Merge "Limit access to head tracker sensor" into tm-dev am: 984f01a4a5 (251c07cf) · Commits · e / os / platform_frameworks_native

include/android/sensor.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -267,7 +267,8 @@ enum {
		* {@link ASENSOR_TYPE_HEAD_TRACKER}
		* reporting-mode: continuous
		*
		* Measures the orientation and rotational velocity of a user's head.
		* Measures the orientation and rotational velocity of a user's head. Only for internal use
		* within the Android system.
		*/
		ASENSOR_TYPE_HEAD_TRACKER = 37,
		/**

services/sensorservice/SensorDirectConnection.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -157,7 +157,7 @@ int32_t SensorService::SensorDirectConnection::configureChannel(int handle, int
		}

		const Sensor& s = si->getSensor();
		if (!SensorService::canAccessSensor(s, "config direct channel", mOpPackageName)) {
		if (!mService->canAccessSensor(s, "config direct channel", mOpPackageName)) {
		return PERMISSION_DENIED;
		}

services/sensorservice/SensorEventConnection.cpp

+2 −1

Original line number	Diff line number	Diff line
		@@ -162,7 +162,8 @@ bool SensorService::SensorEventConnection::addSensor(int32_t handle) {
		Mutex::Autolock _l(mConnectionLock);
		sp<SensorInterface> si = mService->getSensorInterfaceFromHandle(handle);
		if (si == nullptr \|\|
		!canAccessSensor(si->getSensor(), "Add to SensorEventConnection: ", mOpPackageName) \|\|
		!mService->canAccessSensor(si->getSensor(), "Add to SensorEventConnection: ",
		mOpPackageName) \|\|
		mSensorInfo.count(handle) > 0) {
		return false;
		}

services/sensorservice/SensorService.cpp

+23 −3

Original line number	Diff line number	Diff line
		@@ -814,6 +814,12 @@ status_t SensorService::shellCommand(int in, int out, int err, Vector<String16>&
		return handleResetUidState(args, err);
		} else if (args[0] == String16("get-uid-state")) {
		return handleGetUidState(args, out, err);
		} else if (args[0] == String16("unrestrict-ht")) {
		mHtRestricted = false;
		return NO_ERROR;
		} else if (args[0] == String16("restrict-ht")) {
		mHtRestricted = true;
		return NO_ERROR;
		} else if (args.size() == 1 && args[0] == String16("help")) {
		printHelp(out);
		return NO_ERROR;
		@@ -1338,11 +1344,11 @@ Vector<Sensor> SensorService::getSensorList(const String16& opPackageName) {
		Vector<Sensor> SensorService::getDynamicSensorList(const String16& opPackageName) {
		Vector<Sensor> accessibleSensorList;
		mSensors.forEachSensor(
		[&opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
		[this, &opPackageName, &accessibleSensorList] (const Sensor& sensor) -> bool {
		if (sensor.isDynamicSensor()) {
		if (canAccessSensor(sensor, "getDynamicSensorList", opPackageName)) {
		if (canAccessSensor(sensor, "can't see", opPackageName)) {
		accessibleSensorList.add(sensor);
		} else {
		} else if (sensor.getType() != SENSOR_TYPE_HEAD_TRACKER) {
		ALOGI("Skipped sensor %s because it requires permission %s and app op %" PRId32,
		sensor.getName().string(),
		sensor.getRequiredPermission().string(),
		@@ -1989,6 +1995,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,

		bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
		const String16& opPackageName) {
		// Special case for Head Tracker sensor type: currently restricted to system usage only, unless
		// the restriction is specially lifted for testing
		if (sensor.getType() == SENSOR_TYPE_HEAD_TRACKER &&
		!isAudioServerOrSystemServerUid(IPCThreadState::self()->getCallingUid())) {
		if (!mHtRestricted) {
		ALOGI("Permitting access to HT sensor type outside system (%s)",
		String8(opPackageName).string());
		} else {
		ALOGW("%s %s a sensor (%s) as a non-system client", String8(opPackageName).string(),
		operation, sensor.getName().string());
		return false;
		}
		}

		// Check if a permission is required for this sensor
		if (sensor.getRequiredPermission().length() <= 0) {
		return true;

services/sensorservice/SensorService.h

+5 −1

Original line number	Diff line number	Diff line
		@@ -373,7 +373,7 @@ private:
		status_t cleanupWithoutDisableLocked(const sp<SensorEventConnection>& connection, int handle);
		void cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
		sensors_event_t const* buffer, const int count);
		static bool canAccessSensor(const Sensor& sensor, const char* operation,
		bool canAccessSensor(const Sensor& sensor, const char* operation,
		const String16& opPackageName);
		static bool hasPermissionForSensor(const Sensor& sensor);
		static int getTargetSdkVersion(const String16& opPackageName);
		@@ -492,6 +492,10 @@ private:
		std::unordered_map<int, SensorServiceUtil::RecentEventLogger*> mRecentEvent;
		Mode mCurrentOperatingMode;

		// true if the head tracker sensor type is currently restricted to system usage only
		// (can only be unrestricted for testing, via shell cmd)
		bool mHtRestricted = true;

		// This packagaName is set when SensorService is in RESTRICTED or DATA_INJECTION mode. Only
		// applications with this packageName are allowed to activate/deactivate or call flush on
		// sensors. To run CTS this is can be set to ".cts." and only CTS tests will get access to