1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #ifndef ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
17 #define ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
18 
19 #include <android/content/AttributionSourceState.h>
20 #include <android/permission/PermissionChecker.h>
21 #include <binder/BinderService.h>
22 #include <private/android_filesystem_config.h>
23 
24 namespace android {
25 
26 class CameraService;
27 
28 using content::AttributionSourceState;
29 using permission::PermissionChecker;
30 
31 /**
32  * Utility class consolidating methods/data for verifying permissions and the identity of the
33  * caller.
34  */
35 class AttributionAndPermissionUtils {
36   public:
AttributionAndPermissionUtils()37     AttributionAndPermissionUtils() { }
~AttributionAndPermissionUtils()38     virtual ~AttributionAndPermissionUtils() {}
39 
setCameraService(wp<CameraService> cameraService)40     void setCameraService(wp<CameraService> cameraService) {
41         mCameraService = cameraService;
42     }
43 
44     // Utilities handling Binder calling identities (previously in CameraThreadState)
45     virtual int getCallingUid();
46     virtual int getCallingPid();
47     virtual int64_t clearCallingIdentity();
48     virtual void restoreCallingIdentity(int64_t token);
49 
50     /**
51      * Pre-grants the permission if the attribution source uid is for an automotive
52      * privileged client. Otherwise uses system service permission checker to check
53      * for the appropriate permission. If this function is called for accessing a specific
54      * camera,then the cameraID must not be empty. CameraId is used only in case of automotive
55      * privileged client so that permission is pre-granted only to access system camera device
56      * which is located outside of the vehicle body frame because camera located inside the vehicle
57      * cabin would need user permission.
58      */
59     virtual bool checkPermissionForPreflight(const std::string &cameraId,
60             const std::string &permission, const AttributionSourceState& attributionSource,
61             const std::string& message, int32_t attributedOpCode);
62 
63     // Can camera service trust the caller based on the calling UID?
64     virtual bool isTrustedCallingUid(uid_t uid);
65 
66     virtual bool isAutomotiveDevice();
67     virtual bool isHeadlessSystemUserMode();
68 
69     /**
70      * Returns true if the client has uid AID_AUTOMOTIVE_EVS and the device is an automotive device.
71      */
72     virtual bool isAutomotivePrivilegedClient(int32_t uid);
73 
74     virtual status_t getUidForPackage(const std::string &packageName, int userId,
75             /*inout*/uid_t& uid, int err);
76     virtual bool isCallerCameraServerNotDelegating();
77 
78     // Utils for checking specific permissions
79     virtual bool hasPermissionsForCamera(const std::string& cameraId,
80             const AttributionSourceState& attributionSource);
81     virtual bool hasPermissionsForSystemCamera(const std::string& cameraId,
82             const AttributionSourceState& attributionSource, bool checkCameraPermissions = true);
83     virtual bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId,
84             const AttributionSourceState& attributionSource);
85     virtual bool hasPermissionsForCameraPrivacyAllowlist(
86             const AttributionSourceState& attributionSource);
87     virtual bool hasPermissionsForOpenCloseListener(
88             const AttributionSourceState& attributionSource);
89 
90     static const std::string sDumpPermission;
91     static const std::string sManageCameraPermission;
92     static const std::string sCameraPermission;
93     static const std::string sSystemCameraPermission;
94     static const std::string sCameraHeadlessSystemUserPermission;
95     static const std::string sCameraPrivacyAllowlistPermission;
96     static const std::string sCameraSendSystemEventsPermission;
97     static const std::string sCameraOpenCloseListenerPermission;
98     static const std::string sCameraInjectExternalCameraPermission;
99 
100   protected:
101     wp<CameraService> mCameraService;
102 
103     bool checkAutomotivePrivilegedClient(const std::string &cameraId,
104             const AttributionSourceState &attributionSource);
105 
106   private:
107     std::unique_ptr<permission::PermissionChecker> mPermissionChecker =
108             std::make_unique<permission::PermissionChecker>();
109 };
110 
111 /**
112  * Class to be inherited by classes encapsulating AttributionAndPermissionUtils. Provides an
113  * additional utility layer above AttributionAndPermissionUtils calls, and avoids verbosity
114  * in the encapsulating class's methods.
115  */
116 class AttributionAndPermissionUtilsEncapsulator {
117 protected:
118     std::shared_ptr<AttributionAndPermissionUtils> mAttributionAndPermissionUtils;
119 
120 public:
AttributionAndPermissionUtilsEncapsulator(std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)121     AttributionAndPermissionUtilsEncapsulator(
122         std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)
123             : mAttributionAndPermissionUtils(attributionAndPermissionUtils) { }
124 
buildAttributionSource(int callingPid,int callingUid)125     static AttributionSourceState buildAttributionSource(int callingPid, int callingUid) {
126         AttributionSourceState attributionSource{};
127         attributionSource.pid = callingPid;
128         attributionSource.uid = callingUid;
129         return attributionSource;
130     }
131 
buildAttributionSource(int callingPid,int callingUid,int32_t deviceId)132     static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
133             int32_t deviceId) {
134         AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid);
135         attributionSource.deviceId = deviceId;
136         return attributionSource;
137     }
138 
buildAttributionSource(int callingPid,int callingUid,const std::string & packageName,int32_t deviceId)139     static AttributionSourceState buildAttributionSource(int callingPid, int callingUid,
140             const std::string& packageName, int32_t deviceId) {
141         AttributionSourceState attributionSource = buildAttributionSource(callingPid, callingUid,
142                 deviceId);
143         attributionSource.packageName = packageName;
144         return attributionSource;
145     }
146 
getCallingUid()147     int getCallingUid() const {
148         return mAttributionAndPermissionUtils->getCallingUid();
149     }
150 
getCallingPid()151     int getCallingPid() const {
152         return mAttributionAndPermissionUtils->getCallingPid();
153     }
154 
clearCallingIdentity()155     int64_t clearCallingIdentity() const {
156         return mAttributionAndPermissionUtils->clearCallingIdentity();
157     }
158 
restoreCallingIdentity(int64_t token)159     void restoreCallingIdentity(int64_t token) const {
160         mAttributionAndPermissionUtils->restoreCallingIdentity(token);
161     }
162 
163     // The word 'System' here does not refer to callers only on the system
164     // partition. They just need to have an android system uid.
