Merge "Audio policy: modify permission needed to capture from source FM_TUNER"

#include <cutils/atomic.h>

#include <cutils/properties.h> // for property_get

#include <gui/IGraphicBufferProducer.h>

#include <mediautils/ServiceUtilities.h>

#include <sys/stat.h>

#include <sys/types.h>

#include <system/audio.h>

namespace android {

const char* cameraPermission = "android.permission.CAMERA";

const char* recordAudioPermission = "android.permission.RECORD_AUDIO";

static bool checkPermission(const char* permissionString) {

    if (getpid() == IPCThreadState::self()->getCallingPid()) return true;

status_t MediaRecorderClient::setAudioSource(int as)

{

    ALOGV("setAudioSource(%d)", as);

    if (!checkPermission(recordAudioPermission)) {

    if (as < AUDIO_SOURCE_DEFAULT

            || (as >= AUDIO_SOURCE_CNT && as != AUDIO_SOURCE_FM_TUNER)) {

        ALOGE("Invalid audio source: %d", as);

        return BAD_VALUE;

    }

    pid_t pid = IPCThreadState::self()->getCallingPid();

    uid_t uid = IPCThreadState::self()->getCallingUid();

    if ((as == AUDIO_SOURCE_FM_TUNER && !captureAudioOutputAllowed(pid, uid))

            || !recordingAllowed(String16(""), pid, uid)) {

        return PERMISSION_DENIED;

    }

    Mutex::Autolock lock(mLock);

status_t StagefrightRecorder::setAudioSource(audio_source_t as) {

    ALOGV("setAudioSource: %d", as);

    if (as < AUDIO_SOURCE_DEFAULT ||

        (as >= AUDIO_SOURCE_CNT && as != AUDIO_SOURCE_FM_TUNER)) {

        ALOGE("Invalid audio source: %d", as);

        return BAD_VALUE;

    }

    if (as == AUDIO_SOURCE_DEFAULT) {

        mAudioSource = AUDIO_SOURCE_MIC;

static bool checkRecordingInternal(const String16& opPackageName, pid_t pid,

        uid_t uid, bool start) {

    // Okay to not track in app ops as audio server is us and if

    // Okay to not track in app ops as audio server or media server is us and if

    // device is rooted security model is considered compromised.

    // system_server loses its RECORD_AUDIO permission when a secondary

    // user is active, but it is a core system service so let it through.

    // TODO(b/141210120): UserManager.DISALLOW_RECORD_AUDIO should not affect system user 0

    if (isAudioServerOrSystemServerOrRootUid(uid)) return true;

    if (isAudioServerOrMediaServerOrSystemServerOrRootUid(uid)) return true;

    // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder)

    // may open a record track on behalf of a client.  Note that pid may be a tid.

    return multiuser_get_app_id(uid) == AID_SYSTEM || uid == AID_AUDIOSERVER;

}

// used for calls that should come from system_server or audio_server and

// used for calls that should come from system_server or audio_server or media server and

// include AID_ROOT for command-line tests.

static inline bool isAudioServerOrSystemServerOrRootUid(uid_t uid) {

    return multiuser_get_app_id(uid) == AID_SYSTEM || uid == AID_AUDIOSERVER || uid == AID_ROOT;

static inline bool isAudioServerOrMediaServerOrSystemServerOrRootUid(uid_t uid) {

    return multiuser_get_app_id(uid) == AID_SYSTEM || uid == AID_AUDIOSERVER

              || uid == AID_MEDIA || uid == AID_ROOT;

}

// Mediaserver may forward the client PID and UID as part of a binder interface call;

    ~OpRecordAudioMonitor() override;

    bool hasOpRecordAudio() const;

    static sp<OpRecordAudioMonitor> createIfNeeded(uid_t uid, const String16& opPackageName);

    static sp<OpRecordAudioMonitor> createIfNeeded

        (uid_t uid, const audio_attributes_t& attr, const String16& opPackageName);

private:

    OpRecordAudioMonitor(uid_t uid, const String16& opPackageName);