Camera: Change error for app ops reject, propagate binder errors

INVALID_OPERATION surfaces as an non-specific device-level error to
applications in the onError callback. This is not a condition apps
targeting camera2 in L will generally have to deal with.

Instead, return -EACCESS which maps to throwing
CameraAccessException.CAMERA_DISABLED, same as disabling camera access
with DevicePolicyManager.

The old camera API converts any error code to -EACCESS at the JNI layer,
so this doesn't change anything for the older API.

Also update the various native ICameraService binder connect calls to
check for the transact error code, and return it if it is not OK.
Without this, PERMISSION_DENIED transact errors from the camera
service cannot be distinguished from CAMERA_DISABLED errors in
some codepaths.

Bug: 21604925
Change-Id: Ifccc8989b8c20653429e2d3e51dba7abb2be9c35

1 files changed, 2 insertions, 1 deletions

diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index 6f073ed..f42fada 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -1864,7 +1864,8 @@ status_t CameraService::BasicClient::startCameraOps() {
     if (res == AppOpsManager::MODE_IGNORED) {
         ALOGI("Camera %d: Access for \"%s\" has been restricted",
                 mCameraId, String8(mClientPackageName).string());
-        return INVALID_OPERATION;
+        // Return the same error as for device policy manager rejection
+        return -EACCES;
     }
 
     mOpsActive = true;