Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abc5716a authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Use correct calling identity during camera permission check"

parents ad526311 f7824ac7
Loading
Loading
Loading
Loading
+2 −2
Original line number Original line Diff line number Diff line
@@ -488,7 +488,7 @@ public class UsbHostManager {
     *  Opens the specified USB device
     *  Opens the specified USB device
     */
     */
    public ParcelFileDescriptor openDevice(String deviceAddress,
    public ParcelFileDescriptor openDevice(String deviceAddress,
            UsbUserPermissionManager permissions, String packageName, int uid) {
            UsbUserPermissionManager permissions, String packageName, int pid, int uid) {
        synchronized (mLock) {
        synchronized (mLock) {
            if (isBlackListed(deviceAddress)) {
            if (isBlackListed(deviceAddress)) {
                throw new SecurityException("USB device is on a restricted bus");
                throw new SecurityException("USB device is on a restricted bus");
@@ -500,7 +500,7 @@ public class UsbHostManager {
                        "device " + deviceAddress + " does not exist or is restricted");
                        "device " + deviceAddress + " does not exist or is restricted");
            }
            }


            permissions.checkPermission(device, packageName, uid);
            permissions.checkPermission(device, packageName, pid, uid);
            return nativeOpenDevice(deviceAddress);
            return nativeOpenDevice(deviceAddress);
        }
        }
    }
    }
+1 −1
Original line number Original line Diff line number Diff line
@@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub {
                        int userId = UserHandle.getUserId(uid);
                        int userId = UserHandle.getUserId(uid);
                        if (mDevice instanceof UsbDevice) {
                        if (mDevice instanceof UsbDevice) {
                            mPermissionManager.getPermissionsForUser(userId)
                            mPermissionManager.getPermissionsForUser(userId)
                                    .checkPermission((UsbDevice) mDevice, packageName, uid);
                                    .checkPermission((UsbDevice) mDevice, packageName, pid, uid);
                        } else {
                        } else {
                            mPermissionManager.getPermissionsForUser(userId)
                            mPermissionManager.getPermissionsForUser(userId)
                                    .checkPermission((UsbAccessory) mDevice, uid);
                                    .checkPermission((UsbAccessory) mDevice, uid);
+6 −3
Original line number Original line Diff line number Diff line
@@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub {
        if (mHostManager != null) {
        if (mHostManager != null) {
            if (deviceName != null) {
            if (deviceName != null) {
                int uid = Binder.getCallingUid();
                int uid = Binder.getCallingUid();
                int pid = Binder.getCallingPid();
                int user = UserHandle.getUserId(uid);
                int user = UserHandle.getUserId(uid);


                long ident = clearCallingIdentity();
                long ident = clearCallingIdentity();
@@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub {
                    synchronized (mLock) {
                    synchronized (mLock) {
                        if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) {
                        if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) {
                            fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user),
                            fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user),
                                    packageName, uid);
                                    packageName, pid, uid);
                        } else {
                        } else {
                            Slog.w(TAG, "Cannot open " + deviceName + " for user " + user
                            Slog.w(TAG, "Cannot open " + deviceName + " for user " + user
                                    + " as user is not active.");
                                    + " as user is not active.");
@@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub {
    @Override
    @Override
    public boolean hasDevicePermission(UsbDevice device, String packageName) {
    public boolean hasDevicePermission(UsbDevice device, String packageName) {
        final int uid = Binder.getCallingUid();
        final int uid = Binder.getCallingUid();
        final int pid = Binder.getCallingPid();
        final int userId = UserHandle.getUserId(uid);
        final int userId = UserHandle.getUserId(uid);


        final long token = Binder.clearCallingIdentity();
        final long token = Binder.clearCallingIdentity();
        try {
        try {
            return getPermissionsForUser(userId).hasPermission(device, packageName, uid);
            return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid);
        } finally {
        } finally {
            Binder.restoreCallingIdentity(token);
            Binder.restoreCallingIdentity(token);
        }
        }
@@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub {
    @Override
    @Override
    public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) {
    public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) {
        final int uid = Binder.getCallingUid();
        final int uid = Binder.getCallingUid();
        final int pid = Binder.getCallingPid();
        final int userId = UserHandle.getUserId(uid);
        final int userId = UserHandle.getUserId(uid);