callerHasSystemUid()165     bool callerHasSystemUid() const {
166         return (getCallingUid() < AID_APP_START);
167     }
168 
hasPermissionsForCamera(int callingPid,int callingUid,int32_t deviceId)169     bool hasPermissionsForCamera(int callingPid, int callingUid, int32_t deviceId) const {
170         return hasPermissionsForCamera(std::string(), callingPid, callingUid, deviceId);
171     }
172 
hasPermissionsForCamera(int callingPid,int callingUid,const std::string & packageName,int32_t deviceId)173     bool hasPermissionsForCamera(int callingPid, int callingUid,
174             const std::string& packageName, int32_t deviceId) const {
175         return hasPermissionsForCamera(std::string(), callingPid, callingUid, packageName,
176                 deviceId);
177     }
178 
hasPermissionsForCamera(const std::string & cameraId,int callingPid,int callingUid,int32_t deviceId)179     bool hasPermissionsForCamera(const std::string& cameraId, int callingPid,
180             int callingUid, int32_t deviceId) const {
181         auto attributionSource = buildAttributionSource(callingPid, callingUid,
182                 deviceId);
183         return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
184     }
185 
hasPermissionsForCamera(const std::string & cameraId,int callingPid,int callingUid,const std::string & packageName,int32_t deviceId)186     bool hasPermissionsForCamera(const std::string& cameraId, int callingPid, int callingUid,
187             const std::string& packageName, int32_t deviceId) const {
188         auto attributionSource = buildAttributionSource(callingPid, callingUid, packageName,
189                 deviceId);
190         return mAttributionAndPermissionUtils->hasPermissionsForCamera(cameraId, attributionSource);
191     }
192 
193     bool hasPermissionsForSystemCamera(const std::string& cameraId, int callingPid, int callingUid,
194             bool checkCameraPermissions = true) const  {
195         auto attributionSource = buildAttributionSource(callingPid, callingUid);
196         return mAttributionAndPermissionUtils->hasPermissionsForSystemCamera(
197                     cameraId, attributionSource, checkCameraPermissions);
198     }
199 
hasPermissionsForCameraHeadlessSystemUser(const std::string & cameraId,int callingPid,int callingUid)200     bool hasPermissionsForCameraHeadlessSystemUser(const std::string& cameraId, int callingPid,
201             int callingUid) const {
202         auto attributionSource = buildAttributionSource(callingPid, callingUid);
203         return mAttributionAndPermissionUtils->hasPermissionsForCameraHeadlessSystemUser(
204                     cameraId, attributionSource);
205     }
206 
hasPermissionsForCameraPrivacyAllowlist(int callingPid,int callingUid)207     bool hasPermissionsForCameraPrivacyAllowlist(int callingPid, int callingUid) const {
208         auto attributionSource = buildAttributionSource(callingPid, callingUid);
209         return mAttributionAndPermissionUtils->hasPermissionsForCameraPrivacyAllowlist(
210                 attributionSource);
211     }
212 
hasPermissionsForOpenCloseListener(int callingPid,int callingUid)213     bool hasPermissionsForOpenCloseListener(int callingPid, int callingUid) const {
214         auto attributionSource = buildAttributionSource(callingPid, callingUid);
215         return mAttributionAndPermissionUtils->hasPermissionsForOpenCloseListener(
216                 attributionSource);
217     }
218 
isAutomotiveDevice()219     bool isAutomotiveDevice() const {
220         return mAttributionAndPermissionUtils->isAutomotiveDevice();
221     }
222 
isAutomotivePrivilegedClient(int32_t uid)223     bool isAutomotivePrivilegedClient(int32_t uid) const {
224         return mAttributionAndPermissionUtils->isAutomotivePrivilegedClient(uid);
225     }
226 
isTrustedCallingUid(uid_t uid)227     bool isTrustedCallingUid(uid_t uid) const {
228         return mAttributionAndPermissionUtils->isTrustedCallingUid(uid);
229     }
230 
isHeadlessSystemUserMode()231     bool isHeadlessSystemUserMode() const {
232         return mAttributionAndPermissionUtils->isHeadlessSystemUserMode();
233     }
234 
getUidForPackage(const std::string & packageName,int userId,uid_t & uid,int err)235     status_t getUidForPackage(const std::string &packageName, int userId,
236             /*inout*/uid_t& uid, int err) const {
237         return mAttributionAndPermissionUtils->getUidForPackage(packageName, userId, uid, err);
238     }
239 
isCallerCameraServerNotDelegating()240     bool isCallerCameraServerNotDelegating() const {
241         return mAttributionAndPermissionUtils->isCallerCameraServerNotDelegating();
242     }
243 };
244 
245 } // namespace android
246 
247 #endif // ANDROID_SERVERS_CAMERA_ATTRIBUTION_AND_PERMISSION_UTILS_H
248