1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <binder/AppOpsManager.h> 18#include <binder/IPCThreadState.h> 19#include <binder/IServiceManager.h> 20#include <binder/PermissionCache.h> 21#include <private/android_filesystem_config.h> 22#include "ServiceUtilities.h" 23 24/* When performing permission checks we do not use permission cache for 25 * runtime permissions (protection level dangerous) as they may change at 26 * runtime. All other permissions (protection level normal and dangerous) 27 * can be cached as they never change. Of course all permission checked 28 * here are platform defined. 29 */ 30 31namespace android { 32 33// Not valid until initialized by AudioFlinger constructor. It would have to be 34// re-initialized if the process containing AudioFlinger service forks (which it doesn't). 35// This is often used to validate binder interface calls within audioserver 36// (e.g. AudioPolicyManager to AudioFlinger). 37pid_t getpid_cached; 38 39// A trusted calling UID may specify the client UID as part of a binder interface call. 40// otherwise the calling UID must be equal to the client UID. 41bool isTrustedCallingUid(uid_t uid) { 42 switch (uid) { 43 case AID_MEDIA: 44 case AID_AUDIOSERVER: 45 return true; 46 default: 47 return false; 48 } 49} 50 51bool recordingAllowed(const String16& opPackageName, pid_t pid, uid_t uid) { 52 // we're always OK. 53 if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true; 54 55 static const String16 sRecordAudio("android.permission.RECORD_AUDIO"); 56 57 // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder) 58 // may open a record track on behalf of a client. Note that pid may be a tid. 59 // IMPORTANT: Don't use PermissionCache - a runtime permission and may change. 60 const bool ok = checkPermission(sRecordAudio, pid, uid); 61 if (!ok) { 62 ALOGE("Request requires android.permission.RECORD_AUDIO"); 63 return false; 64 } 65 66 // To permit command-line native tests 67 if (uid == AID_ROOT) return true; 68 69 String16 checkedOpPackageName = opPackageName; 70 71 // In some cases the calling code has no access to the package it runs under. 72 // For example, code using the wilhelm framework's OpenSL-ES APIs. In this 73 // case we will get the packages for the calling UID and pick the first one 74 // for attributing the app op. This will work correctly for runtime permissions 75 // as for legacy apps we will toggle the app op for all packages in the UID. 76 // The caveat is that the operation may be attributed to the wrong package and 77 // stats based on app ops may be slightly off. 78 if (checkedOpPackageName.size() <= 0) { 79 sp<IServiceManager> sm = defaultServiceManager(); 80 sp<IBinder> binder = sm->getService(String16("permission")); 81 if (binder == 0) { 82 ALOGE("Cannot get permission service"); 83 return false; 84 } 85 86 sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder); 87 Vector<String16> packages; 88 89 permCtrl->getPackagesForUid(uid, packages); 90 91 if (packages.isEmpty()) { 92 ALOGE("No packages for calling UID"); 93 return false; 94 } 95 checkedOpPackageName = packages[0]; 96 } 97 98 AppOpsManager appOps; 99 if (appOps.noteOp(AppOpsManager::OP_RECORD_AUDIO, uid, checkedOpPackageName) 100 != AppOpsManager::MODE_ALLOWED) { 101 ALOGE("Request denied by app op OP_RECORD_AUDIO"); 102 return false; 103 } 104 105 return true; 106} 107 108bool captureAudioOutputAllowed(pid_t pid, uid_t uid) { 109 if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true; 110 static const String16 sCaptureAudioOutput("android.permission.CAPTURE_AUDIO_OUTPUT"); 111 bool ok = checkPermission(sCaptureAudioOutput, pid, uid); 112 if (!ok) ALOGE("Request requires android.permission.CAPTURE_AUDIO_OUTPUT"); 113 return ok; 114} 115 116bool captureHotwordAllowed() { 117 static const String16 sCaptureHotwordAllowed("android.permission.CAPTURE_AUDIO_HOTWORD"); 118 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 119 bool ok = PermissionCache::checkCallingPermission(sCaptureHotwordAllowed); 120 if (!ok) ALOGE("android.permission.CAPTURE_AUDIO_HOTWORD"); 121 return ok; 122} 123 124bool settingsAllowed() { 125 if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true; 126 static const String16 sAudioSettings("android.permission.MODIFY_AUDIO_SETTINGS"); 127 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 128 bool ok = PermissionCache::checkCallingPermission(sAudioSettings); 129 if (!ok) ALOGE("Request requires android.permission.MODIFY_AUDIO_SETTINGS"); 130 return ok; 131} 132 133bool modifyAudioRoutingAllowed() { 134 static const String16 sModifyAudioRoutingAllowed("android.permission.MODIFY_AUDIO_ROUTING"); 135 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 136 bool ok = PermissionCache::checkCallingPermission(sModifyAudioRoutingAllowed); 137 if (!ok) ALOGE("android.permission.MODIFY_AUDIO_ROUTING"); 138 return ok; 139} 140 141bool dumpAllowed() { 142 // don't optimize for same pid, since mediaserver never dumps itself 143 static const String16 sDump("android.permission.DUMP"); 144 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 145 bool ok = PermissionCache::checkCallingPermission(sDump); 146 // convention is for caller to dump an error message to fd instead of logging here 147 //if (!ok) ALOGE("Request requires android.permission.DUMP"); 148 return ok; 149} 150 151} // namespace android 152