Loading services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp +164 −50 Original line number Diff line number Diff line Loading @@ -23,6 +23,8 @@ #include <android/content/AttributionSourceState.h> #include <android_media_audiopolicy.h> #include <com_android_media_audio.h> #include <error/expected_utils.h> #include <media/AidlConversion.h> #include <media/AudioPolicy.h> #include <media/AudioValidator.h> Loading @@ -44,13 +46,30 @@ if (!_tmp.isOk()) return _tmp; \ } #define CHECK_PERM(expr1, expr2) \ VALUE_OR_RETURN_STATUS(getPermissionProvider().checkPermission((expr1), (expr2))) #define MAX_ITEMS_PER_LIST 1024 namespace android { namespace audiopolicy_flags = android::media::audiopolicy; using binder::Status; using aidl_utils::binderStatusFromStatusT; using com::android::media::audio::audioserver_permissions; using com::android::media::permission::NativePermissionController; using com::android::media::permission::PermissionEnum::ACCESS_ULTRASOUND; using com::android::media::permission::PermissionEnum::CALL_AUDIO_INTERCEPTION; using com::android::media::permission::PermissionEnum::CAPTURE_AUDIO_HOTWORD; using com::android::media::permission::PermissionEnum::CAPTURE_VOICE_COMMUNICATION_OUTPUT; using com::android::media::permission::PermissionEnum::CAPTURE_AUDIO_OUTPUT; using com::android::media::permission::PermissionEnum::CAPTURE_MEDIA_OUTPUT; using com::android::media::permission::PermissionEnum::CAPTURE_TUNER_AUDIO_INPUT; using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_ROUTING; using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_SETTINGS; using com::android::media::permission::PermissionEnum::MODIFY_DEFAULT_AUDIO_EFFECTS; using com::android::media::permission::PermissionEnum::MODIFY_PHONE_STATE; using com::android::media::permission::PermissionEnum::RECORD_AUDIO; using com::android::media::permission::PermissionEnum::WRITE_SECURE_SETTINGS; using content::AttributionSourceState; using media::audio::common::AudioConfig; using media::audio::common::AudioConfigBase; Loading Loading @@ -86,31 +105,37 @@ bool AudioPolicyService::isSupportedSystemUsage(audio_usage_t usage) { != std::end(mSupportedSystemUsages); } status_t AudioPolicyService::validateUsage(const audio_attributes_t& attr) { Status AudioPolicyService::validateUsage(const audio_attributes_t& attr) { return validateUsage(attr, getCallingAttributionSource()); } status_t AudioPolicyService::validateUsage(const audio_attributes_t& attr, Status AudioPolicyService::validateUsage(const audio_attributes_t& attr, const AttributionSourceState& attributionSource) { if (isSystemUsage(attr.usage)) { if (isSupportedSystemUsage(attr.usage)) { if (attr.usage == AUDIO_USAGE_CALL_ASSISTANT && ((attr.flags & AUDIO_FLAG_CALL_REDIRECTION) != 0)) { if (!callAudioInterceptionAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(CALL_AUDIO_INTERCEPTION, attributionSource.uid) : callAudioInterceptionAllowed(attributionSource))) { ALOGE("%s: call audio interception not allowed for attribution source: %s", __func__, attributionSource.toString().c_str()); return PERMISSION_DENIED; return Status::fromExceptionCode(Status::EX_SECURITY, "Call audio interception not allowed"); } } else if (!modifyAudioRoutingAllowed(attributionSource)) { } else if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, attributionSource.uid) : modifyAudioRoutingAllowed(attributionSource))) { ALOGE("%s: modify audio routing not allowed for attribution source: %s", __func__, attributionSource.toString().c_str()); return PERMISSION_DENIED; return Status::fromExceptionCode(Status::EX_SECURITY, "Modify audio routing not allowed"); } } else { return BAD_VALUE; return Status::fromExceptionCode(Status::EX_ILLEGAL_ARGUMENT); } } return NO_ERROR; return Status::ok(); } Loading @@ -137,7 +162,9 @@ Status AudioPolicyService::setDeviceConnectionState( if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (state != AUDIO_POLICY_DEVICE_STATE_AVAILABLE && Loading Loading @@ -191,7 +218,9 @@ Status AudioPolicyService::handleDeviceConfigChange( if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading @@ -215,7 +244,9 @@ Status AudioPolicyService::setPhoneState(AudioMode stateAidl, int32_t uidAidl) if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(state) >= AUDIO_MODE_CNT) { Loading Loading @@ -265,7 +296,9 @@ Status AudioPolicyService::setForceUse(media::AudioPolicyForceUse usageAidl, return binderStatusFromStatusT(NO_INIT); } if (!