Merge tag 'android-security-15.0.0_r10' into staging/lineage-22.2_merge-android-security-15.0.0_r10 (2ff01e68) · Commits · e / os / android_frameworks_av

media/utils/ServiceUtilities.cpp

+20 −1

Original line number	Diff line number	Diff line
		@@ -172,9 +172,28 @@ static int checkRecordingInternal(const AttributionSourceState &attributionSourc
		permission::PermissionChecker permissionChecker;
		int permitted;
		if (start) {
		// Do a double-check, where we first check without actually starting in order to handle
		// the behavior of AppOps where ops are sometimes started but paused for SOFT_DENIED.
		// Since there is no way to maintain reference consensus due to this behavior, avoid
		// starting an op when a restriction is in place by first checking. In the case where we
		// startOp would fail, call a noteOp (which will also fail) instead. This preserves
		// behavior that is reliant on listening to op rejected events (such as the hint
		// dialogue to unmute the microphone). Technically racy, but very unlikely.
		//
		// TODO(b/294609684) To be removed when the pause state for an OP is removed.
		permitted = permissionChecker.checkPermissionForPreflightFromDatasource(
		sAndroidPermissionRecordAudio, resolvedAttributionSource.value(), msg,
		attributedOpCode);
		if (permitted == PERMISSION_GRANTED) {
		permitted = permissionChecker.checkPermissionForStartDataDeliveryFromDatasource(
		sAndroidPermissionRecordAudio, resolvedAttributionSource.value(), msg,
		attributedOpCode);
		} else {
		// intentionally don't set permitted
		permissionChecker.checkPermissionForDataDeliveryFromDatasource(
		sAndroidPermissionRecordAudio, resolvedAttributionSource.value(), msg,
		attributedOpCode);
		}
		} else {
		permitted = permissionChecker.checkPermissionForPreflightFromDatasource(
		sAndroidPermissionRecordAudio, resolvedAttributionSource.value(), msg,

services/audiopolicy/service/AudioRecordClient.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -50,7 +50,7 @@ int getTargetSdkForPackageName(std::string_view packageName) {
		if (pm != nullptr) {
		const auto status = pm->getTargetSdkVersionForPackage(
		String16{packageName.data(), packageName.size()}, &targetSdk);
		return status.isOk() ? targetSdk : -1;
		return status.isOk() ? targetSdk : __ANDROID_API_FUTURE__;
		}
		}
		return targetSdk;