Loading services/camera/libcameraservice/CameraService.cpp +54 −33 Original line number Diff line number Diff line Loading @@ -1611,13 +1611,16 @@ Status CameraService::initializeShimMetadata(int cameraId) { std::string cameraIdStr = std::to_string(cameraId); Status ret = Status::ok(); sp<Client> tmp = nullptr; logConnectionAttempt(getCallingPid(), kServiceName, cameraIdStr, API_1); if (!(ret = connectHelper<ICameraClient,Client>( sp<ICameraClient>{nullptr}, cameraIdStr, cameraId, kServiceName, /*systemNativeClient*/ false, {}, uid, USE_CALLING_PID, API_1, /*shimUpdateOnly*/ true, /*oomScoreOffset*/ 0, /*targetSdkVersion*/ __ANDROID_API_FUTURE__, /*rotationOverride*/hardware::ICameraService::ROTATION_OVERRIDE_OVERRIDE_TO_PORTRAIT, /*forceSlowJpegMode*/false, cameraIdStr, /*out*/ tmp) /*forceSlowJpegMode*/false, cameraIdStr, /*isNonSystemNdk*/ false, /*out*/ tmp) ).isOk()) { ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().c_str()); } Loading Loading @@ -2147,12 +2150,18 @@ Status CameraService::connect( return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str()); } std::string clientPackageNameMaybe = clientAttribution.packageName.value_or(""); bool isNonSystemNdk = clientPackageNameMaybe.size() == 0; std::string clientPackageName = resolvePackageName(clientAttribution.uid, clientPackageNameMaybe); logConnectionAttempt(clientAttribution.pid, clientPackageName, cameraIdStr, API_1); sp<Client> client = nullptr; ret = connectHelper<ICameraClient,Client>(cameraClient, cameraIdStr, api1CameraId, clientAttribution.packageName.value_or(""), /*systemNativeClient*/ false, {}, clientPackageName, /*systemNativeClient*/ false, {}, clientAttribution.uid, clientAttribution.pid, API_1, /*shimUpdateOnly*/ false, /*oomScoreOffset*/ 0, targetSdkVersion, rotationOverride, forceSlowJpegMode, cameraIdStr, /*out*/client); rotationOverride, forceSlowJpegMode, cameraIdStr, isNonSystemNdk, /*out*/client); if (!ret.isOk()) { logRejected(cameraIdStr, getCallingPid(), clientAttribution.packageName.value_or(""), Loading Loading @@ -2241,13 +2250,13 @@ Status CameraService::connectDevice( RunThreadWithRealtimePriority priorityBump; Status ret = Status::ok(); sp<CameraDeviceClient> client = nullptr; std::string clientPackageNameAdj = clientAttribution.packageName.value_or(""); std::string clientPackageNameMaybe = clientAttribution.packageName.value_or(""); int callingPid = getCallingPid(); int callingUid = getCallingUid(); bool systemNativeClient = false; if (callerHasSystemUid() && (clientPackageNameAdj.size() == 0)) { if (callerHasSystemUid() && (clientPackageNameMaybe.size() == 0)) { std::string systemClient = fmt::sprintf("client.pid<%d>", callingPid); clientPackageNameAdj = systemClient; clientPackageNameMaybe = systemClient; systemNativeClient = true; } Loading @@ -2261,10 +2270,15 @@ Status CameraService::connectDevice( } std::string cameraId = cameraIdOptional.value(); bool isNonSystemNdk = clientPackageNameMaybe.size() == 0; std::string clientPackageName = resolvePackageName(clientAttribution.uid, clientPackageNameMaybe); logConnectionAttempt(clientAttribution.pid, clientPackageName, cameraId, API_2); if (oomScoreOffset < 0) { std::string msg = fmt::sprintf("Cannot increase the priority of a client %s pid %d for " "camera id %s", clientPackageNameAdj.c_str(), callingPid, "camera id %s", clientPackageName.c_str(), callingPid, cameraId.c_str()); ALOGE("%s: %s", __FUNCTION__, msg.c_str()); return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.c_str()); Loading @@ -2291,19 +2305,19 @@ Status CameraService::connectDevice( && !isTrustedCallingUid(callingUid)) { std::string msg = fmt::sprintf("Cannot change the priority of a client %s pid %d for " "camera id %s without SYSTEM_CAMERA permissions", clientPackageNameAdj.c_str(), callingPid, cameraId.c_str()); clientPackageName.c_str(), callingPid, cameraId.c_str()); ALOGE("%s: %s", __FUNCTION__, msg.c_str()); return STATUS_ERROR(ERROR_PERMISSION_DENIED, msg.c_str()); } ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb, cameraId, /*api1CameraId*/-1, clientPackageNameAdj, systemNativeClient, cameraId, /*api1CameraId*/-1, clientPackageName, systemNativeClient, clientAttribution.attributionTag, clientAttribution.uid, USE_CALLING_PID, API_2, /*shimUpdateOnly*/ false, oomScoreOffset, targetSdkVersion, rotationOverride, /*forceSlowJpegMode*/false, unresolvedCameraId, /*out*/client); /*forceSlowJpegMode*/false, unresolvedCameraId, isNonSystemNdk, /*out*/client); if (!ret.isOk()) { logRejected(cameraId, callingPid, clientPackageNameAdj, toStdString(ret.toString8())); logRejected(cameraId, callingPid, clientPackageName, toStdString(ret.toString8())); return ret; } Loading Loading @@ -2363,7 +2377,7 @@ bool CameraService::isCameraPrivacyEnabled(const String16& packageName, const st return false; } std::string CameraService::getPackageNameFromUid(int clientUid) { std::string CameraService::getPackageNameFromUid(int clientUid) const { std::string packageName(""); sp<IPermissionController> permCtrl; Loading Loading @@ -2408,37 +2422,44 @@ std::string CameraService::getPackageNameFromUid(int clientUid) { return packageName; } template<class CALLBACK, class CLIENT> Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId, int api1CameraId, const std::string& clientPackageNameMaybe, bool systemNativeClient, const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion, int rotationOverride, bool forceSlowJpegMode, const std::string& originalCameraId, /*out*/sp<CLIENT>& device) { binder::Status ret = binder::Status::ok(); void CameraService::logConnectionAttempt(int clientPid, const std::string& clientPackageName, const std::string& cameraId, apiLevel effectiveApiLevel) const { int packagePid = (clientPid == USE_CALLING_PID) ? getCallingPid() : clientPid; ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and " "Camera API version %d", packagePid, clientPackageName.c_str(), cameraId.c_str(), static_cast<int>(effectiveApiLevel)); } bool isNonSystemNdk = false; std::string clientPackageName; std::string CameraService::resolvePackageName(int clientUid, const std::string& clientPackageNameMaybe) const { if (clientPackageNameMaybe.size() <= 0) { int packageUid = (clientUid == USE_CALLING_UID) ? getCallingUid() : clientUid; int callingPid = getCallingPid(); if (clientPackageNameMaybe.size() <= 0) { // NDK calls don't come with package names, but we need one for various cases. // Generally, there's a 1:1 mapping between UID and package name, but shared UIDs // do exist. For all authentication cases, all packages under the same UID get the // same permissions, so picking any associated package name is sufficient. For some // other cases, this may give inaccurate names for clients in logs. isNonSystemNdk = true; clientPackageName = getPackageNameFromUid(packageUid); return getPackageNameFromUid(packageUid); } else { clientPackageName = clientPackageNameMaybe; return clientPackageNameMaybe; } } template<class CALLBACK, class CLIENT> Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId, int api1CameraId, const std::string& clientPackageName, bool systemNativeClient, const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion, int rotationOverride, bool forceSlowJpegMode, const std::string& originalCameraId, bool isNonSystemNdk, /*out*/sp<CLIENT>& device) { binder::Status ret = binder::Status::ok(); int packageUid = (clientUid == USE_CALLING_UID) ? getCallingUid() : clientUid; int packagePid = (clientPid == USE_CALLING_PID) ? callingPid : clientPid; ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and " "Camera API version %d", packagePid, clientPackageName.c_str(), cameraId.c_str(), static_cast<int>(effectiveApiLevel)); getCallingPid() : clientPid; nsecs_t openTimeNs = systemTime(); Loading Loading @@ -2528,7 +2549,7 @@ Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::str // that's connected to camera service directly. if(!