Add permission check for audio attributes tags. (7616b33d) · Commits · e / os / android_frameworks_av

aidl/com/android/media/permission/PermissionEnum.aidl

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -38,5 +38,6 @@ enum PermissionEnum {
	CAPTURE_VOICE_COMMUNICATION_OUTPUT = 12,		CAPTURE_VOICE_COMMUNICATION_OUTPUT = 12,
	BLUETOOTH_CONNECT = 13,		BLUETOOTH_CONNECT = 13,
	BYPASS_CONCURRENT_RECORD_AUDIO_RESTRICTION = 14,		BYPASS_CONCURRENT_RECORD_AUDIO_RESTRICTION = 14,
	ENUM_SIZE = 15, // Not for actual usage, used by Java		MODIFY_AUDIO_SETTINGS_PRIVILEGED = 15,
			ENUM_SIZE = 16, // Not for actual usage, used by Java
	}		}

media/utils/ServiceUtilities.cpp

+13 −0

Original line number	Original line	Diff line number	Diff line
	@@ -55,6 +55,8 @@ static const String16 sAndroidPermissionRecordAudio("android.permission.RECORD_A
	static const String16 sModifyPhoneState("android.permission.MODIFY_PHONE_STATE");		static const String16 sModifyPhoneState("android.permission.MODIFY_PHONE_STATE");
	static const String16 sModifyAudioRouting("android.permission.MODIFY_AUDIO_ROUTING");		static const String16 sModifyAudioRouting("android.permission.MODIFY_AUDIO_ROUTING");
	static const String16 sCallAudioInterception("android.permission.CALL_AUDIO_INTERCEPTION");		static const String16 sCallAudioInterception("android.permission.CALL_AUDIO_INTERCEPTION");
			static const String16 sModifyAudioSettingsPrivileged(
			"android.permission.MODIFY_AUDIO_SETTINGS_PRIVILEGED");

	static String16 resolveCallingPackage(PermissionController& permissionController,		static String16 resolveCallingPackage(PermissionController& permissionController,
	const std::optional<String16> opPackageName, uid_t uid) {		const std::optional<String16> opPackageName, uid_t uid) {
	@@ -387,6 +389,17 @@ bool modifyDefaultAudioEffectsAllowed(const AttributionSourceState& attributionS
	return ok;		return ok;
	}		}

			bool modifyAudioSettingsPrivilegedAllowed(const AttributionSourceState& attributionSource) {
			uid_t uid = VALUE_OR_FATAL(aidl2legacy_int32_t_uid_t(attributionSource.uid));
			pid_t pid = VALUE_OR_FATAL(aidl2legacy_int32_t_pid_t(attributionSource.pid));
			if (isAudioServerUid(uid)) return true;
			// IMPORTANT: Use PermissionCache - not a runtime permission and may not change.
			bool ok = PermissionCache::checkPermission(sModifyAudioSettingsPrivileged, pid, uid);
			if (!ok) ALOGE("%s(): android.permission.MODIFY_AUDIO_SETTINGS_PRIVILEGED denied for uid %d",
			__func__, uid);
			return ok;
			}

	bool dumpAllowed() {		bool dumpAllowed() {
	static const String16 sDump("android.permission.DUMP");		static const String16 sDump("android.permission.DUMP");
	// IMPORTANT: Use PermissionCache - not a runtime permission and may not change.		// IMPORTANT: Use PermissionCache - not a runtime permission and may not change.

media/utils/include/mediautils/ServiceUtilities.h

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -110,6 +110,7 @@ bool modifyAudioRoutingAllowed();
	bool modifyAudioRoutingAllowed(const AttributionSourceState& attributionSource);		bool modifyAudioRoutingAllowed(const AttributionSourceState& attributionSource);
	bool modifyDefaultAudioEffectsAllowed();		bool modifyDefaultAudioEffectsAllowed();
	bool modifyDefaultAudioEffectsAllowed(const AttributionSourceState& attributionSource);		bool modifyDefaultAudioEffectsAllowed(const AttributionSourceState& attributionSource);
			bool modifyAudioSettingsPrivilegedAllowed(const AttributionSourceState& attributionSource);
	bool dumpAllowed();		bool dumpAllowed();
	bool modifyPhoneStateAllowed(const AttributionSourceState& attributionSource);		bool modifyPhoneStateAllowed(const AttributionSourceState& attributionSource);
	bool bypassInterruptionPolicyAllowed(const AttributionSourceState& attributionSource);		bool bypassInterruptionPolicyAllowed(const AttributionSourceState& attributionSource);

services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp

+11 −0

Original line number	Original line	Diff line number	Diff line
	@@ -73,6 +73,7 @@ using com::android::media::permission::PermissionEnum::CAPTURE_MEDIA_OUTPUT;
	using com::android::media::permission::PermissionEnum::CAPTURE_TUNER_AUDIO_INPUT;		using com::android::media::permission::PermissionEnum::CAPTURE_TUNER_AUDIO_INPUT;
	using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_ROUTING;		using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_ROUTING;
	using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_SETTINGS;		using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_SETTINGS;
			using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_SETTINGS_PRIVILEGED;
	using com::android::media::permission::PermissionEnum::MODIFY_DEFAULT_AUDIO_EFFECTS;		using com::android::media::permission::PermissionEnum::MODIFY_DEFAULT_AUDIO_EFFECTS;
	using com::android::media::permission::PermissionEnum::MODIFY_PHONE_STATE;		using com::android::media::permission::PermissionEnum::MODIFY_PHONE_STATE;
	using com::android::media::permission::PermissionEnum::RECORD_AUDIO;		using com::android::media::permission::PermissionEnum::RECORD_AUDIO;
	@@ -443,6 +444,16 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt
	}		}
	}		}

			if (strlen(attr.tags) != 0) {
			if (!(audioserver_permissions() ?
			CHECK_PERM(MODIFY_AUDIO_SETTINGS_PRIVILEGED, attributionSource.uid)
			: modifyAudioSettingsPrivilegedAllowed(attributionSource))) {
			ALOGE("%s: permission denied: audio attributes tags not allowed for uid %d pid %d",
			__func__, attributionSource.uid, attributionSource.pid);
			return binderStatusFromStatusT(PERMISSION_DENIED);
			}
			}

	AutoCallerClear acc;		AutoCallerClear acc;
	AudioPolicyInterface::output_type_t outputType;		AudioPolicyInterface::output_type_t outputType;
	bool isSpatialized = false;		bool isSpatialized = false;