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]118}
119
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]120bool startRecording(const String16& opPackageName, pid_t pid, uid_t uid, bool isHotwordSource) {
121 return checkRecordingInternal(opPackageName, pid, uid, /*start*/ true, isHotwordSource);
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]122}
123
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]124void finishRecording(const String16& opPackageName, uid_t uid, bool isHotwordSource) {
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]125 // Okay to not track in app ops as audio server is us and if
126 // device is rooted security model is considered compromised.
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame]127 if (isAudioServerOrRootUid(uid)) return;
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]128
129 PermissionController permissionController;
130 String16 resolvedOpPackageName = resolveCallingPackage(
131 permissionController, opPackageName, uid);
132 if (resolvedOpPackageName.size() == 0) {
133 return;
134 }
135
136 AppOpsManager appOps;
Narayan Kamathbf85d8b2020-08-20 17:19:57 +0100[diff] [blame]137 const int32_t op = isHotwordSource ? AppOpsManager::OP_RECORD_AUDIO_HOTWORD
138 : appOps.permissionToOpCode(sAndroidPermissionRecordAudio);
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]139 appOps.finishOp(op, uid, resolvedOpPackageName);
140}
141
Eric Laurentb2379ba2016-05-23 17:42:12 -0700[diff] [blame]142bool captureAudioOutputAllowed(pid_t pid, uid_t uid) {
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame]143 if (isAudioServerOrRootUid(uid)) return true;
Jeff Brown893a5642013-08-16 20:19:26 -0700[diff] [blame]144 static const String16 sCaptureAudioOutput("android.permission.CAPTURE_AUDIO_OUTPUT");
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]145 bool ok = PermissionCache::checkPermission(sCaptureAudioOutput, pid, uid);
Eric Laurent6ede98f2019-06-11 14:50:30 -0700[diff] [blame]146 if (!ok) ALOGV("Request requires android.permission.CAPTURE_AUDIO_OUTPUT");
Jeff Brown893a5642013-08-16 20:19:26 -0700[diff] [blame]147 return ok;
148}
149
Kevin Rocard36b17552019-03-07 18:48:07 -0800[diff] [blame]150bool captureMediaOutputAllowed(pid_t pid, uid_t uid) {
151 if (isAudioServerOrRootUid(uid)) return true;
152 static const String16 sCaptureMediaOutput("android.permission.CAPTURE_MEDIA_OUTPUT");
153 bool ok = PermissionCache::checkPermission(sCaptureMediaOutput, pid, uid);
154 if (!ok) ALOGE("Request requires android.permission.CAPTURE_MEDIA_OUTPUT");
155 return ok;
156}
157
Nadav Bardbf0a2e2020-01-16 23:09:25 +0200[diff] [blame]158bool captureVoiceCommunicationOutputAllowed(pid_t pid, uid_t uid) {
159 if (isAudioServerOrRootUid(uid)) return true;
160 static const String16 sCaptureVoiceCommOutput(
161 "android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT");
162 bool ok = PermissionCache::checkPermission(sCaptureVoiceCommOutput, pid, uid);
163 if (!ok) ALOGE("Request requires android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT");
164 return ok;
165}
166
jiabin68e0df72019-03-18 17:55:35 -0700[diff] [blame]167bool captureHotwordAllowed(const String16& opPackageName, pid_t pid, uid_t uid) {
Eric Laurent7504b9e2017-08-15 18:17:26 -0700[diff] [blame]168 // CAPTURE_AUDIO_HOTWORD permission implies RECORD_AUDIO permission
jiabin68e0df72019-03-18 17:55:35 -0700[diff] [blame]169 bool ok = recordingAllowed(opPackageName, pid, uid);
Eric Laurent7504b9e2017-08-15 18:17:26 -0700[diff] [blame]170
171 if (ok) {
172 static const String16 sCaptureHotwordAllowed("android.permission.CAPTURE_AUDIO_HOTWORD");
173 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
jiabin68e0df72019-03-18 17:55:35 -0700[diff] [blame]174 ok = PermissionCache::checkPermission(sCaptureHotwordAllowed, pid, uid);
Eric Laurent7504b9e2017-08-15 18:17:26 -0700[diff] [blame]175 }
Eric Laurent6ede98f2019-06-11 14:50:30 -0700[diff] [blame]176 if (!ok) ALOGV("android.permission.CAPTURE_AUDIO_HOTWORD");
Eric Laurent9a54bc22013-09-09 09:08:44 -0700[diff] [blame]177 return ok;
178}
179
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]180bool settingsAllowed() {
Andy Hung4ef19fa2018-05-15 19:35:29 -0700[diff] [blame]181 // given this is a permission check, could this be isAudioServerOrRootUid()?