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading Loading @@ -355,7 +388,7 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt RETURN_IF_BINDER_ERROR( binderStatusFromStatusT(AudioValidator::validateAudioAttributes(attr, "68953950"))); RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr, attributionSource))); RETURN_IF_BINDER_ERROR(validateUsage(attr, attributionSource)); ALOGV("%s()", __func__); audio_utils::lock_guard _l(mMutex); Loading @@ -364,14 +397,22 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt aidl2legacy_int32_t_uid_t(attributionSource.uid)))) { attr.flags = static_cast<audio_flags_mask_t>(attr.flags | AUDIO_FLAG_NO_MEDIA_PROJECTION); } const bool bypassInterruptionAllowed = audioserver_permissions() ? ( CHECK_PERM(MODIFY_AUDIO_ROUTING, attributionSource.uid) || CHECK_PERM(MODIFY_PHONE_STATE, attributionSource.uid) || CHECK_PERM(WRITE_SECURE_SETTINGS, attributionSource.uid)) : bypassInterruptionPolicyAllowed(attributionSource); if (((attr.flags & (AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE)) != 0) && !bypassInterruptionPolicyAllowed(attributionSource)) { && !bypassInterruptionAllowed) { attr.flags = static_cast<audio_flags_mask_t>( attr.flags & ~(AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE)); } if (attr.content_type == AUDIO_CONTENT_TYPE_ULTRASOUND) { if (!accessUltrasoundAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(ACCESS_ULTRASOUND, attributionSource.uid) : accessUltrasoundAllowed(attributionSource))) { ALOGE("%s: permission denied: ultrasound not allowed for uid %d pid %d", __func__, attributionSource.uid, attributionSource.pid); return binderStatusFromStatusT(PERMISSION_DENIED); Loading Loading @@ -400,18 +441,24 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt break; case AudioPolicyInterface::API_OUTPUT_TELEPHONY_TX: if (((attr.flags & AUDIO_FLAG_CALL_REDIRECTION) != 0) && !callAudioInterceptionAllowed(attributionSource)) { && !(audioserver_permissions() ? CHECK_PERM(CALL_AUDIO_INTERCEPTION, attributionSource.uid) : callAudioInterceptionAllowed(attributionSource))) { ALOGE("%s() permission denied: call redirection not allowed for uid %d", __func__, attributionSource.uid); result = PERMISSION_DENIED; } else if (!modifyPhoneStateAllowed(attributionSource)) { } else if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_PHONE_STATE, attributionSource.uid) : modifyPhoneStateAllowed(attributionSource))) { ALOGE("%s() permission denied: modify phone state not allowed for uid %d", __func__, attributionSource.uid); result = PERMISSION_DENIED; } break; case AudioPolicyInterface::API_OUT_MIX_PLAYBACK: if (!modifyAudioRoutingAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, attributionSource.uid) : modifyAudioRoutingAllowed(attributionSource))) { ALOGE("%s() permission denied: modify audio routing not allowed for uid %d", __func__, attributionSource.uid); result = PERMISSION_DENIED; Loading Loading @@ -630,8 +677,7 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr return binderStatusFromStatusT(BAD_VALUE); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr, attributionSource))); RETURN_IF_BINDER_ERROR(validateUsage(attr, attributionSource)); uint32_t virtualDeviceId = kDefaultVirtualDeviceId; Loading @@ -644,7 +690,10 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr // type is API_INPUT_MIX_EXT_POLICY_REROUTE and by AudioService if a media projection // is used and input type is API_INPUT_MIX_PUBLIC_CAPTURE_PLAYBACK // - ECHO_REFERENCE source is controlled by captureAudioOutputAllowed() if (!(recordingAllowed(attributionSource, inputSource) const auto isRecordingAllowed = audioserver_permissions() ? CHECK_PERM(RECORD_AUDIO, attributionSource.uid) : recordingAllowed(attributionSource, inputSource); if (!(isRecordingAllowed || inputSource == AUDIO_SOURCE_FM_TUNER || inputSource == AUDIO_SOURCE_REMOTE_SUBMIX || inputSource == AUDIO_SOURCE_ECHO_REFERENCE)) { Loading @@ -653,8 +702,12 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr return binderStatusFromStatusT(PERMISSION_DENIED); } bool canCaptureOutput = captureAudioOutputAllowed(attributionSource); bool canInterceptCallAudio = callAudioInterceptionAllowed(attributionSource); bool canCaptureOutput = audioserver_permissions() ? CHECK_PERM(CAPTURE_AUDIO_OUTPUT, attributionSource.uid) : captureAudioOutputAllowed(attributionSource); bool canInterceptCallAudio = audioserver_permissions() ? CHECK_PERM(CALL_AUDIO_INTERCEPTION, attributionSource.uid) : callAudioInterceptionAllowed(attributionSource); bool isCallAudioSource = inputSource == AUDIO_SOURCE_VOICE_UPLINK || inputSource == AUDIO_SOURCE_VOICE_DOWNLINK || inputSource == AUDIO_SOURCE_VOICE_CALL; Loading @@ -668,11 +721,15 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr } if (inputSource == AUDIO_SOURCE_FM_TUNER && !canCaptureOutput && !captureTunerAudioInputAllowed(attributionSource)) { && !