ServiceUtilities.cpp revision de07e3743ef9c3dfe45864bf941b918147126500
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <binder/AppOpsManager.h> 18#include <binder/IPCThreadState.h> 19#include <binder/IServiceManager.h> 20#include <binder/PermissionCache.h> 21#include "ServiceUtilities.h" 22 23/* When performing permission checks we do not use permission cache for 24 * runtime permissions (protection level dangerous) as they may change at 25 * runtime. All other permissions (protection level normal and dangerous) 26 * can be cached as they never change. Of course all permission checked 27 * here are platform defined. 28 */ 29 30namespace android { 31 32// Not valid until initialized by AudioFlinger constructor. It would have to be 33// re-initialized if the process containing AudioFlinger service forks (which it doesn't). 34pid_t getpid_cached; 35 36bool recordingAllowed(const String16& opPackageName) { 37 // Note: We are getting the UID from the calling IPC thread state because all 38 // clients that perform recording create AudioRecord in their own processes 39 // and the system does not create AudioRecord objects on behalf of apps. This 40 // differs from playback where in some situations the system recreates AudioTrack 41 // instances associated with a client's MediaPlayer on behalf of this client. 42 // In the latter case we have to store the client UID and pass in along for 43 // security checks. 44 45 if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true; 46 static const String16 sRecordAudio("android.permission.RECORD_AUDIO"); 47 48 // IMPORTANT: Don't use PermissionCache - a runtime permission and may change. 49 const bool ok = checkCallingPermission(sRecordAudio); 50 if (!ok) { 51 ALOGE("Request requires android.permission.RECORD_AUDIO"); 52 return false; 53 } 54 55 const uid_t uid = IPCThreadState::self()->getCallingUid(); 56 57 // To permit command-line native tests 58 if (uid == AID_ROOT) return true; 59 60 String16 checkedOpPackageName = opPackageName; 61 62 // In some cases the calling code has no access to the package it runs under. 63 // For example, code using the wilhelm framework's OpenSL-ES APIs. In this 64 // case we will get the packages for the calling UID and pick the first one 65 // for attributing the app op. This will work correctly for runtime permissions 66 // as for legacy apps we will toggle the app op for all packages in the UID. 67 // The caveat is that the operation may be attributed to the wrong package and 68 // stats based on app ops may be slightly off. 69 if (checkedOpPackageName.size() <= 0) { 70 sp<IServiceManager> sm = defaultServiceManager(); 71 sp<IBinder> binder = sm->getService(String16("permission")); 72 if (binder == 0) { 73 ALOGE("Cannot get permission service"); 74 return false; 75 } 76 77 sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder); 78 Vector<String16> packages; 79 80 permCtrl->getPackagesForUid(uid, packages); 81 82 if (packages.isEmpty()) { 83 ALOGE("No packages for calling UID"); 84 return false; 85 } 86 checkedOpPackageName = packages[0]; 87 } 88 89 AppOpsManager appOps; 90 if (appOps.noteOp(AppOpsManager::OP_RECORD_AUDIO, uid, checkedOpPackageName) 91 != AppOpsManager::MODE_ALLOWED) { 92 ALOGE("Request denied by app op OP_RECORD_AUDIO"); 93 return false; 94 } 95 96 return true; 97} 98 99bool captureAudioOutputAllowed() { 100 if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true; 101 static const String16 sCaptureAudioOutput("android.permission.CAPTURE_AUDIO_OUTPUT"); 102 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 103 bool ok = PermissionCache::checkCallingPermission(sCaptureAudioOutput); 104 if (!ok) ALOGE("Request requires android.permission.CAPTURE_AUDIO_OUTPUT"); 105 return ok; 106} 107 108bool captureHotwordAllowed() { 109 static const String16 sCaptureHotwordAllowed("android.permission.CAPTURE_AUDIO_HOTWORD"); 110 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 111 bool ok = PermissionCache::checkCallingPermission(sCaptureHotwordAllowed); 112 if (!ok) ALOGE("android.permission.CAPTURE_AUDIO_HOTWORD"); 113 return ok; 114} 115 116bool settingsAllowed() { 117 if (getpid_cached == IPCThreadState::self()->getCallingPid()) return true; 118 static const String16 sAudioSettings("android.permission.MODIFY_AUDIO_SETTINGS"); 119 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 120 bool ok = PermissionCache::checkCallingPermission(sAudioSettings); 121 if (!ok) ALOGE("Request requires android.permission.MODIFY_AUDIO_SETTINGS"); 122 return ok; 123} 124 125bool modifyAudioRoutingAllowed() { 126 static const String16 sModifyAudioRoutingAllowed("android.permission.MODIFY_AUDIO_ROUTING"); 127 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 128 bool ok = PermissionCache::checkCallingPermission(sModifyAudioRoutingAllowed); 129 if (!ok) ALOGE("android.permission.MODIFY_AUDIO_ROUTING"); 130 return ok; 131} 132 133bool dumpAllowed() { 134 // don't optimize for same pid, since mediaserver never dumps itself 135 static const String16 sDump("android.permission.DUMP"); 136 // IMPORTANT: Use PermissionCache - not a runtime permission and may not change. 137 bool ok = PermissionCache::checkCallingPermission(sDump); 138 // convention is for caller to dump an error message to fd instead of logging here 139 //if (!ok) ALOGE("Request requires android.permission.DUMP"); 140 return ok; 141} 142 143} // namespace android 144