From dcb162f3aed807d1e51f29e2454ade584439992e Mon Sep 17 00:00:00 2001
From: Eric Laurent <elaurent@google.com>
Date: Fri, 11 Jul 2014 09:14:45 -0700
Subject: sound trigger: added permission checks

Add check for android.permission.CAPTURE_AUDIO_HOTWORD
to all sound trigger binder calls on server side.

Bug: 12378680.
Change-Id: Ic3fd70e947882cdf5f4d4a4fe609a2c5a8236fd5
---
 services/soundtrigger/Android.mk                |  5 +++-
 services/soundtrigger/SoundTriggerHwService.cpp | 39 ++++++++++++++++++++-----
 2 files changed, 35 insertions(+), 9 deletions(-)

(limited to 'services/soundtrigger')

diff --git a/services/soundtrigger/Android.mk b/services/soundtrigger/Android.mk
index b7ccaab..51eb845 100644
--- a/services/soundtrigger/Android.mk
+++ b/services/soundtrigger/Android.mk
@@ -33,8 +33,11 @@ LOCAL_SHARED_LIBRARIES:= \
     libhardware \
     libsoundtrigger
 
-#LOCAL_C_INCLUDES += \
+LOCAL_STATIC_LIBRARIES := \
+    libserviceutility
 
+LOCAL_C_INCLUDES += \
+    $(TOPDIR)frameworks/av/services/audioflinger
 
 LOCAL_MODULE:= libsoundtriggerservice
 
diff --git a/services/soundtrigger/SoundTriggerHwService.cpp b/services/soundtrigger/SoundTriggerHwService.cpp
index 747af79..3654136 100644
--- a/services/soundtrigger/SoundTriggerHwService.cpp
+++ b/services/soundtrigger/SoundTriggerHwService.cpp
@@ -22,18 +22,18 @@
 #include <sys/types.h>
 #include <pthread.h>
 
-#include <binder/IServiceManager.h>
-#include <binder/MemoryBase.h>
-#include <binder/MemoryHeapBase.h>
+#include <system/sound_trigger.h>
 #include <cutils/atomic.h>
 #include <cutils/properties.h>
-#include <hardware/hardware.h>
 #include <utils/Errors.h>
 #include <utils/Log.h>
-
-#include "SoundTriggerHwService.h"
-#include <system/sound_trigger.h>
+#include <binder/IServiceManager.h>
+#include <binder/MemoryBase.h>
+#include <binder/MemoryHeapBase.h>
+#include <hardware/hardware.h>
 #include <hardware/sound_trigger.h>
+#include <ServiceUtilities.h>
+#include "SoundTriggerHwService.h"
 
 namespace android {
 
@@ -103,6 +103,10 @@ status_t SoundTriggerHwService::listModules(struct sound_trigger_module_descript
                              uint32_t *numModules)
 {
     ALOGV("listModules");
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
+
     AutoMutex lock(mServiceLock);
     if (numModules == NULL || (*numModules != 0 && modules == NULL)) {
         return BAD_VALUE;
@@ -120,6 +124,10 @@ status_t SoundTriggerHwService::attach(const sound_trigger_module_handle_t handl
                         sp<ISoundTrigger>& moduleInterface)
 {
     ALOGV("attach module %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
+
     AutoMutex lock(mServiceLock);
     moduleInterface.clear();
     if (client == 0) {
@@ -139,8 +147,8 @@ status_t SoundTriggerHwService::attach(const sound_trigger_module_handle_t handl
 }
 
 void SoundTriggerHwService::detachModule(sp<Module> module) {
-    AutoMutex lock(mServiceLock);
     ALOGV("detachModule");
+    AutoMutex lock(mServiceLock);
     module->clearClient();
 }
 
@@ -310,6 +318,9 @@ SoundTriggerHwService::Module::~Module() {
 
 void SoundTriggerHwService::Module::detach() {
     ALOGV("detach()");
+    if (!captureHotwordAllowed()) {
+        return;
+    }
     {
         AutoMutex lock(mLock);
         for (size_t i = 0; i < mModels.size(); i++) {
@@ -337,6 +348,9 @@ status_t SoundTriggerHwService::Module::loadSoundModel(const sp<IMemory>& modelM
                                 sound_model_handle_t *handle)
 {
     ALOGV("loadSoundModel() handle");
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     if (modelMemory == 0 || modelMemory->pointer() == NULL) {
         ALOGE("loadSoundModel() modelMemory is 0 or has NULL pointer()");
@@ -361,6 +375,9 @@ status_t SoundTriggerHwService::Module::loadSoundModel(const sp<IMemory>& modelM
 status_t SoundTriggerHwService::Module::unloadSoundModel(sound_model_handle_t handle)
 {
     ALOGV("unloadSoundModel() model handle %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     AutoMutex lock(mLock);
     ssize_t index = mModels.indexOfKey(handle);
@@ -380,6 +397,9 @@ status_t SoundTriggerHwService::Module::startRecognition(sound_model_handle_t ha
                                  const sp<IMemory>& dataMemory)
 {
     ALOGV("startRecognition() model handle %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     if (dataMemory != 0 && dataMemory->pointer() == NULL) {
         ALOGE("startRecognition() dataMemory is non-0 but has NULL pointer()");
@@ -415,6 +435,9 @@ status_t SoundTriggerHwService::Module::startRecognition(sound_model_handle_t ha
 status_t SoundTriggerHwService::Module::stopRecognition(sound_model_handle_t handle)
 {
     ALOGV("stopRecognition() model handle %d", handle);
+    if (!captureHotwordAllowed()) {
+        return PERMISSION_DENIED;
+    }
 
     AutoMutex lock(mLock);
     sp<Model> model = getModel(handle);
-- 
cgit v1.1