Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0039bcf0 authored by Christopher Wiley's avatar Christopher Wiley
Browse files

brillo: Rely on static SELinux policy for camera 

In Brillo, there are no applications, and SELinux policy can be
configured statically (at build time).  In this model, we control
access to the camera binder, and thus to the camera stack.

Bug: 26936651
Test: Brillo test camera client can connect to camera

Change-Id: I5207c2f78e4f36778b90aac29bf4317b62cbd3dd
parent e27e223d

services/camera/libcameraservice/CameraService.cpp

+26 −12
Original line number Diff line number Diff line
@@ -864,17 +864,6 @@ status_t CameraService::validateConnectLocked(const String8& cameraId, /*inout*/ 


    int callingPid = getCallingPid();



    if (clientUid == USE_CALLING_UID) {

        clientUid = getCallingUid();

    } else {

        // We only trust our own process to forward client UIDs

        if (callingPid != getpid()) {

            ALOGE("CameraService::connect X (PID %d) rejected (don't trust clientUid %d)",

                    callingPid, clientUid);

            return PERMISSION_DENIED;

        }

    }



    if (!mModule) {

        ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)",

                callingPid);
@@ -887,6 +876,31 @@ status_t CameraService::validateConnectLocked(const String8& cameraId, /*inout*/ 
        return -ENODEV;

    }



#if !defined(__BRILLO__)

    status_t allowed = validateClientPermissionsLocked(cameraId, clientUid);

    if (allowed != OK) {

        return allowed;

    }

#endif  // defined(__BRILLO__)



    return checkIfDeviceIsUsable(cameraId);

}



status_t CameraService::validateClientPermissionsLocked(const String8& cameraId, int& clientUid)

        const {

    int callingPid = getCallingPid();



    if (clientUid == USE_CALLING_UID) {

        clientUid = getCallingUid();

    } else {

        // We only trust our own process to forward client UIDs

        if (callingPid != getpid()) {

            ALOGE("CameraService::connect X (PID %d) rejected (don't trust clientUid %d)",

                    callingPid, clientUid);

            return PERMISSION_DENIED;

        }

    }



    // Check device policy for this camera

    char value[PROPERTY_VALUE_MAX];

    char key[PROPERTY_KEY_MAX];
@@ -909,7 +923,7 @@ status_t CameraService::validateConnectLocked(const String8& cameraId, /*inout*/ 
        return PERMISSION_DENIED;

    }



    return checkIfDeviceIsUsable(cameraId);

    return OK;

}



status_t CameraService::checkIfDeviceIsUsable(const String8& cameraId) const {

services/camera/libcameraservice/CameraService.h

+1 −0
Original line number Diff line number Diff line
@@ -482,6 +482,7 @@ private: 


    // Check if we can connect, before we acquire the service lock.

    status_t validateConnectLocked(const String8& cameraId, /*inout*/int& clientUid) const;

    status_t validateClientPermissionsLocked(const String8& cameraId, /*inout*/int& clientUid) const;



    // Handle active client evictions, and update service state.

    // Only call with with mServiceLock held.