(audioserver_permissions() ? CHECK_PERM(CAPTURE_TUNER_AUDIO_INPUT, attributionSource.uid) : captureTunerAudioInputAllowed(attributionSource))) { return binderStatusFromStatusT(PERMISSION_DENIED); } bool canCaptureHotword = captureHotwordAllowed(attributionSource); bool canCaptureHotword = audioserver_permissions() ? CHECK_PERM(CAPTURE_AUDIO_HOTWORD, attributionSource.uid) : captureHotwordAllowed(attributionSource); if ((inputSource == AUDIO_SOURCE_HOTWORD) && !canCaptureHotword) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading @@ -687,7 +744,9 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr } if (attr.source == AUDIO_SOURCE_ULTRASOUND) { if (!accessUltrasoundAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(ACCESS_ULTRASOUND, attributionSource.uid) : accessUltrasoundAllowed(attributionSource))) { ALOGE("%s: permission denied: ultrasound not allowed for uid %d pid %d", __func__, attributionSource.uid, attributionSource.pid); return binderStatusFromStatusT(PERMISSION_DENIED); Loading Loading @@ -733,14 +792,29 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr status = PERMISSION_DENIED; } break; case AudioPolicyInterface::API_INPUT_MIX_EXT_POLICY_REROUTE: if (!(modifyAudioRoutingAllowed(attributionSource) case AudioPolicyInterface::API_INPUT_MIX_EXT_POLICY_REROUTE: { bool modAudioRoutingAllowed; if (audioserver_permissions()) { auto result = getPermissionProvider().checkPermission( MODIFY_AUDIO_ROUTING, attributionSource.uid); if (!result.ok()) { ALOGE("%s permission provider error: %s", __func__, result.error().toString8().c_str()); status = aidl_utils::statusTFromBinderStatus(result.error()); break; } modAudioRoutingAllowed = result.value(); } else { modAudioRoutingAllowed = modifyAudioRoutingAllowed(attributionSource); } if (!(modAudioRoutingAllowed || ((attr.flags & AUDIO_FLAG_CALL_REDIRECTION) != 0 && canInterceptCallAudio))) { ALOGE("%s permission denied for remote submix capture", __func__); status = PERMISSION_DENIED; } break; } case AudioPolicyInterface::API_INPUT_INVALID: default: LOG_ALWAYS_FATAL("%s encountered an invalid input type %d", Loading Loading @@ -1035,7 +1109,9 @@ Status AudioPolicyService::setDeviceAbsoluteVolumeEnabled(const AudioDevice& dev if (mAudioPolicyManager == nullptr) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(streamToDriveAbs) >= AUDIO_STREAM_PUBLIC_CNT) { Loading @@ -1059,7 +1135,9 @@ Status AudioPolicyService::initStreamVolume(AudioStreamType streamAidl, if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(stream) >= AUDIO_STREAM_PUBLIC_CNT) { Loading @@ -1083,7 +1161,9 @@ Status AudioPolicyService::setStreamVolumeIndex(AudioStreamType streamAidl, if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(stream) >= AUDIO_STREAM_PUBLIC_CNT) { Loading Loading @@ -1133,7 +1213,9 @@ Status AudioPolicyService::setVolumeIndexForAttributes( if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } audio_utils::lock_guard _l(mMutex); Loading Loading @@ -1439,7 +1521,9 @@ Status AudioPolicyService::addSourceDefaultEffect(const AudioUuid& typeAidl, sp<AudioPolicyEffects>audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(audioPolicyEffects->addSourceDefaultEffect( Loading @@ -1465,7 +1549,9 @@ Status AudioPolicyService::addStreamDefaultEffect(const AudioUuid& typeAidl, sp<AudioPolicyEffects> audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(audioPolicyEffects->addStreamDefaultEffect( Loading @@ -1480,7 +1566,9 @@ Status AudioPolicyService::removeSourceDefaultEffect(int32_t idAidl) aidl2legacy_int32_t_audio_unique_id_t(idAidl)); sp<AudioPolicyEffects>audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } return binderStatusFromStatusT(audioPolicyEffects->removeSourceDefaultEffect(id)); Loading @@ -1492,7 +1580,9 @@ Status AudioPolicyService::removeStreamDefaultEffect(int32_t idAidl) aidl2legacy_int32_t_audio_unique_id_t(idAidl)); sp<AudioPolicyEffects>audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } return binderStatusFromStatusT(audioPolicyEffects->removeStreamDefaultEffect(id)); Loading @@ -1510,7 +1600,9 @@ Status AudioPolicyService::setSupportedSystemUsages( std::back_inserter(systemUsages), aidl2legacy_AudioUsage_audio_usage_t))); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading Loading @@ -1569,7 +1661,7 @@ Status AudioPolicyService::isDirectOutputSupported( return