(ret = makeClient(this, cameraCb, clientPackageName, systemNativeClient, clientFeatureId, cameraId, api1CameraId, facing, orientation, callingPid, clientUid, getpid(), orientation, getCallingPid(), clientUid, getpid(), deviceVersionAndTransport, effectiveApiLevel, overrideForPerfClass, rotationOverride, forceSlowJpegMode, originalCameraId, /*out*/&tmp)).isOk()) { Loading services/camera/libcameraservice/CameraService.h +8 −3 Original line number Diff line number Diff line Loading @@ -954,6 +954,11 @@ private: binder::Status validateClientPermissionsLocked(const std::string& cameraId, const std::string& clientName, /*inout*/int& clientUid, /*inout*/int& clientPid) const; // If clientPackageNameMaybe is empty, attempts to resolve the package name. std::string resolvePackageName(int clientUid, const std::string& clientPackageNameMaybe) const; void logConnectionAttempt(int clientPid, const std::string& clientPackageName, const std::string& cameraId, apiLevel effectiveApiLevel) const; bool isCameraPrivacyEnabled(const String16& packageName,const std::string& cameraId, int clientPid, int ClientUid); Loading Loading @@ -997,16 +1002,16 @@ private: // as for legacy apps we will toggle the app op for all packages in the UID. // The caveat is that the operation may be attributed to the wrong package and // stats based on app ops may be slightly off. std::string getPackageNameFromUid(int clientUid); std::string getPackageNameFromUid(int clientUid) const; // Single implementation shared between the various connect calls template<class CALLBACK, class CLIENT> binder::Status connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId, int api1CameraId, const std::string& clientPackageNameMaybe, bool systemNativeClient, int api1CameraId, const std::string& clientPackageName, bool systemNativeClient, const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly, int scoreOffset, int targetSdkVersion, int rotationOverride, bool forceSlowJpegMode, const std::string& originalCameraId, const std::string& originalCameraId, bool isNonSystemNdk, /*out*/sp<CLIENT>& device); // Lock guarding camera service state Loading Loading
services/camera/libcameraservice/CameraService.cpp +54 −33 Original line number Diff line number Diff line Loading @@ -1611,13 +1611,16 @@ Status CameraService::initializeShimMetadata(int cameraId) { std::string cameraIdStr = std::to_string(cameraId); Status ret = Status::ok(); sp<Client> tmp = nullptr; logConnectionAttempt(getCallingPid(), kServiceName, cameraIdStr, API_1); if (!(ret = connectHelper<ICameraClient,Client>( sp<ICameraClient>{nullptr}, cameraIdStr, cameraId, kServiceName, /*systemNativeClient*/ false, {}, uid, USE_CALLING_PID, API_1, /*shimUpdateOnly*/ true, /*oomScoreOffset*/ 0, /*targetSdkVersion*/ __ANDROID_API_FUTURE__, /*rotationOverride*/hardware::ICameraService::ROTATION_OVERRIDE_OVERRIDE_TO_PORTRAIT, /*forceSlowJpegMode*/false, cameraIdStr, /*out*/ tmp) /*forceSlowJpegMode*/false, cameraIdStr, /*isNonSystemNdk*/ false, /*out*/ tmp) ).isOk()) { ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().c_str()); } Loading Loading @@ -2147,12 +2150,18 @@ Status CameraService::connect( return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str()); } std::string clientPackageNameMaybe = clientAttribution.packageName.value_or(""); bool isNonSystemNdk = clientPackageNameMaybe.size() == 0; std::string clientPackageName = resolvePackageName(clientAttribution.uid, clientPackageNameMaybe); logConnectionAttempt(clientAttribution.pid, clientPackageName, cameraIdStr, API_1); sp<Client> client = nullptr; ret = connectHelper<ICameraClient,Client>(cameraClient, cameraIdStr, api1CameraId, clientAttribution.packageName.value_or(""), /*systemNativeClient*/ false, {}, clientPackageName, /*systemNativeClient*/ false, {}, clientAttribution.uid, clientAttribution.pid, API_1, /*shimUpdateOnly*/ false, /*oomScoreOffset*/ 0, targetSdkVersion, rotationOverride, forceSlowJpegMode, cameraIdStr, /*out*/client); rotationOverride, forceSlowJpegMode, cameraIdStr, isNonSystemNdk, /*out*/client); if (!ret.isOk()) { logRejected(cameraIdStr, getCallingPid(), clientAttribution.packageName.value_or(""), Loading Loading @@ -2241,13 +2250,13 @@ Status CameraService::connectDevice( RunThreadWithRealtimePriority priorityBump; Status ret = Status::ok(); sp<CameraDeviceClient> client = nullptr; std::string clientPackageNameAdj = clientAttribution.packageName.value_or(""); std::string clientPackageNameMaybe = clientAttribution.packageName.value_or(""); int callingPid = getCallingPid(); int callingUid = getCallingUid(); bool systemNativeClient = false; if (callerHasSystemUid() && (clientPackageNameAdj.size() == 0)) { if (callerHasSystemUid() && (clientPackageNameMaybe.size() == 0)) { std::string systemClient = fmt::sprintf("client.pid<%d>", callingPid); clientPackageNameAdj = systemClient; clientPackageNameMaybe = systemClient; systemNativeClient = true; } Loading @@ -2261,10 +2270,15 @@ Status CameraService::connectDevice( } std::string cameraId = cameraIdOptional.value(); bool isNonSystemNdk = clientPackageNameMaybe.size() == 0; std::string clientPackageName = resolvePackageName(clientAttribution.uid, clientPackageNameMaybe); logConnectionAttempt(clientAttribution.pid, clientPackageName, cameraId, API_2); if (oomScoreOffset < 0) { std::string msg = fmt::sprintf("Cannot increase the priority of a client %s pid %d for " "camera id %s", clientPackageNameAdj.c_str(), callingPid, "camera id %s", clientPackageName.c_str(), callingPid, cameraId.c_str()); ALOGE("%s: %s", __FUNCTION__, msg.c_str()); return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.c_str()); Loading @@ -2291,19 +2305,19 @@ Status CameraService::connectDevice( && !isTrustedCallingUid(callingUid)) { std::string msg = fmt::sprintf("Cannot change the priority of a client %s pid %d for " "camera id %s without SYSTEM_CAMERA permissions", clientPackageNameAdj.c_str(), callingPid, cameraId.c_str()); clientPackageName.c_str(), callingPid, cameraId.c_str()); ALOGE("%s: %s", __FUNCTION__, msg.c_str()); return STATUS_ERROR(ERROR_PERMISSION_DENIED, msg.c_str()); } ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb, cameraId, /*api1CameraId*/-1, clientPackageNameAdj, systemNativeClient, cameraId, /*api1CameraId*/-1, clientPackageName, systemNativeClient, clientAttribution.attributionTag, clientAttribution.uid, USE_CALLING_PID, API_2, /*shimUpdateOnly*/ false, oomScoreOffset, targetSdkVersion, rotationOverride, /*forceSlowJpegMode*/false, unresolvedCameraId, /*out*/client); /*forceSlowJpegMode*/false, unresolvedCameraId, isNonSystemNdk, /*out*/client); if (!ret.isOk()) { logRejected(cameraId, callingPid, clientPackageNameAdj, toStdString(ret.toString8())); logRejected(cameraId, callingPid, clientPackageName, toStdString(ret.toString8())); return ret; } Loading Loading @@ -2363,7 +2377,7 @@ bool CameraService::isCameraPrivacyEnabled(const String16& packageName, const st return false; } std::string CameraService::getPackageNameFromUid(int clientUid) { std::string CameraService::getPackageNameFromUid(int clientUid) const { std::string packageName(""); sp<IPermissionController> permCtrl; Loading Loading @@ -2408,37 +2422,44 @@ std::string CameraService::getPackageNameFromUid(int clientUid) { return packageName; } template<class CALLBACK, class CLIENT> Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId, int api1CameraId, const std::string& clientPackageNameMaybe, bool systemNativeClient, const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion, int rotationOverride, bool forceSlowJpegMode, const std::string& originalCameraId, /*out*/sp<CLIENT>& device) { binder::Status ret = binder::Status::ok(); void CameraService::logConnectionAttempt(int clientPid, const std::string& clientPackageName, const std::string& cameraId, apiLevel effectiveApiLevel) const { int packagePid = (clientPid == USE_CALLING_PID) ? getCallingPid() : clientPid; ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and " "Camera API version %d", packagePid, clientPackageName.c_str(), cameraId.c_str(), static_cast<int>(effectiveApiLevel)); } bool isNonSystemNdk = false; std::string clientPackageName; std::string CameraService::resolvePackageName(int