182 if (isAudioServerUid(IPCThreadState::self()->getCallingUid())) return true;
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]183 static const String16 sAudioSettings("android.permission.MODIFY_AUDIO_SETTINGS");
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]184 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
185 bool ok = PermissionCache::checkCallingPermission(sAudioSettings);
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]186 if (!ok) ALOGE("Request requires android.permission.MODIFY_AUDIO_SETTINGS");
187 return ok;
188}
189
Eric Laurent5284ed52014-05-29 14:37:38 -0700[diff] [blame]190bool modifyAudioRoutingAllowed() {
Eric Laurent8a1095a2019-11-08 14:44:16 -0800[diff] [blame]191 return modifyAudioRoutingAllowed(
192 IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
193}
194
195bool modifyAudioRoutingAllowed(pid_t pid, uid_t uid) {
196 if (isAudioServerUid(IPCThreadState::self()->getCallingUid())) return true;
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]197 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
Eric Laurent8a1095a2019-11-08 14:44:16 -0800[diff] [blame]198 bool ok = PermissionCache::checkPermission(sModifyAudioRouting, pid, uid);
199 if (!ok) ALOGE("%s(): android.permission.MODIFY_AUDIO_ROUTING denied for uid %d",
200 __func__, uid);
Eric Laurent5284ed52014-05-29 14:37:38 -0700[diff] [blame]201 return ok;
202}
203
Ari Hausman-Cohen433722e2018-04-24 14:25:22 -0700[diff] [blame]204bool modifyDefaultAudioEffectsAllowed() {
Eric Laurent3f75a5b2019-11-12 15:55:51 -0800[diff] [blame]205 return modifyDefaultAudioEffectsAllowed(
206 IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
207}
208
209bool modifyDefaultAudioEffectsAllowed(pid_t pid, uid_t uid) {
210 if (isAudioServerUid(IPCThreadState::self()->getCallingUid())) return true;
211
Ari Hausman-Cohen433722e2018-04-24 14:25:22 -0700[diff] [blame]212 static const String16 sModifyDefaultAudioEffectsAllowed(
213 "android.permission.MODIFY_DEFAULT_AUDIO_EFFECTS");
214 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
Eric Laurent3f75a5b2019-11-12 15:55:51 -0800[diff] [blame]215 bool ok = PermissionCache::checkPermission(sModifyDefaultAudioEffectsAllowed, pid, uid);
216 ALOGE_IF(!ok, "%s(): android.permission.MODIFY_DEFAULT_AUDIO_EFFECTS denied for uid %d",
217 __func__, uid);
Ari Hausman-Cohen433722e2018-04-24 14:25:22 -0700[diff] [blame]218 return ok;
219}
220
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]221bool dumpAllowed() {
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]222 static const String16 sDump("android.permission.DUMP");
Svet Ganovbe71aa22015-04-28 12:06:02 -0700[diff] [blame]223 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]224 bool ok = PermissionCache::checkCallingPermission(sDump);
225 // convention is for caller to dump an error message to fd instead of logging here
226 //if (!ok) ALOGE("Request requires android.permission.DUMP");
227 return ok;
228}
229
Nadav Bar766fb022018-01-07 12:18:03 +0200[diff] [blame]230bool modifyPhoneStateAllowed(pid_t pid, uid_t uid) {
Svet Ganov5b81f552018-03-02 09:21:30 -0800[diff] [blame]231 bool ok = PermissionCache::checkPermission(sModifyPhoneState, pid, uid);
