Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2c656796 authored by Shuzhen Wang's avatar Shuzhen Wang
Browse files

Camera: Handle the case of calling Uid being cameraserver 

With HAL1-camera2 legacy implementation, the getCameraCharacteristics
may be called without camera permission. So the cameraserver's Uid is
used in that case.

AppOpsManager returns MODE_IGNORED when the cameraserver's Uid is passed.
Do not treat this as an error case.

Bug: 153511543
Test: On Pixel 2 device, run "adb root; adb shell setprop
persist.camera.HAL3.enabled 0; adb reboot", then "atest
cts/tests/camera/CaptureRequestTest"

Change-Id: I29aaa2045b14233537c737bf0738fbc32422540e
parent 7e540682

services/camera/libcameraservice/CameraService.cpp

+6 −2
Original line number Diff line number Diff line
@@ -2742,7 +2742,7 @@ CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService, 
        mClientPackageName(clientPackageName),

        mClientPid(clientPid), mClientUid(clientUid),

        mServicePid(servicePid),

        mDisconnected(false),

        mDisconnected(false), mUidIsTrusted(false),

        mAudioRestriction(hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_NONE),

        mRemoteBinder(remoteCallback)

{
@@ -2791,6 +2791,8 @@ CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService, 
    if (getCurrentServingCall() != BinderCallType::HWBINDER) {

        mAppOpsManager = std::make_unique<AppOpsManager>();

    }



    mUidIsTrusted = isTrustedCallingUid(mClientUid);

}



CameraService::BasicClient::~BasicClient() {
@@ -2905,7 +2907,9 @@ status_t CameraService::BasicClient::startCameraOps() { 
            return PERMISSION_DENIED;

        }



        if (res == AppOpsManager::MODE_IGNORED) {

        // If the calling Uid is trusted (a native service), the AppOpsManager could

        // return MODE_IGNORED. Do not treat such case as error.

        if (!mUidIsTrusted && res == AppOpsManager::MODE_IGNORED) {

            ALOGI("Camera %s: Access for \"%s\" has been restricted",

                    mCameraIdStr.string(), String8(mClientPackageName).string());

            // Return the same error as for device policy manager rejection

services/camera/libcameraservice/CameraService.h

+1 −0
Original line number Diff line number Diff line
@@ -323,6 +323,7 @@ public: 
        const uid_t                     mClientUid;

        const pid_t                     mServicePid;

        bool                            mDisconnected;

        bool                            mUidIsTrusted;



        mutable Mutex                   mAudioRestrictionLock;

        int32_t                         mAudioRestriction;

services/camera/libcameraservice/api2/CameraOfflineSessionClient.cpp

+3 −1
Original line number Diff line number Diff line
@@ -197,7 +197,9 @@ status_t CameraOfflineSessionClient::startCameraOps() { 
            return PERMISSION_DENIED;

        }



        if (res == AppOpsManager::MODE_IGNORED) {

        // If the calling Uid is trusted (a native service), the AppOpsManager could

        // return MODE_IGNORED. Do not treat such case as error.

        if (!mUidIsTrusted && res == AppOpsManager::MODE_IGNORED) {

            ALOGI("Offline Camera %s: Access for \"%s\" has been restricted",

                    mCameraIdStr.string(), String8(mClientPackageName).string());

            // Return the same error as for device policy manager rejection