Merge changes from topic "audio_hardening_reland" into main

    ],

    header_libs: [

        "libaudio_system_headers",

        "libcutils_headers",

        "liberror_headers",

    ],

    export_header_lib_headers: [

        "libaudio_system_headers",

        "liberror_headers",

    ],

    static_libs: [

    tidy_checks: [

        "android-*",

        "bugprone-*",

        "cert-*",

        "clang-analyzer-security*",

        "google-*",

        "misc-*",

        "modernize-*",

    tidy_checks_as_errors: [

        "android-*",

        "bugprone-*",

        "cert-*",

        "clang-analyzer-security*",

        "google-*",

        "misc-*",

        "modernize-*",

using ValidatedAttributionSourceState =

        com::android::media::permission::ValidatedAttributionSourceState;

/**

 * Tracking ops for the following uids are pointless -- system always has ops and isn't tracked,

 * and native only services don't have packages which is what appops tracks over.

 * So, we skip tracking, and always permit access.

 * Notable omissions are AID_SHELL, AID_RADIO, and AID_BLUETOOTH, which are non-app uids which

 * interface with us, but are associated with packages so can still be attributed to.

 */

inline bool skipOpsForUid(uid_t uid) {

    switch (uid % AID_USER_OFFSET) {

        case AID_ROOT:

        case AID_SYSTEM:

        case AID_MEDIA:

        case AID_AUDIOSERVER:

        case AID_CAMERASERVER:

            return true;

        default:

            return false;

    }

}

struct Ops {

    int attributedOp = -1;  // same as OP_NONE

    int additionalOp = -1;

/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once

#include <android-base/thread_annotations.h>

#include <binder/IAppOpsCallback.h>

#include <cutils/android_filesystem_config.h>

#include <log/log.h>

#include <system/audio.h>

#include <utils/RefBase.h>

namespace android::media::permission {

/**

 * Tracking ops for the following uids are pointless -- system always has ops and isn't tracked,

 * and native only services don't have packages which is what appops tracks over.

 * So, we skip tracking, and always permit access.

 * Notable omissions are AID_SHELL, AID_RADIO, and AID_BLUETOOTH, which are non-app uids which

 * interface with us, but are associated with packages so can still be attributed to.

 */

inline bool skipOpsForUid(uid_t uid) {

    switch (uid % AID_USER_OFFSET) {

        case AID_ROOT:

        case AID_SYSTEM:

        case AID_MEDIA:

        case AID_AUDIOSERVER:

        case AID_CAMERASERVER:

            return true;

        default:

            return false;

    }

}

inline bool isSystemUsage(audio_usage_t usage) {

    const std::array SYSTEM_USAGES{AUDIO_USAGE_CALL_ASSISTANT, AUDIO_USAGE_EMERGENCY,

                                   AUDIO_USAGE_SAFETY, AUDIO_USAGE_VEHICLE_STATUS,

                                   AUDIO_USAGE_ANNOUNCEMENT};

    return std::find(std::begin(SYSTEM_USAGES), std::end(SYSTEM_USAGES), usage) !=

           std::end(SYSTEM_USAGES);

}

}  // namespace android::media::permission

    // Restricted due to OP_PLAY_AUDIO

    virtual bool isPlaybackRestrictedOp() const = 0;

    // Restricted due to OP_AUDIO_CONTROL_SOFT

    // Restricted due to OP_AUDIO_CONTROL_PARTIAL

    virtual bool isPlaybackRestrictedControl() const = 0;

    virtual bool isPlaybackRestricted() const = 0;

#include <audio_utils/mutex.h>

#include <audio_utils/LinearMap.h>

#include <binder/AppOpsManager.h>

#include <media/AppOpsSession.h>

#include <utils/RWLock.h>

namespace android {

    bool isPlaybackRestrictedOp() const final {

        // The monitor is only created for tracks that can be silenced.

        return mOpPlayAudioMonitor ? !mOpPlayAudioMonitor->hasOpPlayAudio() : false;

        return mOpPlayAudioMonitor

                       ? !mOpPlayAudioMonitor->hasOpPlayAudio()

                       : false;

    }

    bool hasOpControlPartial() const {

        return mOpControlSession ? mHasOpControlPartial.load(std::memory_order_acquire) : true;

    }

    bool isPlaybackRestrictedControl() const final {

        return false;

        // return mOpAudioControlSoftMonitor ? !mOpAudioControlSoftMonitor->hasOp() : false;

        return !(mIsExemptedFromOpControl || hasOpControlPartial());

    }

    bool isPlaybackRestricted() const final {

    sp<OpPlayAudioMonitor>  mOpPlayAudioMonitor;

    // logically const

    std::optional<media::permission::AppOpsSession<media::permission::DefaultAppOpsFacade>>

            mOpControlSession;

    // logically const

    bool mIsExemptedFromOpControl = false;

    std::atomic<bool> mHasOpControlPartial {true};

    bool                mHapticPlaybackEnabled = false; // indicates haptic playback enabled or not

    // scale to play haptic data

    os::HapticScale mHapticScale = os::HapticScale::mute();