Eric Laurent42984412019-05-09 17:57:03 -0700[diff] [blame]232 ALOGE_IF(!ok, "Request requires %s", String8(sModifyPhoneState).c_str());
233 return ok;
234}
235
236// privileged behavior needed by Dialer, Settings, SetupWizard and CellBroadcastReceiver
237bool bypassInterruptionPolicyAllowed(pid_t pid, uid_t uid) {
238 static const String16 sWriteSecureSettings("android.permission.WRITE_SECURE_SETTINGS");
239 bool ok = PermissionCache::checkPermission(sModifyPhoneState, pid, uid)
240 || PermissionCache::checkPermission(sWriteSecureSettings, pid, uid)
241 || PermissionCache::checkPermission(sModifyAudioRouting, pid, uid);
242 ALOGE_IF(!ok, "Request requires %s or %s",
243 String8(sModifyPhoneState).c_str(), String8(sWriteSecureSettings).c_str());
Nadav Bar766fb022018-01-07 12:18:03 +0200[diff] [blame]244 return ok;
245}
246
Eric Laurent9b11c022018-06-06 19:19:22 -0700[diff] [blame]247status_t checkIMemory(const sp<IMemory>& iMemory)
248{
249 if (iMemory == 0) {
250 ALOGE("%s check failed: NULL IMemory pointer", __FUNCTION__);
251 return BAD_VALUE;
252 }
253
254 sp<IMemoryHeap> heap = iMemory->getMemory();
255 if (heap == 0) {
256 ALOGE("%s check failed: NULL heap pointer", __FUNCTION__);
257 return BAD_VALUE;
258 }
259
260 off_t size = lseek(heap->getHeapID(), 0, SEEK_END);
261 lseek(heap->getHeapID(), 0, SEEK_SET);
262
Ytai Ben-Tsvi7dd39722019-09-05 15:14:30 -0700[diff] [blame]263 if (iMemory->unsecurePointer() == NULL || size < (off_t)iMemory->size()) {
Eric Laurent9b11c022018-06-06 19:19:22 -0700[diff] [blame]264 ALOGE("%s check failed: pointer %p size %zu fd size %u",
Ytai Ben-Tsvi7dd39722019-09-05 15:14:30 -0700[diff] [blame]265 __FUNCTION__, iMemory->unsecurePointer(), iMemory->size(), (uint32_t)size);
Eric Laurent9b11c022018-06-06 19:19:22 -0700[diff] [blame]266 return BAD_VALUE;
267 }
268
269 return NO_ERROR;
270}
271
Ricardo Correa57a37692020-03-23 17:27:25 -0700[diff] [blame]272sp<content::pm::IPackageManagerNative> MediaPackageManager::retreivePackageManager() {
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]273 const sp<IServiceManager> sm = defaultServiceManager();
274 if (sm == nullptr) {
275 ALOGW("%s: failed to retrieve defaultServiceManager", __func__);
Ricardo Correa57a37692020-03-23 17:27:25 -0700[diff] [blame]276 return nullptr;
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]277 }
278 sp<IBinder> packageManager = sm->checkService(String16(nativePackageManagerName));
279 if (packageManager == nullptr) {
280 ALOGW("%s: failed to retrieve native package manager", __func__);
Ricardo Correa57a37692020-03-23 17:27:25 -0700[diff] [blame]281 return nullptr;
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]282 }
Ricardo Correa57a37692020-03-23 17:27:25 -0700[diff] [blame]283 return interface_cast<content::pm::IPackageManagerNative>(packageManager);
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]284}
285
286std::optional<bool> MediaPackageManager::doIsAllowed(uid_t uid) {
287 if (mPackageManager == nullptr) {
Ricardo Correa57a37692020-03-23 17:27:25 -0700[diff] [blame]288 /** Can not fetch package manager at construction it may not yet be registered. */