binderStatusFromStatusT(NO_INIT); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attributes))); RETURN_IF_BINDER_ERROR(validateUsage(attributes)); audio_utils::lock_guard _l(mMutex); *_aidl_return = mAudioPolicyManager->isDirectOutputSupported(config, attributes); Loading Loading @@ -1644,7 +1736,9 @@ Status AudioPolicyService::createAudioPatch(const media::AudioPatchFw& patchAidl RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(AudioValidator::validateAudioPatch(patch))); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1663,7 +1757,9 @@ Status AudioPolicyService::releaseAudioPatch(int32_t handleAidl) audio_patch_handle_t handle = VALUE_OR_RETURN_BINDER_STATUS( aidl2legacy_int32_t_audio_patch_handle_t(handleAidl)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading Loading @@ -1711,7 +1807,9 @@ Status AudioPolicyService::setAudioPortConfig(const media::AudioPortConfigFw& co binderStatusFromStatusT(AudioValidator::validateAudioPortConfig(config))); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading Loading @@ -1774,7 +1872,9 @@ Status AudioPolicyService::registerPolicyMixes(const std::vector<media::AudioMix // loopback|render only need a MediaProjection (checked in caller AudioService.java) bool needModifyAudioRouting = std::any_of(mixes.begin(), mixes.end(), [](auto& mix) { return !is_mix_loopback_render(mix.mRouteFlags); }); if (needModifyAudioRouting && !modifyAudioRoutingAllowed()) { if (needModifyAudioRouting && !(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading @@ -1790,12 +1890,16 @@ Status AudioPolicyService::registerPolicyMixes(const std::vector<media::AudioMix const AttributionSourceState attributionSource = getCallingAttributionSource(); if (needCaptureMediaOutput && !captureMediaOutputAllowed(attributionSource)) { if (needCaptureMediaOutput && !(audioserver_permissions() ? CHECK_PERM(CAPTURE_MEDIA_OUTPUT, attributionSource.uid) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (needCaptureVoiceCommunicationOutput && !captureVoiceCommunicationOutputAllowed(attributionSource)) { !(audioserver_permissions() ? CHECK_PERM(CAPTURE_VOICE_COMMUNICATION_OUTPUT, attributionSource.uid) : captureVoiceCommunicationOutputAllowed(attributionSource))) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading Loading @@ -1852,7 +1956,9 @@ Status AudioPolicyService::setUidDeviceAffinities( aidl2legacy_AudioDeviceTypeAddress)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1866,7 +1972,9 @@ Status AudioPolicyService::removeUidDeviceAffinities(int32_t uidAidl) { uid_t uid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(uidAidl)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1885,7 +1993,9 @@ Status AudioPolicyService::setUserIdDeviceAffinities( aidl2legacy_AudioDeviceTypeAddress)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1899,7 +2009,9 @@ Status AudioPolicyService::removeUserIdDeviceAffinities(int32_t userIdAidl) { int userId = VALUE_OR_RETURN_BINDER_STATUS(convertReinterpret<int>(userIdAidl)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading Loading @@ -1927,7 +2039,7 @@ Status AudioPolicyService::startAudioSource(const media::AudioPortConfigFw& sour return binderStatusFromStatusT(NO_INIT); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attributes))); RETURN_IF_BINDER_ERROR(validateUsage(attributes)); // startAudioSource should be created as the calling uid const uid_t callingUid = IPCThreadState::self()->getCallingUid(); Loading Loading @@ -1956,7 +2068,9 @@ Status AudioPolicyService::setMasterMono(bool mono) if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } audio_utils::lock_guard _l(mMutex); Loading services/audiopolicy/service/AudioPolicyService.h +2 −2 Original line number Diff line number Diff line Loading @@ -452,8 +452,8 @@ private: app_state_t apmStatFromAmState(int amState); bool isSupportedSystemUsage(audio_usage_t usage); status_t validateUsage(const audio_attributes_t& attr); status_t validateUsage(const audio_attributes_t& attr, binder::Status validateUsage(const audio_attributes_t& attr); binder::Status validateUsage(const audio_attributes_t& attr, const AttributionSourceState& attributionSource); void updateUidStates(); Loading Loading
