Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 393ad6e0 authored by Jayant Chowdhary's avatar Jayant Chowdhary
Browse files

Add SYSTEM_CAMERA capability to camera2 and define @SystemApi SYSTEM_CAMERA permissions. 



In order to access system-only cameras client processes need
SYSTEM_CAMERA permissions in addition to CAMERA permissions. A
permission was preferred over other mechanisms such as having private
connections would need to hard-code the package name(s) of clients using
system only camera devices. A system | signature permission on the other hand,
would make this more flexible and would be better for security.

Bug: 133508924

Test: cts CameraManagerTest, CameraDeviceTest
Test: Give cts test SYSTEM_CAMERA permissions by using
      adoptShellPermissions and run some camera tests.

Change-Id: Ibcd6ccdb231dcca949ed4fb14712d033a5801d36
Signed-off-by: default avatarJayant Chowdhary <jchowdhary@google.com>
parent 90ad227c

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -17073,6 +17073,7 @@ package android.hardware.camera2 { 
    field public static final int REQUEST_AVAILABLE_CAPABILITIES_RAW = 3; // 0x3

    field public static final int REQUEST_AVAILABLE_CAPABILITIES_READ_SENSOR_SETTINGS = 5; // 0x5

    field public static final int REQUEST_AVAILABLE_CAPABILITIES_SECURE_IMAGE_DATA = 13; // 0xd

    field public static final int REQUEST_AVAILABLE_CAPABILITIES_SYSTEM_CAMERA = 14; // 0xe

    field public static final int REQUEST_AVAILABLE_CAPABILITIES_YUV_REPROCESSING = 7; // 0x7

    field public static final int SCALER_CROPPING_TYPE_CENTER_ONLY = 0; // 0x0

    field public static final int SCALER_CROPPING_TYPE_FREEFORM = 1; // 0x1

api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -192,6 +192,7 @@ package android { 
    field public static final String SUBSTITUTE_NOTIFICATION_APP_NAME = "android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME";

    field public static final String SUBSTITUTE_SHARE_TARGET_APP_NAME_AND_ICON = "android.permission.SUBSTITUTE_SHARE_TARGET_APP_NAME_AND_ICON";

    field public static final String SUSPEND_APPS = "android.permission.SUSPEND_APPS";

    field public static final String SYSTEM_CAMERA = "android.permission.SYSTEM_CAMERA";

    field public static final String TETHER_PRIVILEGED = "android.permission.TETHER_PRIVILEGED";

    field public static final String TV_INPUT_HARDWARE = "android.permission.TV_INPUT_HARDWARE";

    field public static final String TV_VIRTUAL_REMOTE_CONTROLLER = "android.permission.TV_VIRTUAL_REMOTE_CONTROLLER";

core/java/android/hardware/camera2/CameraCharacteristics.java

+2 −0
Original line number Diff line number Diff line
@@ -1955,6 +1955,7 @@ public final class CameraCharacteristics extends CameraMetadata<CameraCharacteri 
     *   <li>{@link #REQUEST_AVAILABLE_CAPABILITIES_LOGICAL_MULTI_CAMERA LOGICAL_MULTI_CAMERA}</li>

     *   <li>{@link #REQUEST_AVAILABLE_CAPABILITIES_MONOCHROME MONOCHROME}</li>

     *   <li>{@link #REQUEST_AVAILABLE_CAPABILITIES_SECURE_IMAGE_DATA SECURE_IMAGE_DATA}</li>

     *   <li>{@link #REQUEST_AVAILABLE_CAPABILITIES_SYSTEM_CAMERA SYSTEM_CAMERA}</li>

     * </ul></p>

     * <p>This key is available on all devices.</p>

     *
@@ -1973,6 +1974,7 @@ public final class CameraCharacteristics extends CameraMetadata<CameraCharacteri 
     * @see #REQUEST_AVAILABLE_CAPABILITIES_LOGICAL_MULTI_CAMERA

     * @see #REQUEST_AVAILABLE_CAPABILITIES_MONOCHROME

     * @see #REQUEST_AVAILABLE_CAPABILITIES_SECURE_IMAGE_DATA

     * @see #REQUEST_AVAILABLE_CAPABILITIES_SYSTEM_CAMERA

     */

    @PublicKey

    @NonNull

core/java/android/hardware/camera2/CameraMetadata.java

+8 −0
Original line number Diff line number Diff line
@@ -996,6 +996,14 @@ public abstract class CameraMetadata<TKey> { 
     */

    public static final int REQUEST_AVAILABLE_CAPABILITIES_SECURE_IMAGE_DATA = 13;



    /**

     * <p>The camera device is only accessible by Android's system components and privileged

     * applications. Processes need to have the android.permission.SYSTEM_CAMERA in

     * addition to android.permission.CAMERA in order to connect to this camera device.</p>

     * @see CameraCharacteristics#REQUEST_AVAILABLE_CAPABILITIES

     */

    public static final int REQUEST_AVAILABLE_CAPABILITIES_SYSTEM_CAMERA = 14;



    //

    // Enumeration values for CameraCharacteristics#SCALER_CROPPING_TYPE

    //

core/res/AndroidManifest.xml

+9 −0
Original line number Diff line number Diff line
@@ -1264,6 +1264,15 @@ 
        android:description="@string/permdesc_camera"

        android:protectionLevel="dangerous|instant" />



      <!-- @SystemApi Required in addition to android.permission.CAMERA to be able to access

           system only camera devices.

           <p>Protection level: system|signature

           @hide -->

    <permission android:name="android.permission.SYSTEM_CAMERA"

        android:permissionGroup="android.permission-group.UNDEFINED"

        android:label="@string/permlab_systemCamera"

        android:description="@string/permdesc_systemCamera"

        android:protectionLevel="system|signature" />



    <!-- ====================================================================== -->

    <!-- Permissions for accessing the device sensors                           -->