From 280405a138a0068694f3c39b4290f510173133d9 Mon Sep 17 00:00:00 2001 From: Svetoslav Ganov Date: Tue, 12 May 2015 02:19:27 +0000 Subject: Revert "Add camera app op - camera" This is not needed duplication of work This reverts commit 32fa6d0e65dbf956e253a1006e9419dce2fe75c9. Change-Id: I2c81b0dacb2ed99c408c79c1f9e22a4baa564494 --- services/camera/libcameraservice/CameraService.cpp | 120 ++++++++------------- services/camera/libcameraservice/CameraService.h | 22 ++-- .../libcameraservice/common/Camera2ClientBase.cpp | 2 +- 3 files changed, 55 insertions(+), 89 deletions(-) (limited to 'services/camera/libcameraservice') diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp index 3f80faf..e28464d 100644 --- a/services/camera/libcameraservice/CameraService.cpp +++ b/services/camera/libcameraservice/CameraService.cpp @@ -1057,24 +1057,19 @@ status_t CameraService::handleEvictionsLocked(const String8& cameraId, int clien status_t CameraService::connect( const sp& cameraClient, int cameraId, - const String16& opPackageName, + const String16& clientPackageName, int clientUid, /*out*/ sp& device) { - const status_t result = checkCameraAccess(opPackageName); - if (result != NO_ERROR) { - return result; - } - status_t ret = NO_ERROR; String8 id = String8::format("%d", cameraId); sp client = nullptr; ret = connectHelper(cameraClient, id, CAMERA_HAL_API_VERSION_UNSPECIFIED, - opPackageName, clientUid, API_1, false, false, /*out*/client); + clientPackageName, clientUid, API_1, false, false, /*out*/client); if(ret != NO_ERROR) { - logRejected(id, getCallingPid(), String8(opPackageName), + logRejected(id, getCallingPid(), String8(clientPackageName), String8::format("%s (%d)", strerror(-ret), ret)); return ret; } @@ -1086,16 +1081,11 @@ status_t CameraService::connect( status_t CameraService::connectLegacy( const sp& cameraClient, int cameraId, int halVersion, - const String16& opPackageName, + const String16& clientPackageName, int clientUid, /*out*/ sp& device) { - const status_t result = checkCameraAccess(opPackageName); - if (result != NO_ERROR) { - return result; - } - String8 id = String8::format("%d", cameraId); int apiVersion = mModule->getModuleApiVersion(); if (halVersion != CAMERA_HAL_API_VERSION_UNSPECIFIED && @@ -1108,18 +1098,18 @@ status_t CameraService::connectLegacy( */ ALOGE("%s: camera HAL module version %x doesn't support connecting to legacy HAL devices!", __FUNCTION__, apiVersion); - logRejected(id, getCallingPid(), String8(opPackageName), + logRejected(id, getCallingPid(), String8(clientPackageName), String8("HAL module version doesn't support legacy HAL connections")); return INVALID_OPERATION; } status_t ret = NO_ERROR; sp client = nullptr; - ret = connectHelper(cameraClient, id, halVersion, opPackageName, + ret = connectHelper(cameraClient, id, halVersion, clientPackageName, clientUid, API_1, true, false, /*out*/client); if(ret != NO_ERROR) { - logRejected(id, getCallingPid(), String8(opPackageName), + logRejected(id, getCallingPid(), String8(clientPackageName), String8::format("%s (%d)", strerror(-ret), ret)); return ret; } @@ -1131,25 +1121,20 @@ status_t CameraService::connectLegacy( status_t CameraService::connectDevice( const sp& cameraCb, int cameraId, - const String16& opPackageName, + const String16& clientPackageName, int clientUid, /*out*/ sp& device) { - const status_t result = checkCameraAccess(opPackageName); - if (result != NO_ERROR) { - return result; - } - status_t ret = NO_ERROR; String8 id = String8::format("%d", cameraId); sp client = nullptr; ret = connectHelper(cameraCb, id, - CAMERA_HAL_API_VERSION_UNSPECIFIED, opPackageName, clientUid, API_2, false, false, + CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName, clientUid, API_2, false, false, /*out*/client); if(ret != NO_ERROR) { - logRejected(id, getCallingPid(), String8(opPackageName), + logRejected(id, getCallingPid(), String8(clientPackageName), String8::format("%s (%d)", strerror(-ret), ret)); return ret; } @@ -1544,24 +1529,24 @@ void CameraService::logEvent(const char* event) { } void CameraService::logDisconnected(const char* cameraId, int clientPid, - const char* opPackageName) { + const char* clientPackage) { // Log the clients evicted logEvent(String8::format("DISCONNECT device %s client for package %s (PID %d)", cameraId, - opPackageName, clientPid)); + clientPackage, clientPid)); } void CameraService::logConnected(const char* cameraId, int clientPid, - const char* opPackageName) { + const char* clientPackage) { // Log the clients evicted logEvent(String8::format("CONNECT device %s client for package %s (PID %d)", cameraId, - opPackageName, clientPid)); + clientPackage, clientPid)); } void CameraService::logRejected(const char* cameraId, int clientPid, - const char* opPackageName, const char* reason) { + const char* clientPackage, const char* reason) { // Log the client rejected logEvent(String8::format("REJECT device %s client for package %s (PID %d), reason: (%s)", - cameraId, opPackageName, clientPid, reason)); + cameraId, clientPackage, clientPid, reason)); } void CameraService::logUserSwitch(int oldUserId, int newUserId) { @@ -1598,6 +1583,21 @@ status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* re // Permission checks switch (code) { + case BnCameraService::CONNECT: + case BnCameraService::CONNECT_DEVICE: + case BnCameraService::CONNECT_LEGACY: { + if (pid != selfPid) { + // we're called from a different process, do the real check + if (!checkCallingPermission( + String16("android.permission.CAMERA"))) { + const int uid = getCallingUid(); + ALOGE("Permission Denial: " + "can't use the camera pid=%d, uid=%d", pid, uid); + return PERMISSION_DENIED; + } + } + break; + } case BnCameraService::NOTIFY_SYSTEM_EVENT: { if (pid != selfPid) { // Ensure we're being called by system_server, or similar process with @@ -1617,38 +1617,6 @@ status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* re return BnCameraService::onTransact(code, data, reply, flags); } -status_t CameraService::checkCameraAccess(const String16& opPackageName) { - const int pid = getCallingPid(); - - if (pid == getpid()) { - return NO_ERROR; - } - - const int uid = getCallingUid(); - - if (!checkCallingPermission(String16("android.permission.CAMERA"))) { - ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", pid, uid); - return PERMISSION_DENIED; - } - - AppOpsManager appOps; - const int32_t result = appOps.noteOp(AppOpsManager::OP_CAMERA, uid, opPackageName); - - switch (result) { - case AppOpsManager::MODE_ERRORED: { - ALOGE("App op OP_CAMERA errored: can't use the camera pid=%d, uid=%d", pid, uid); - return PERMISSION_DENIED; - } break; - - case AppOpsManager::MODE_IGNORED: { - ALOGE("App op OP_CAMERA ignored: can't use the camera pid=%d, uid=%d", pid, uid); - return INVALID_OPERATION; - } break; - } - - return NO_ERROR; -} - // We share the media players for shutter and recording sound for all clients. // A reference count is kept to determine when we will actually release the // media players. @@ -1701,13 +1669,13 @@ void CameraService::playSound(sound_kind kind) { CameraService::Client::Client(const sp& cameraService, const sp& cameraClient, - const