services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp +164 −50 Original line number Diff line number Diff line Loading @@ -23,6 +23,8 @@ #include <android/content/AttributionSourceState.h> #include <android_media_audiopolicy.h> #include <com_android_media_audio.h> #include <error/expected_utils.h> #include <media/AidlConversion.h> #include <media/AudioPolicy.h> #include <media/AudioValidator.h> Loading @@ -44,13 +46,30 @@ if (!_tmp.isOk()) return _tmp; \ } #define CHECK_PERM(expr1, expr2) \ VALUE_OR_RETURN_STATUS(getPermissionProvider().checkPermission((expr1), (expr2))) #define MAX_ITEMS_PER_LIST 1024 namespace android { namespace audiopolicy_flags = android::media::audiopolicy; using binder::Status; using aidl_utils::binderStatusFromStatusT; using com::android::media::audio::audioserver_permissions; using com::android::media::permission::NativePermissionController; using com::android::media::permission::PermissionEnum::ACCESS_ULTRASOUND; using com::android::media::permission::PermissionEnum::CALL_AUDIO_INTERCEPTION; using com::android::media::permission::PermissionEnum::CAPTURE_AUDIO_HOTWORD; using com::android::media::permission::PermissionEnum::CAPTURE_VOICE_COMMUNICATION_OUTPUT; using com::android::media::permission::PermissionEnum::CAPTURE_AUDIO_OUTPUT; using com::android::media::permission::PermissionEnum::CAPTURE_MEDIA_OUTPUT; using com::android::media::permission::PermissionEnum::CAPTURE_TUNER_AUDIO_INPUT; using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_ROUTING; using com::android::media::permission::PermissionEnum::MODIFY_AUDIO_SETTINGS; using com::android::media::permission::PermissionEnum::MODIFY_DEFAULT_AUDIO_EFFECTS; using com::android::media::permission::PermissionEnum::MODIFY_PHONE_STATE; using com::android::media::permission::PermissionEnum::RECORD_AUDIO; using com::android::media::permission::PermissionEnum::WRITE_SECURE_SETTINGS; using content::AttributionSourceState; using media::audio::common::AudioConfig; using media::audio::common::AudioConfigBase; Loading Loading @@ -86,31 +105,37 @@ bool AudioPolicyService::isSupportedSystemUsage(audio_usage_t usage) { != std::end(mSupportedSystemUsages); } status_t AudioPolicyService::validateUsage(const audio_attributes_t& attr) { Status AudioPolicyService::validateUsage(const audio_attributes_t& attr) { return validateUsage(attr, getCallingAttributionSource()); } status_t AudioPolicyService::validateUsage(const audio_attributes_t& attr, Status AudioPolicyService::validateUsage(const audio_attributes_t& attr, const AttributionSourceState& attributionSource) { if (isSystemUsage(attr.usage)) { if (isSupportedSystemUsage(attr.usage)) { if (attr.usage == AUDIO_USAGE_CALL_ASSISTANT && ((attr.flags & AUDIO_FLAG_CALL_REDIRECTION) != 0)) { if (!callAudioInterceptionAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(CALL_AUDIO_INTERCEPTION, attributionSource.uid) : callAudioInterceptionAllowed(attributionSource))) { ALOGE("%s: call audio interception not allowed for attribution source: %s", __func__, attributionSource.toString().c_str()); return PERMISSION_DENIED; return Status::fromExceptionCode(Status::EX_SECURITY, "Call audio interception not allowed"); } } else if (!modifyAudioRoutingAllowed(attributionSource)) { } else if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, attributionSource.uid) : modifyAudioRoutingAllowed(attributionSource))) { ALOGE("%s: modify audio routing not allowed for attribution source: %s", __func__, attributionSource.toString().c_str()); return PERMISSION_DENIED; return Status::fromExceptionCode(Status::EX_SECURITY, "Modify audio routing not allowed"); } } else { return BAD_VALUE; return Status::fromExceptionCode(Status::EX_ILLEGAL_ARGUMENT); } } return NO_ERROR; return Status::ok(); } Loading @@ -137,7 +162,9 @@ Status AudioPolicyService::setDeviceConnectionState( if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (state != AUDIO_POLICY_DEVICE_STATE_AVAILABLE && Loading Loading @@ -191,7 +218,9 @@ Status AudioPolicyService::handleDeviceConfigChange( if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading @@ -215,7 +244,9 @@ Status AudioPolicyService::setPhoneState(AudioMode stateAidl, int32_t uidAidl) if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(state) >= AUDIO_MODE_CNT) { Loading Loading @@ -265,7 +296,9 @@ Status AudioPolicyService::setForceUse(media::AudioPolicyForceUse usageAidl, return binderStatusFromStatusT(NO_INIT); } if (!