Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 740d8cb7 authored by Eino-Ville Talvala (Eddy)'s avatar Eino-Ville Talvala (Eddy) Committed by Automerger Merge Worker
Browse files

Merge "Camera: Look up client name for NDK earlier" into tm-qpr-dev am: 2170f74c am: a9dba58e 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/av/+/20039036



Change-Id: I8bbc8fc932aef474ef6e913df81a366e07cd0fbd
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 29eae310 a9dba58e

services/camera/libcameraservice/CameraService.cpp

+51 −34
Original line number Diff line number Diff line
@@ -1767,20 +1767,68 @@ Status CameraService::connectDevice( 
    return ret;

}



String16 CameraService::getPackageNameFromUid(int clientUid) {

    String16 packageName("");



    sp<IServiceManager> sm = defaultServiceManager();

    sp<IBinder> binder = sm->getService(String16(kPermissionServiceName));

    if (binder == 0) {

        ALOGE("Cannot get permission service");

        // Return empty package name and the further interaction

        // with camera will likely fail

        return packageName;

    }



    sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder);

    Vector<String16> packages;



    permCtrl->getPackagesForUid(clientUid, packages);



    if (packages.isEmpty()) {

        ALOGE("No packages for calling UID %d", clientUid);

        // Return empty package name and the further interaction

        // with camera will likely fail

        return packageName;

    }



    // Arbitrarily pick the first name in the list

    packageName = packages[0];



    return packageName;

}



template<class CALLBACK, class CLIENT>

Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const String8& cameraId,

        int api1CameraId, const String16& clientPackageName, bool systemNativeClient,

        int api1CameraId, const String16& clientPackageNameMaybe, bool systemNativeClient,

        const std::optional<String16>& clientFeatureId, int clientUid, int clientPid,

        apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion,

        /*out*/sp<CLIENT>& device) {

    binder::Status ret = binder::Status::ok();



    bool isNonSystemNdk = false;

    String16 clientPackageName;

    if (clientPackageNameMaybe.size() <= 0) {

        // NDK calls don't come with package names, but we need one for various cases.

        // Generally, there's a 1:1 mapping between UID and package name, but shared UIDs

        // do exist. For all authentication cases, all packages under the same UID get the

        // same permissions, so picking any associated package name is sufficient. For some

        // other cases, this may give inaccurate names for clients in logs.

        isNonSystemNdk = true;

        int packageUid = (clientUid == USE_CALLING_UID) ?

            CameraThreadState::getCallingUid() : clientUid;

        clientPackageName = getPackageNameFromUid(packageUid);

    } else {

        clientPackageName = clientPackageNameMaybe;

    }



    String8 clientName8(clientPackageName);



    int originalClientPid = 0;



    int packagePid = (clientPid == USE_CALLING_PID) ?

        CameraThreadState::getCallingPid() : clientPid;

    ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and "

            "Camera API version %d", clientPid, clientName8.string(), cameraId.string(),

            "Camera API version %d", packagePid, clientName8.string(), cameraId.string(),

            static_cast<int>(effectiveApiLevel));



    nsecs_t openTimeNs = systemTime();
@@ -1788,7 +1836,7 @@ Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const String8& 
    sp<CLIENT> client = nullptr;

    int facing = -1;

    int orientation = 0;

    bool isNonSystemNdk = (clientPackageName.size() == 0);



    {

        // Acquire mServiceLock and prevent other clients from connecting

        std::unique_ptr<AutoConditionLock> lock =
@@ -3279,37 +3327,6 @@ CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService, 
        sCameraService = cameraService;

    }



    // In some cases the calling code has no access to the package it runs under.

    // For example, NDK camera API.

    // In this case we will get the packages for the calling UID and pick the first one

    // for attributing the app op. This will work correctly for runtime permissions

    // as for legacy apps we will toggle the app op for all packages in the UID.

    // The caveat is that the operation may be attributed to the wrong package and

    // stats based on app ops may be slightly off.

    if (mClientPackageName.size() <= 0) {

        sp<IServiceManager> sm = defaultServiceManager();

        sp<IBinder> binder = sm->getService(String16(kPermissionServiceName));

        if (binder == 0) {

            ALOGE("Cannot get permission service");

            // Leave mClientPackageName unchanged (empty) and the further interaction

            // with camera will fail in BasicClient::startCameraOps

            return;

        }



        sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder);

        Vector<String16> packages;



        permCtrl->getPackagesForUid(mClientUid, packages);



        if (packages.isEmpty()) {

            ALOGE("No packages for calling UID");

            // Leave mClientPackageName unchanged (empty) and the further interaction

            // with camera will fail in BasicClient::startCameraOps

            return;

        }

        mClientPackageName = packages[0];

    }



    // There are 2 scenarios in which a client won't have AppOps operations

    // (both scenarios : native clients)

    //    1) It's an system native client*, the package name will be empty

services/camera/libcameraservice/CameraService.h

+10 −1
Original line number Diff line number Diff line
@@ -834,10 +834,19 @@ private: 
    // sorted in alpha-numeric order.

    void filterAPI1SystemCameraLocked(const std::vector<std::string> &normalDeviceIds);



    // In some cases the calling code has no access to the package it runs under.

    // For example, NDK camera API.

    // In this case we will get the packages for the calling UID and pick the first one

    // for attributing the app op. This will work correctly for runtime permissions

    // as for legacy apps we will toggle the app op for all packages in the UID.

    // The caveat is that the operation may be attributed to the wrong package and

    // stats based on app ops may be slightly off.

    String16 getPackageNameFromUid(int clientUid);



    // Single implementation shared between the various connect calls

    template<class CALLBACK, class CLIENT>

    binder::Status connectHelper(const sp<CALLBACK>& cameraCb, const String8& cameraId,

            int api1CameraId, const String16& clientPackageName, bool systemNativeClient,

            int api1CameraId, const String16& clientPackageNameMaybe, bool systemNativeClient,

            const std::optional<String16>& clientFeatureId, int clientUid, int clientPid,

            apiLevel effectiveApiLevel, bool shimUpdateOnly, int scoreOffset, int targetSdkVersion,

            /*out*/sp<CLIENT>& device);