Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a7b613c9 authored by Charles Chen's avatar Charles Chen
Browse files

Enable isolated_like app to request camera service binder 

Processes that share isolated AIDs are allowed to use system services.
Existing isolated app should not be affected by this change as SEPolicy
blocks the use of camera service.

Bug: 265540209
Test: atest CtsCameraTestCases
Test: manual - avc denial for isolated_app when accessing CameraManager, and processes not isolated_app but with an isolated AID gets the binder.
Change-Id: If29dc43528c22bf20b21a933dff52179b7b9031b
parent db2daf03

services/camera/libcameraservice/CameraService.cpp

+5 −0
Original line number Diff line number Diff line
@@ -170,6 +170,11 @@ static bool doesClientHaveSystemUid() { 
    return (CameraThreadState::getCallingUid() < AID_APP_START);

}



// Enable processes with isolated AID to request the binder

void CameraService::instantiate() {

    CameraService::publish(true);

}



void CameraService::onServiceRegistration(const String16& name, const sp<IBinder>&) {

    if (name != String16(kAppopsServiceName)) {

        return;

services/camera/libcameraservice/CameraService.h

+3 −0
Original line number Diff line number Diff line
@@ -99,6 +99,9 @@ public: 
    // Event log ID

    static const int SN_EVENT_LOG_ID = 0x534e4554;



    // Register camera service

    static void instantiate();



    // Implementation of BinderService<T>

    static char const* getServiceName() { return "media.camera"; }