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading Loading @@ -355,7 +388,7 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt RETURN_IF_BINDER_ERROR( binderStatusFromStatusT(AudioValidator::validateAudioAttributes(attr, "68953950"))); RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr, attributionSource))); RETURN_IF_BINDER_ERROR(validateUsage(attr, attributionSource)); ALOGV("%s()", __func__); audio_utils::lock_guard _l(mMutex); Loading @@ -364,14 +397,22 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt aidl2legacy_int32_t_uid_t(attributionSource.uid)))) { attr.flags = static_cast<audio_flags_mask_t>(attr.flags | AUDIO_FLAG_NO_MEDIA_PROJECTION); } const bool bypassInterruptionAllowed = audioserver_permissions() ? ( CHECK_PERM(MODIFY_AUDIO_ROUTING, attributionSource.uid) || CHECK_PERM(MODIFY_PHONE_STATE, attributionSource.uid) || CHECK_PERM(WRITE_SECURE_SETTINGS, attributionSource.uid)) : bypassInterruptionPolicyAllowed(attributionSource); if (((attr.flags & (AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE)) != 0) && !bypassInterruptionPolicyAllowed(attributionSource)) { && !bypassInterruptionAllowed) { attr.flags = static_cast<audio_flags_mask_t>( attr.flags & ~(AUDIO_FLAG_BYPASS_INTERRUPTION_POLICY|AUDIO_FLAG_BYPASS_MUTE)); } if (attr.content_type == AUDIO_CONTENT_TYPE_ULTRASOUND) { if (!accessUltrasoundAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(ACCESS_ULTRASOUND, attributionSource.uid) : accessUltrasoundAllowed(attributionSource))) { ALOGE("%s: permission denied: ultrasound not allowed for uid %d pid %d", __func__, attributionSource.uid, attributionSource.pid); return binderStatusFromStatusT(PERMISSION_DENIED); Loading Loading @@ -400,18 +441,24 @@ Status AudioPolicyService::getOutputForAttr(const media::audio::common::AudioAtt break; case AudioPolicyInterface::API_OUTPUT_TELEPHONY_TX: if (((attr.flags & AUDIO_FLAG_CALL_REDIRECTION) != 0) && !callAudioInterceptionAllowed(attributionSource)) { && !(audioserver_permissions() ? CHECK_PERM(CALL_AUDIO_INTERCEPTION, attributionSource.uid) : callAudioInterceptionAllowed(attributionSource))) { ALOGE("%s() permission denied: call redirection not allowed for uid %d", __func__, attributionSource.uid); result = PERMISSION_DENIED; } else if (!modifyPhoneStateAllowed(attributionSource)) { } else if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_PHONE_STATE, attributionSource.uid) : modifyPhoneStateAllowed(attributionSource))) { ALOGE("%s() permission denied: modify phone state not allowed for uid %d", __func__, attributionSource.uid); result = PERMISSION_DENIED; } break; case AudioPolicyInterface::API_OUT_MIX_PLAYBACK: if (!modifyAudioRoutingAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, attributionSource.uid) : modifyAudioRoutingAllowed(attributionSource))) { ALOGE("%s() permission denied: modify audio routing not allowed for uid %d", __func__, attributionSource.uid); result = PERMISSION_DENIED; Loading Loading @@ -630,8 +677,7 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr return binderStatusFromStatusT(BAD_VALUE); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attr, attributionSource))); RETURN_IF_BINDER_ERROR(validateUsage(attr, attributionSource)); uint32_t virtualDeviceId = kDefaultVirtualDeviceId; Loading @@ -644,7 +690,10 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr // type is API_INPUT_MIX_EXT_POLICY_REROUTE and by AudioService if a media projection // is used and input type is API_INPUT_MIX_PUBLIC_CAPTURE_PLAYBACK // - ECHO_REFERENCE source is controlled by captureAudioOutputAllowed() if (!(recordingAllowed(attributionSource, inputSource) const auto isRecordingAllowed = audioserver_permissions() ? CHECK_PERM(RECORD_AUDIO, attributionSource.uid) : recordingAllowed(attributionSource, inputSource); if (!(isRecordingAllowed || inputSource == AUDIO_SOURCE_FM_TUNER || inputSource == AUDIO_SOURCE_REMOTE_SUBMIX || inputSource == AUDIO_SOURCE_ECHO_REFERENCE)) { Loading @@ -653,8 +702,12 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr return binderStatusFromStatusT(PERMISSION_DENIED); } bool canCaptureOutput = captureAudioOutputAllowed(attributionSource); bool canInterceptCallAudio = callAudioInterceptionAllowed(attributionSource); bool canCaptureOutput = audioserver_permissions() ? CHECK_PERM(CAPTURE_AUDIO_OUTPUT, attributionSource.uid) : captureAudioOutputAllowed(attributionSource); bool canInterceptCallAudio = audioserver_permissions() ? CHECK_PERM(CALL_AUDIO_INTERCEPTION, attributionSource.uid) : callAudioInterceptionAllowed(attributionSource); bool isCallAudioSource = inputSource == AUDIO_SOURCE_VOICE_UPLINK || inputSource == AUDIO_SOURCE_VOICE_DOWNLINK || inputSource == AUDIO_SOURCE_VOICE_CALL; Loading @@ -668,11 +721,15 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr } if (inputSource == AUDIO_SOURCE_FM_TUNER && !canCaptureOutput && !captureTunerAudioInputAllowed(attributionSource)) { && !