        final long token = Binder.clearCallingIdentity();
        final long token = Binder.clearCallingIdentity();
        try {
        try {
            getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid);
            getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid);
        } finally {
        } finally {
            Binder.restoreCallingIdentity(token);
            Binder.restoreCallingIdentity(token);
        }
        }
+13 −9
Original line number Original line Diff line number Diff line
@@ -186,12 +186,14 @@ class UsbUserPermissionManager {
     * Returns true if package with uid has permission to access the device.
     * Returns true if package with uid has permission to access the device.
     *
     *
     * @param device to check permission for
     * @param device to check permission for
     * @param pid to check permission for
     * @param uid to check permission for
     * @param uid to check permission for
     * @return {@code true} if package with uid has permission
     * @return {@code true} if package with uid has permission
     */
     */
    boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) {
    boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid,
            int uid) {
        if (isCameraDevicePresent(device)) {
        if (isCameraDevicePresent(device)) {
            if (!isCameraPermissionGranted(packageName, uid)) {
            if (!isCameraPermissionGranted(packageName, pid, uid)) {
                return false;
                return false;
            }
            }
        }
        }
@@ -615,10 +617,11 @@ class UsbUserPermissionManager {
     * Check for camera permission of the calling process.
     * Check for camera permission of the calling process.
     *
     *
     * @param packageName Package name of the caller.
     * @param packageName Package name of the caller.
     * @param pid         Linux pid of the calling process.
     * @param uid         Linux uid of the calling process.
     * @param uid         Linux uid of the calling process.
     * @return True in case camera permission is available, False otherwise.
     * @return True in case camera permission is available, False otherwise.
     */
     */
    private boolean isCameraPermissionGranted(String packageName, int uid) {
    private boolean isCameraPermissionGranted(String packageName, int pid, int uid) {
        int targetSdkVersion = android.os.Build.VERSION_CODES.P;
        int targetSdkVersion = android.os.Build.VERSION_CODES.P;
        try {
        try {
            ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0);
            ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0);
@@ -634,7 +637,7 @@ class UsbUserPermissionManager {
        }
        }


        if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) {
        if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) {
            int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA);
            int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid);
            if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) {
            if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) {
                Slog.i(TAG, "Camera permission required for USB video class devices");
                Slog.i(TAG, "Camera permission required for USB video class devices");
                return false;
                return false;
@@ -644,8 +647,8 @@ class UsbUserPermissionManager {
        return true;
        return true;
    }
    }


    public void checkPermission(UsbDevice device, String packageName, int uid) {
    public void checkPermission(UsbDevice device, String packageName, int pid, int uid) {
        if (!hasPermission(device, packageName, uid)) {
        if (!hasPermission(device, packageName, pid, uid)) {
            throw new SecurityException("User has not given " + uid + "/" + packageName
            throw new SecurityException("User has not given " + uid + "/" + packageName
                    + " permission to access device " + device.getDeviceName());
                    + " permission to access device " + device.getDeviceName());
        }
        }
@@ -678,11 +681,12 @@ class UsbUserPermissionManager {
        requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi);
        requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi);
    }
    }


    public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) {
    public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid,
            int uid) {
        Intent intent = new Intent();
        Intent intent = new Intent();


        // respond immediately if permission has already been granted
        // respond immediately if permission has already been granted
        if (hasPermission(device, packageName, uid)) {
        if (hasPermission(device, packageName, pid, uid)) {
            intent.putExtra(UsbManager.EXTRA_DEVICE, device);
            intent.putExtra(UsbManager.EXTRA_DEVICE, device);
            intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true);
            intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true);
            try {
            try {
@@ -693,7 +697,7 @@ class UsbUserPermissionManager {
            return;
            return;
        }
        }
        if (isCameraDevicePresent(device)) {
        if (isCameraDevicePresent(device)) {
            if (!isCameraPermissionGranted(packageName, uid)) {
            if (!isCameraPermissionGranted(packageName, pid, uid)) {
                intent.putExtra(UsbManager.EXTRA_DEVICE, device);
                intent.putExtra(UsbManager.EXTRA_DEVICE, device);
                intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false);
                intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false);
                try {
                try {