289 mPackageManager = retreivePackageManager();
290 if (mPackageManager == nullptr) {
291 ALOGW("%s: Playback capture is denied as package manager is not reachable", __func__);
292 return std::nullopt;
293 }
Kevin Rocard8be94972019-02-22 13:26:25 -0800[diff] [blame]294 }
295
296 std::vector<std::string> packageNames;
297 auto status = mPackageManager->getNamesForUids({(int32_t)uid}, &packageNames);
298 if (!status.isOk()) {
299 ALOGW("%s: Playback capture is denied for uid %u as the package names could not be "
300 "retrieved from the package manager: %s", __func__, uid, status.toString8().c_str());
301 return std::nullopt;
302 }
303 if (packageNames.empty()) {
304 ALOGW("%s: Playback capture for uid %u is denied as no package name could be retrieved "
305 "from the package manager: %s", __func__, uid, status.toString8().c_str());
306 return std::nullopt;
307 }
308 std::vector<bool> isAllowed;
309 status = mPackageManager->isAudioPlaybackCaptureAllowed(packageNames, &isAllowed);
310 if (!status.isOk()) {
311 ALOGW("%s: Playback capture is denied for uid %u as the manifest property could not be "
312 "retrieved from the package manager: %s", __func__, uid, status.toString8().c_str());
313 return std::nullopt;
314 }
315 if (packageNames.size() != isAllowed.size()) {
316 ALOGW("%s: Playback capture is denied for uid %u as the package manager returned incoherent"
317 " response size: %zu != %zu", __func__, uid, packageNames.size(), isAllowed.size());
318 return std::nullopt;
319 }
320
321 // Zip together packageNames and isAllowed for debug logs
322 Packages& packages = mDebugLog[uid];
323 packages.resize(packageNames.size()); // Reuse all objects
324 std::transform(begin(packageNames), end(packageNames), begin(isAllowed),
325 begin(packages), [] (auto& name, bool isAllowed) -> Package {
326 return {std::move(name), isAllowed};
327 });
328
329 // Only allow playback record if all packages in this UID allow it
330 bool playbackCaptureAllowed = std::all_of(begin(isAllowed), end(isAllowed),
331 [](bool b) { return b; });
332
333 return playbackCaptureAllowed;
334}
335
336void MediaPackageManager::dump(int fd, int spaces) const {
337 dprintf(fd, "%*sAllow playback capture log:\n", spaces, "");
338 if (mPackageManager == nullptr) {
339 dprintf(fd, "%*sNo package manager\n", spaces + 2, "");
340 }
341 dprintf(fd, "%*sPackage manager errors: %u\n", spaces + 2, "", mPackageManagerErrors);
342
343 for (const auto& uidCache : mDebugLog) {
344 for (const auto& package : std::get<Packages>(uidCache)) {
345 dprintf(fd, "%*s- uid=%5u, allowPlaybackCapture=%s, packageName=%s\n", spaces + 2, "",
346 std::get<const uid_t>(uidCache),
347 package.playbackCaptureAllowed ? "true " : "false",
348 package.name.c_str());
349 }
350 }
351}
352
Andy Hunga85efab2019-12-23 11:41:29 -0800[diff] [blame]353// How long we hold info before we re-fetch it (24 hours) if we found it previously.
354static constexpr nsecs_t INFO_EXPIRATION_NS = 24 * 60 * 60 * NANOS_PER_SECOND;
355// Maximum info records we retain before clearing everything.
356static constexpr size_t INFO_CACHE_MAX = 1000;
357
358// The original code is from MediaMetricsService.cpp.