(audioserver_permissions() ? CHECK_PERM(CAPTURE_TUNER_AUDIO_INPUT, attributionSource.uid) : captureTunerAudioInputAllowed(attributionSource))) { return binderStatusFromStatusT(PERMISSION_DENIED); } bool canCaptureHotword = captureHotwordAllowed(attributionSource); bool canCaptureHotword = audioserver_permissions() ? CHECK_PERM(CAPTURE_AUDIO_HOTWORD, attributionSource.uid) : captureHotwordAllowed(attributionSource); if ((inputSource == AUDIO_SOURCE_HOTWORD) && !canCaptureHotword) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading @@ -687,7 +744,9 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr } if (attr.source == AUDIO_SOURCE_ULTRASOUND) { if (!accessUltrasoundAllowed(attributionSource)) { if (!(audioserver_permissions() ? CHECK_PERM(ACCESS_ULTRASOUND, attributionSource.uid) : accessUltrasoundAllowed(attributionSource))) { ALOGE("%s: permission denied: ultrasound not allowed for uid %d pid %d", __func__, attributionSource.uid, attributionSource.pid); return binderStatusFromStatusT(PERMISSION_DENIED); Loading Loading @@ -733,14 +792,29 @@ Status AudioPolicyService::getInputForAttr(const media::audio::common::AudioAttr status = PERMISSION_DENIED; } break; case AudioPolicyInterface::API_INPUT_MIX_EXT_POLICY_REROUTE: if (!(modifyAudioRoutingAllowed(attributionSource) case AudioPolicyInterface::API_INPUT_MIX_EXT_POLICY_REROUTE: { bool modAudioRoutingAllowed; if (audioserver_permissions()) { auto result = getPermissionProvider().checkPermission( MODIFY_AUDIO_ROUTING, attributionSource.uid); if (!result.ok()) { ALOGE("%s permission provider error: %s", __func__, result.error().toString8().c_str()); status = aidl_utils::statusTFromBinderStatus(result.error()); break; } modAudioRoutingAllowed = result.value(); } else { modAudioRoutingAllowed = modifyAudioRoutingAllowed(attributionSource); } if (!(modAudioRoutingAllowed || ((attr.flags & AUDIO_FLAG_CALL_REDIRECTION) != 0 && canInterceptCallAudio))) { ALOGE("%s permission denied for remote submix capture", __func__); status = PERMISSION_DENIED; } break; } case AudioPolicyInterface::API_INPUT_INVALID: default: LOG_ALWAYS_FATAL("%s encountered an invalid input type %d", Loading Loading @@ -1035,7 +1109,9 @@ Status AudioPolicyService::setDeviceAbsoluteVolumeEnabled(const AudioDevice& dev if (mAudioPolicyManager == nullptr) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(streamToDriveAbs) >= AUDIO_STREAM_PUBLIC_CNT) { Loading @@ -1059,7 +1135,9 @@ Status AudioPolicyService::initStreamVolume(AudioStreamType streamAidl, if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(stream) >= AUDIO_STREAM_PUBLIC_CNT) { Loading @@ -1083,7 +1161,9 @@ Status AudioPolicyService::setStreamVolumeIndex(AudioStreamType streamAidl, if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (uint32_t(stream) >= AUDIO_STREAM_PUBLIC_CNT) { Loading Loading @@ -1133,7 +1213,9 @@ Status AudioPolicyService::setVolumeIndexForAttributes( if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } audio_utils::lock_guard _l(mMutex); Loading Loading @@ -1439,7 +1521,9 @@ Status AudioPolicyService::addSourceDefaultEffect(const AudioUuid& typeAidl, sp<AudioPolicyEffects>audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(audioPolicyEffects->addSourceDefaultEffect( Loading @@ -1465,7 +1549,9 @@ Status AudioPolicyService::addStreamDefaultEffect(const AudioUuid& typeAidl, sp<AudioPolicyEffects> audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(audioPolicyEffects->addStreamDefaultEffect( Loading @@ -1480,7 +1566,9 @@ Status AudioPolicyService::removeSourceDefaultEffect(int32_t idAidl) aidl2legacy_int32_t_audio_unique_id_t(idAidl)); sp<AudioPolicyEffects>audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } return binderStatusFromStatusT(audioPolicyEffects->removeSourceDefaultEffect(id)); Loading @@ -1492,7 +1580,9 @@ Status AudioPolicyService::removeStreamDefaultEffect(int32_t idAidl) aidl2legacy_int32_t_audio_unique_id_t(idAidl)); sp<AudioPolicyEffects>audioPolicyEffects; RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(getAudioPolicyEffects(audioPolicyEffects))); if (!modifyDefaultAudioEffectsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_DEFAULT_AUDIO_EFFECTS, IPCThreadState::self()->getCallingUid()) : modifyDefaultAudioEffectsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } return binderStatusFromStatusT(audioPolicyEffects->removeStreamDefaultEffect(id)); Loading @@ -1510,7 +1600,9 @@ Status AudioPolicyService::setSupportedSystemUsages( std::back_inserter(systemUsages), aidl2legacy_AudioUsage_audio_usage_t))); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading Loading @@ -1569,7 +1661,7 @@ Status AudioPolicyService::isDirectOutputSupported( return binderStatusFromStatusT(NO_INIT); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attributes))); RETURN_IF_BINDER_ERROR(validateUsage(attributes)); audio_utils::lock_guard _l(mMutex); *_aidl_return = mAudioPolicyManager->isDirectOutputSupported(config, attributes); Loading Loading @@ -1644,7 +1736,9 @@ Status AudioPolicyService::createAudioPatch(const media::AudioPatchFw& patchAidl RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(AudioValidator::validateAudioPatch(patch))); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1663,7 +1757,9 @@ Status AudioPolicyService::releaseAudioPatch(int32_t handleAidl) audio_patch_handle_t handle = VALUE_OR_RETURN_BINDER_STATUS( aidl2legacy_int32_t_audio_patch_handle_t(handleAidl)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading Loading @@ -1711,7 +1807,9 @@ Status AudioPolicyService::setAudioPortConfig(const media::AudioPortConfigFw& co binderStatusFromStatusT(AudioValidator::validateAudioPortConfig(config))); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading Loading @@ -1774,7 +1872,9 @@ Status AudioPolicyService::registerPolicyMixes(const std::vector<media::AudioMix // loopback|render only need a MediaProjection (checked in caller AudioService.java) bool needModifyAudioRouting = std::any_of(mixes.begin(), mixes.end(), [](auto& mix) { return !is_mix_loopback_render(mix.mRouteFlags); }); if (needModifyAudioRouting && !modifyAudioRoutingAllowed()) { if (needModifyAudioRouting && !(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading @@ -1790,12 +1890,16 @@ Status AudioPolicyService::registerPolicyMixes(const std::vector<media::AudioMix const AttributionSourceState attributionSource = getCallingAttributionSource(); if (needCaptureMediaOutput && !captureMediaOutputAllowed(attributionSource)) { if (needCaptureMediaOutput && !(audioserver_permissions() ? CHECK_PERM(CAPTURE_MEDIA_OUTPUT, attributionSource.uid) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (needCaptureVoiceCommunicationOutput && !captureVoiceCommunicationOutputAllowed(attributionSource)) { !(audioserver_permissions() ? CHECK_PERM(CAPTURE_VOICE_COMMUNICATION_OUTPUT, attributionSource.uid) : captureVoiceCommunicationOutputAllowed(attributionSource))) { return binderStatusFromStatusT(PERMISSION_DENIED); } Loading Loading @@ -1852,7 +1956,9 @@ Status AudioPolicyService::setUidDeviceAffinities( aidl2legacy_AudioDeviceTypeAddress)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1866,7 +1972,9 @@ Status AudioPolicyService::removeUidDeviceAffinities(int32_t uidAidl) { uid_t uid = VALUE_OR_RETURN_BINDER_STATUS(aidl2legacy_int32_t_uid_t(uidAidl)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1885,7 +1993,9 @@ Status AudioPolicyService::setUserIdDeviceAffinities( aidl2legacy_AudioDeviceTypeAddress)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading @@ -1899,7 +2009,9 @@ Status AudioPolicyService::removeUserIdDeviceAffinities(int32_t userIdAidl) { int userId = VALUE_OR_RETURN_BINDER_STATUS(convertReinterpret<int>(userIdAidl)); audio_utils::lock_guard _l(mMutex); if(!modifyAudioRoutingAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_ROUTING, IPCThreadState::self()->getCallingUid()) : modifyAudioRoutingAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } if (mAudioPolicyManager == NULL) { Loading Loading @@ -1927,7 +2039,7 @@ Status AudioPolicyService::startAudioSource(const media::AudioPortConfigFw& sour return binderStatusFromStatusT(NO_INIT); } RETURN_IF_BINDER_ERROR(binderStatusFromStatusT(validateUsage(attributes))); RETURN_IF_BINDER_ERROR(validateUsage(attributes)); // startAudioSource should be created as the calling uid const uid_t callingUid = IPCThreadState::self()->getCallingUid(); Loading Loading @@ -1956,7 +2068,9 @@ Status AudioPolicyService::setMasterMono(bool mono) if (mAudioPolicyManager == NULL) { return binderStatusFromStatusT(NO_INIT); } if (!settingsAllowed()) { if (!(audioserver_permissions() ? CHECK_PERM(MODIFY_AUDIO_SETTINGS, IPCThreadState::self()->getCallingUid()) : settingsAllowed())) { return binderStatusFromStatusT(PERMISSION_DENIED); } audio_utils::lock_guard _l(mMutex); Loading
services/audiopolicy/service/AudioPolicyService.h +2 −2 Original line number Diff line number Diff line Loading @@ -452,8 +452,8 @@ private: app_state_t apmStatFromAmState(int amState); bool isSupportedSystemUsage(audio_usage_t usage); status_t validateUsage(const audio_attributes_t& attr); status_t validateUsage(const audio_attributes_t& attr, binder::Status validateUsage(const audio_attributes_t& attr); binder::Status validateUsage(const audio_attributes_t& attr, const AttributionSourceState& attributionSource); void updateUidStates(); Loading
