Merge "Replace use_context_attribution_source /...

flag {

    namespace: "camera_platform"

    name: "use_context_attribution_source"

    description: "Use the context-provided AttributionSource when checking for client permissions"

    bug: "190657833"

}

flag {

    namespace: "camera_platform"

    name: "check_full_attribution_source_chain"

    description: "Pass the full AttributionSource chain to PermissionChecker"

    name: "data_delivery_permission_checks"

    description: "Pass the full AttributionSource chain to PermissionChecker for data delivery"

    bug: "190657833"

    is_fixed_read_only: true

}

flag {

    bool isNonSystemNdk = clientPackageNameMaybe.size() == 0;

    if (!flags::use_context_attribution_source()) {

    if (!flags::data_delivery_permission_checks()) {

        resolvedClientAttribution.pid = USE_CALLING_PID;

    }

    ATRACE_CALL();

    // Don't start watching until we're streaming when using permissionChecker for data delivery

    if (!flags::check_full_attribution_source_chain()) {

    if (!flags::data_delivery_permission_checks()) {

        ALOGD("%s: Start camera ops, package name = %s, client UID = %d", __FUNCTION__,

              getPackageName().c_str(), getClientUid());

            }

        }

    } else {

        // TODO: Remove when removing the check_full_attribution_source_chain flag

        // TODO: Remove when removing the data_delivery_permission_checks flag

        ALOGD("%s: Bypassing checkOp for uid %d", __FUNCTION__, getClientUid());

    }

          getPackageName().c_str(), getClientUid());

    if (mAppOpsManager != nullptr) {

        if (flags::check_full_attribution_source_chain()) {

        if (flags::data_delivery_permission_checks()) {

            ALOGD("%s: Start data delivery for uid %d", __FUNCTION__, getClientUid());

            const PermissionChecker::PermissionResult result =

    // noteAppOp is only used for when camera mute is not supported, in order

    // to trigger the sensor privacy "Unblock" dialog

    if (flags::check_full_attribution_source_chain()) {

    if (flags::data_delivery_permission_checks()) {

        // Ignore the result, since we're only triggering the dialog

        ALOGD("%s: Check data delivery permissions for uid %d", __FUNCTION__, getClientUid());

        hasPermissionsForCameraForDataDelivery(std::string(), mClientAttribution);

    }

    if (mAppOpsManager != nullptr) {

        if (flags::check_full_attribution_source_chain()) {

        if (flags::data_delivery_permission_checks()) {

            ALOGD("%s: finishDataDelivery for uid %d", __FUNCTION__, getClientUid());

            finishDataDelivery(mClientAttribution);

    }

    // When using the data delivery permission checks, the open state does not involve AppOps

    if (!flags::check_full_attribution_source_chain()) {

    if (!flags::data_delivery_permission_checks()) {

        // Always stop watching, even if no camera op is active

        if (mOpsCallback != nullptr && mAppOpsManager != nullptr) {

            mAppOpsManager->stopWatchingMode(mOpsCallback);

    }

    PermissionChecker::PermissionResult res;

    if (flags::check_full_attribution_source_chain()) {

    if (flags::data_delivery_permission_checks()) {

        int32_t appOpMode = AppOpsManager::MODE_ALLOWED;

        std::for_each(AttrSourceItr{mClientAttribution}, AttrSourceItr::end(),

                [&](const auto& attr) {

        // Uid may be active, but not visible to the user (e.g. PROCESS_STATE_FOREGROUND_SERVICE).

        // If not visible, but still active, then we want to block instead of muting the camera.

        int32_t procState = ActivityManager::PROCESS_STATE_NONEXISTENT;

        if (flags::check_full_attribution_source_chain()) {

        if (flags::data_delivery_permission_checks()) {

            // Use the proc state of the last uid in the chain (ultimately receiving the data)

            // when determining whether to mute or block

            int32_t uid = -1;

        int32_t attributedOpCode, bool forDataDelivery, bool startDataDelivery,

        bool checkAutomotive) {

    AttributionSourceState clientAttribution = attributionSource;

    if (!flags::check_full_attribution_source_chain() && !clientAttribution.next.empty()) {

    if (!flags::data_delivery_permission_checks() && !clientAttribution.next.empty()) {

        clientAttribution.next.clear();

    }

        clientUid = callingUid;

    } else {

        validUid = isTrustedCallingUid(callingUid);

        if (flags::use_context_attribution_source()) {

        if (flags::data_delivery_permission_checks()) {

            validUid = validUid || (clientUid == callingUid);

        }

    }

        clientPid = callingPid;

    } else {

        validPid = isTrustedCallingUid(callingUid);

        if (flags::use_context_attribution_source()) {

        if (flags::data_delivery_permission_checks()) {

            validPid = validPid || (clientPid == callingPid);

        }

    }

    virtual void restoreCallingIdentity(int64_t token);

    /**

     * If flag::use_context_attribution_source() is enabled, check the calling attribution source

     * and resolve its package name, or fill in the pid/uid/package name if necessary.

     * If flags::data_delivery_permission_checks() is enabled, check the calling attribution

     * source and resolve its package name, or fill in the pid/uid/package name if necessary.

     *

     * @param resolvedAttributionSource The resolved attribution source.

     * @param methodName The name of the method calling this function (for logging only).