String16& opPackageName, + const String16& clientPackageName, int cameraId, int cameraFacing, int clientPid, uid_t clientUid, int servicePid) : CameraService::BasicClient(cameraService, IInterface::asBinder(cameraClient), - opPackageName, + clientPackageName, cameraId, cameraFacing, clientPid, clientUid, servicePid) @@ -1734,11 +1702,11 @@ CameraService::Client::~Client() { CameraService::BasicClient::BasicClient(const sp& cameraService, const sp& remoteCallback, - const String16& opPackageName, + const String16& clientPackageName, int cameraId, int cameraFacing, int clientPid, uid_t clientUid, int servicePid): - mOpPackageName(opPackageName), mDisconnected(false) + mClientPackageName(clientPackageName), mDisconnected(false) { mCameraService = cameraService; mRemoteBinder = remoteCallback; @@ -1766,7 +1734,7 @@ void CameraService::BasicClient::disconnect() { mCameraService->removeByClient(this); mCameraService->logDisconnected(String8::format("%d", mCameraId), mClientPid, - String8(mOpPackageName)); + String8(mClientPackageName)); sp remote = getRemote(); if (remote != nullptr) { @@ -1781,7 +1749,7 @@ void CameraService::BasicClient::disconnect() { } String16 CameraService::BasicClient::getPackageName() const { - return mOpPackageName; + return mClientPackageName; } @@ -1801,17 +1769,17 @@ status_t CameraService::BasicClient::startCameraOps() { { ALOGV("%s: Start camera ops, package name = %s, client UID = %d", - __FUNCTION__, String8(mOpPackageName).string(), mClientUid); + __FUNCTION__, String8(mClientPackageName).string(), mClientUid); } mAppOpsManager.startWatchingMode(AppOpsManager::OP_CAMERA, - mOpPackageName, mOpsCallback); + mClientPackageName, mOpsCallback); res = mAppOpsManager.startOp(AppOpsManager::OP_CAMERA, - mClientUid, mOpPackageName); + mClientUid, mClientPackageName); if (res != AppOpsManager::MODE_ALLOWED) { ALOGI("Camera %d: Access for \"%s\" has been revoked", - mCameraId, String8(mOpPackageName).string()); + mCameraId, String8(mClientPackageName).string()); return PERMISSION_DENIED; } @@ -1829,7 +1797,7 @@ status_t CameraService::BasicClient::finishCameraOps() { if (mOpsActive) { // Notify app ops that the camera is available again mAppOpsManager.finishOp(AppOpsManager::OP_CAMERA, mClientUid, - mOpPackageName); + mClientPackageName); mOpsActive = false; auto rejected = {ICameraServiceListener::STATUS_NOT_PRESENT, @@ -1854,7 +1822,7 @@ status_t CameraService::BasicClient::finishCameraOps() { void CameraService::BasicClient::opChanged(int32_t op, const String16& packageName) { String8 name(packageName); - String8 myName(mOpPackageName); + String8 myName(mClientPackageName); if (op != AppOpsManager::OP_CAMERA) { ALOGW("Unexpected app ops notification received: %d", op); @@ -1863,7 +1831,7 @@ void CameraService::BasicClient::opChanged(int32_t op, const String16& packageNa int32_t res; res = mAppOpsManager.checkOp(AppOpsManager::OP_CAMERA, - mClientUid, mOpPackageName); + mClientUid, mClientPackageName); ALOGV("checkOp returns: %d, %s ", res, res == AppOpsManager::MODE_ALLOWED ? "ALLOWED" : res == AppOpsManager::MODE_IGNORED ? "IGNORED" : diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h index 502fcfa..a8b4c4a 100644 --- a/services/camera/libcameraservice/CameraService.h +++ b/services/camera/libcameraservice/CameraService.h @@ -126,19 +126,19 @@ public: virtual status_t getCameraVendorTagDescriptor(/*out*/ sp& desc); virtual status_t connect(const sp& cameraClient, int cameraId, - const String16& opPackageName, int clientUid, + const String16& clientPackageName, int clientUid, /*out*/ sp& device); virtual