Merge "Update audio permission checking"

        "libaudiomanager",

        "libmedia_helper",

        "libmediametrics",

        "libmediautils",

    ],

    export_shared_lib_headers: ["libbinder"],

#include <binder/IPCThreadState.h>

#include <binder/Parcel.h>

#include <cutils/multiuser.h>

#include <media/TimeCheck.h>

#include <private/android_filesystem_config.h>

#include <mediautils/ServiceUtilities.h>

#include "IAudioFlinger.h"

namespace android {

        case SET_MIC_MUTE:

        case SET_LOW_RAM_DEVICE:

        case SYSTEM_READY: {

            if (multiuser_get_app_id(IPCThreadState::self()->getCallingUid()) >= AID_APP_START) {

            if (!isServiceUid(IPCThreadState::self()->getCallingUid())) {

                ALOGW("%s: transaction %d received from PID %d unauthorized UID %d",

                      __func__, code, IPCThreadState::self()->getCallingPid(),

                      IPCThreadState::self()->getCallingUid());

#include <binder/IPCThreadState.h>

#include <binder/Parcel.h>

#include <cutils/multiuser.h>

#include <media/AudioEffect.h>

#include <media/IAudioPolicyService.h>

#include <media/TimeCheck.h>

#include <private/android_filesystem_config.h>

#include <mediautils/ServiceUtilities.h>

#include <system/audio.h>

namespace android {

        case STOP_AUDIO_SOURCE:

        case GET_SURROUND_FORMATS:

        case SET_SURROUND_FORMAT_ENABLED: {

            if (multiuser_get_app_id(IPCThreadState::self()->getCallingUid()) >= AID_APP_START) {

            if (!isServiceUid(IPCThreadState::self()->getCallingUid())) {

                ALOGW("%s: transaction %d received from PID %d unauthorized UID %d",

                      __func__, code, IPCThreadState::self()->getCallingPid(),

                      IPCThreadState::self()->getCallingUid());

    ],

    shared_libs: [

        "libbinder",

        "libcutils",

        "liblog",

        "libutils",

        "libmemunreachable",

#include <binder/IPCThreadState.h>

#include <binder/IServiceManager.h>

#include <binder/PermissionCache.h>

#include <private/android_filesystem_config.h>

#include "mediautils/ServiceUtilities.h"

/* When performing permission checks we do not use permission cache for

static const String16 sAndroidPermissionRecordAudio("android.permission.RECORD_AUDIO");

// Not valid until initialized by AudioFlinger constructor.  It would have to be

// re-initialized if the process containing AudioFlinger service forks (which it doesn't).

// This is often used to validate binder interface calls within audioserver

// (e.g. AudioPolicyManager to AudioFlinger).

pid_t getpid_cached;

// A trusted calling UID may specify the client UID as part of a binder interface call.

// otherwise the calling UID must be equal to the client UID.

bool isTrustedCallingUid(uid_t uid) {

    switch (uid) {

    case AID_MEDIA:

    case AID_AUDIOSERVER:

        return true;

    default:

        return false;

    }

}

static String16 resolveCallingPackage(PermissionController& permissionController,

        const String16& opPackageName, uid_t uid) {

    if (opPackageName.size() > 0) {

    return packages[0];

}

static inline bool isAudioServerOrRoot(uid_t uid) {

    // AID_ROOT is OK for command-line tests.  Native unforked audioserver always OK.

    return uid == AID_ROOT || uid == AID_AUDIOSERVER ;

}

static bool checkRecordingInternal(const String16& opPackageName, pid_t pid,

        uid_t uid, bool start) {

    // Okay to not track in app ops as audio server is us and if

    // device is rooted security model is considered compromised.

    if (isAudioServerOrRoot(uid)) return true;

    if (isAudioServerOrRootUid(uid)) return true;

    // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder)

    // may open a record track on behalf of a client.  Note that pid may be a tid.

void finishRecording(const String16& opPackageName, uid_t uid) {

    // Okay to not track in app ops as audio server is us and if

    // device is rooted security model is considered compromised.

    if (isAudioServerOrRoot(uid)) return;

    if (isAudioServerOrRootUid(uid)) return;

    PermissionController permissionController;

    String16 resolvedOpPackageName = resolveCallingPackage(

}

bool captureAudioOutputAllowed(pid_t pid, uid_t uid) {

    if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true;

    if (isAudioServerOrRootUid(uid)) return true;

    static const String16 sCaptureAudioOutput("android.permission.CAPTURE_AUDIO_OUTPUT");

    bool ok = PermissionCache::checkPermission(sCaptureAudioOutput, pid, uid);

    if (!ok) ALOGE("Request requires android.permission.CAPTURE_AUDIO_OUTPUT");

}

bool settingsAllowed() {

    if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true;

    // given this is a permission check, could this be isAudioServerOrRootUid()?

    if (isAudioServerUid(IPCThreadState::self()->getCallingUid())) return true;

    static const String16 sAudioSettings("android.permission.MODIFY_AUDIO_SETTINGS");

    // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.

    bool ok = PermissionCache::checkCallingPermission(sAudioSettings);

}

bool dumpAllowed() {

    // don't optimize for same pid, since mediaserver never dumps itself

    static const String16 sDump("android.permission.DUMP");

    // IMPORTANT: Use PermissionCache - not a runtime permission and may not change.

    bool ok = PermissionCache::checkCallingPermission(sDump);