clientUid, const std::string& clientPackageNameMaybe) const { if (clientPackageNameMaybe.size() <= 0) { int packageUid = (clientUid == USE_CALLING_UID) ? getCallingUid() : clientUid; int callingPid = getCallingPid(); if (clientPackageNameMaybe.size() <= 0) { // NDK calls don't come with package names, but we need one for various cases. // Generally, there's a 1:1 mapping between UID and package name, but shared UIDs // do exist. For all authentication cases, all packages under the same UID get the // same permissions, so picking any associated package name is sufficient. For some // other cases, this may give inaccurate names for clients in logs. isNonSystemNdk = true; clientPackageName = getPackageNameFromUid(packageUid); return getPackageNameFromUid(packageUid); } else { clientPackageName = clientPackageNameMaybe; return clientPackageNameMaybe; } } template<class CALLBACK, class CLIENT> Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId, int api1CameraId, const std::string& clientPackageName, bool systemNativeClient, const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion, int rotationOverride, bool forceSlowJpegMode, const std::string& originalCameraId, bool isNonSystemNdk, /*out*/sp<CLIENT>& device) { binder::Status ret = binder::Status::ok(); int packageUid = (clientUid == USE_CALLING_UID) ? getCallingUid() : clientUid; int packagePid = (clientPid == USE_CALLING_PID) ? callingPid : clientPid; ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and " "Camera API version %d", packagePid, clientPackageName.c_str(), cameraId.c_str(), static_cast<int>(effectiveApiLevel)); getCallingPid() : clientPid; nsecs_t openTimeNs = systemTime(); Loading Loading @@ -2528,7 +2549,7 @@ Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::str // that's connected to camera service directly. if(!(ret = makeClient(this, cameraCb, clientPackageName, systemNativeClient, clientFeatureId, cameraId, api1CameraId, facing, orientation, callingPid, clientUid, getpid(), orientation, getCallingPid(), clientUid, getpid(), deviceVersionAndTransport, effectiveApiLevel, overrideForPerfClass, rotationOverride, forceSlowJpegMode, originalCameraId, /*out*/&tmp)).isOk()) { Loading
services/camera/libcameraservice/CameraService.h +8 −3 Original line number Diff line number Diff line Loading @@ -954,6 +954,11 @@ private: binder::Status validateClientPermissionsLocked(const std::string& cameraId, const std::string& clientName, /*inout*/int& clientUid, /*inout*/int& clientPid) const; // If clientPackageNameMaybe is empty, attempts to resolve the package name. std::string resolvePackageName(int clientUid, const std::string& clientPackageNameMaybe) const; void logConnectionAttempt(int clientPid, const std::string& clientPackageName, const std::string& cameraId, apiLevel effectiveApiLevel) const; bool isCameraPrivacyEnabled(const String16& packageName,const std::string& cameraId, int clientPid, int ClientUid); Loading Loading @@ -997,16 +1002,16 @@ private: // as for legacy apps we will toggle the app op for all packages in the UID. // The caveat is that the operation may be attributed to the wrong package and // stats based on app ops may be slightly off. std::string getPackageNameFromUid(int clientUid); std::string getPackageNameFromUid(int clientUid) const; // Single implementation shared between the various connect calls template<class CALLBACK, class CLIENT> binder::Status connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId, int api1CameraId, const std::string& clientPackageNameMaybe, bool systemNativeClient, int api1CameraId, const std::string& clientPackageName, bool systemNativeClient, const std::optional<std::string>& clientFeatureId, int clientUid, int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly, int scoreOffset, int targetSdkVersion, int rotationOverride, bool forceSlowJpegMode, const std::string& originalCameraId, const std::string& originalCameraId, bool isNonSystemNdk, /*out*/sp<CLIENT>& device); // Lock guarding camera service state Loading