359mediautils::UidInfo::Info mediautils::UidInfo::getInfo(uid_t uid)
360{
361 const nsecs_t now = systemTime(SYSTEM_TIME_REALTIME);
362 struct mediautils::UidInfo::Info info;
363 {
364 std::lock_guard _l(mLock);
365 auto it = mInfoMap.find(uid);
366 if (it != mInfoMap.end()) {
367 info = it->second;
368 ALOGV("%s: uid %d expiration %lld now %lld",
369 __func__, uid, (long long)info.expirationNs, (long long)now);
370 if (info.expirationNs <= now) {
371 // purge the stale entry and fall into re-fetching
372 ALOGV("%s: entry for uid %d expired, now %lld",
373 __func__, uid, (long long)now);
374 mInfoMap.erase(it);
375 info.uid = (uid_t)-1; // this is always fully overwritten
376 }
377 }
378 }
379
380 // if we did not find it in our map, look it up
381 if (info.uid == (uid_t)(-1)) {
382 sp<IServiceManager> sm = defaultServiceManager();
383 sp<content::pm::IPackageManagerNative> package_mgr;
384 if (sm.get() == nullptr) {
385 ALOGE("%s: Cannot find service manager", __func__);
386 } else {
387 sp<IBinder> binder = sm->getService(String16("package_native"));
388 if (binder.get() == nullptr) {
389 ALOGE("%s: Cannot find package_native", __func__);
390 } else {
391 package_mgr = interface_cast<content::pm::IPackageManagerNative>(binder);
392 }
393 }
394
395 // find package name
396 std::string pkg;
397 if (package_mgr != nullptr) {
398 std::vector<std::string> names;
399 binder::Status status = package_mgr->getNamesForUids({(int)uid}, &names);
400 if (!status.isOk()) {
401 ALOGE("%s: getNamesForUids failed: %s",
402 __func__, status.exceptionMessage().c_str());
403 } else {
404 if (!names[0].empty()) {
405 pkg = names[0].c_str();
406 }
407 }
408 }
409
410 if (pkg.empty()) {
411 struct passwd pw{}, *result;
412 char buf[8192]; // extra buffer space - should exceed what is
413 // required in struct passwd_pw (tested),
414 // and even then this is only used in backup
415 // when the package manager is unavailable.
416 if (getpwuid_r(uid, &pw, buf, sizeof(buf), &result) == 0
417 && result != nullptr
418 && result->pw_name != nullptr) {
419 pkg = result->pw_name;
420 }
421 }
422
423 // strip any leading "shared:" strings that came back
424 if (pkg.compare(0, 7, "shared:") == 0) {
425 pkg.erase(0, 7);
426 }
427
428 // determine how pkg was installed and the versionCode
429 std::string installer;
430 int64_t versionCode = 0;
431 bool notFound = false;
432 if (pkg.empty()) {
433 pkg = std::to_string(uid); // not found
434 notFound = true;
435 } else if (strchr(pkg.c_str(), '.') == nullptr) {
436 // not of form 'com.whatever...'; assume internal
437 // so we don't need to look it up in package manager.
Andy Hunge6a65ac2020-01-08 16:56:17 -0800[diff] [blame]438 } else if (strncmp(pkg.c_str(), "android.", 8) == 0) {
439 // android.* packages are assumed fine
Andy Hunga85efab2019-12-23 11:41:29 -0800[diff] [blame]440 } else if (package_mgr.get() != nullptr) {
441 String16 pkgName16(pkg.c_str());
442 binder::Status status = package_mgr->getInstallerForPackage(pkgName16, &installer);
443 if (!status.isOk()) {
444 ALOGE("%s: getInstallerForPackage failed: %s",
445 __func__, status.exceptionMessage().c_str());
446 }
447
448 // skip if we didn't get an installer
449 if (status.isOk()) {
450 status = package_mgr->getVersionCodeForPackage(pkgName16, &versionCode);
451 if (!status.isOk()) {
452 ALOGE("%s: getVersionCodeForPackage failed: %s",
453 __func__, status.exceptionMessage().c_str());
454 }
455 }
456
457 ALOGV("%s: package '%s' installed by '%s' versioncode %lld",
458 __func__, pkg.c_str(), installer.c_str(), (long long)versionCode);
459 }
460
461 // add it to the map, to save a subsequent lookup
462 std::lock_guard _l(mLock);
463 // first clear if we have too many cached elements. This would be rare.
464 if (mInfoMap.size() >= INFO_CACHE_MAX) mInfoMap.clear();
465
466 // always overwrite
467 info.uid = uid;
468 info.package = std::move(pkg);
469 info.installer = std::move(installer);
470 info.versionCode = versionCode;
471 info.expirationNs = now + (notFound ? 0 : INFO_EXPIRATION_NS);
472 ALOGV("%s: adding uid %d package '%s' expirationNs: %lld",
473 __func__, uid, info.package.c_str(), (long long)info.expirationNs);
474 mInfoMap[uid] = info;
475 }
476 return info;
477}
478
Glenn Kasten44deb052012-02-05 18:09:08 -0800[diff] [blame]479} // namespace android