status_t connectLegacy(const sp& cameraClient, int cameraId, - int halVersion, const String16& opPackageName, int clientUid, + int halVersion, const String16& clientPackageName, int clientUid, /*out*/ sp& device); virtual status_t connectDevice( const sp& cameraCb, int cameraId, - const String16& opPackageName, + const String16& clientPackageName, int clientUid, /*out*/ sp& device); @@ -223,7 +223,7 @@ public: protected: BasicClient(const sp& cameraService, const sp& remoteCallback, - const String16& opPackageName, + const String16& clientPackageName, int cameraId, int cameraFacing, int clientPid, @@ -242,7 +242,7 @@ public: sp mCameraService; // immutable after constructor int mCameraId; // immutable after constructor int mCameraFacing; // immutable after constructor - const String16 mOpPackageName; + const String16 mClientPackageName; pid_t mClientPid; uid_t mClientUid; // immutable after constructor pid_t mServicePid; // immutable after constructor @@ -309,7 +309,7 @@ public: // Interface used by CameraService Client(const sp& cameraService, const sp& cameraClient, - const String16& opPackageName, + const String16& clientPackageName, int cameraId, int cameraFacing, int clientPid, @@ -480,7 +480,7 @@ private: // Single implementation shared between the various connect calls template status_t connectHelper(const sp& cameraCb, const String8& cameraId, int halVersion, - const String16& opPackageName, int clientUid, apiLevel effectiveApiLevel, + const String16& clientPackageName, int clientUid, apiLevel effectiveApiLevel, bool legacyMode, bool shimUpdateOnly, /*out*/sp& device); @@ -713,8 +713,6 @@ private: int facing, int clientPid, uid_t clientUid, int servicePid, bool legacyMode, int halVersion, int deviceVersion, apiLevel effectiveApiLevel, /*out*/sp* client); - - status_t checkCameraAccess(const String16& opPackageName); }; template @@ -763,11 +761,11 @@ void CameraService::CameraState::updateStatus(ICameraServiceListener::Status sta template status_t CameraService::connectHelper(const sp& cameraCb, const String8& cameraId, - int halVersion, const String16& opPackageName, int clientUid, + int halVersion, const String16& clientPackageName, int clientUid, apiLevel effectiveApiLevel, bool legacyMode, bool shimUpdateOnly, /*out*/sp& device) { status_t ret = NO_ERROR; - String8 clientName8(opPackageName); + String8 clientName8(clientPackageName); int clientPid = getCallingPid(); ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) for HAL version %s and " @@ -838,7 +836,7 @@ status_t CameraService::connectHelper(const sp& cameraCb, const String int facing = -1; int deviceVersion = getDeviceVersion(id, /*out*/&facing); sp tmp = nullptr; - if((ret = makeClient(this, cameraCb, opPackageName, cameraId, facing, clientPid, + if((ret = makeClient(this, cameraCb, clientPackageName, cameraId, facing, clientPid, clientUid, getpid(), legacyMode, halVersion, deviceVersion, effectiveApiLevel, /*out*/&tmp)) != NO_ERROR) { return ret; diff --git a/services/camera/libcameraservice/common/Camera2ClientBase.cpp b/services/camera/libcameraservice/common/Camera2ClientBase.cpp index 9b2e143..ba0b264 100644 --- a/services/camera/libcameraservice/common/Camera2ClientBase.cpp +++ b/services/camera/libcameraservice/common/Camera2ClientBase.cpp @@ -118,7 +118,7 @@ Camera2ClientBase::~Camera2ClientBase() { ALOGI("Closed Camera %d. Client was: %s (PID %d, UID %u)", TClientBase::mCameraId, - String8(TClientBase::mOpPackageName).string(), + String8(TClientBase::mClientPackageName).string(), mInitialClientPid, TClientBase::mClientUid); } -- cgit v1.1