1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 // #define LOG_NDEBUG 0
18 #define LOG_TAG "TranscodingClientManager"
19 
20 #include <aidl/android/media/BnTranscodingClient.h>
21 #include <aidl/android/media/IMediaTranscodingService.h>
22 #include <android/binder_ibinder.h>
23 #include <android/permission_manager.h>
24 #include <inttypes.h>
25 #include <media/TranscodingClientManager.h>
26 #include <media/TranscodingRequest.h>
27 #include <media/TranscodingUidPolicy.h>
28 #include <private/android_filesystem_config.h>
29 #include <utils/Log.h>
30 #include <utils/String16.h>
31 
32 namespace android {
33 
34 static_assert(sizeof(ClientIdType) == sizeof(void*), "ClientIdType should be pointer-sized");
35 
36 using ::aidl::android::media::BnTranscodingClient;
37 using ::aidl::android::media::IMediaTranscodingService;  // For service error codes
38 using ::aidl::android::media::TranscodingRequestParcel;
39 using ::aidl::android::media::TranscodingSessionParcel;
40 using Status = ::ndk::ScopedAStatus;
41 using ::ndk::SpAIBinder;
42 
43 //static
44 std::atomic<ClientIdType> TranscodingClientManager::sCookieCounter = 0;
45 //static
46 std::mutex TranscodingClientManager::sCookie2ClientLock;
47 //static
48 std::map<ClientIdType, std::shared_ptr<TranscodingClientManager::ClientImpl>>
49         TranscodingClientManager::sCookie2Client;
50 ///////////////////////////////////////////////////////////////////////////////
51 
52 // Convenience methods for constructing binder::Status objects for error returns
53 #define STATUS_ERROR_FMT(errorCode, errorString, ...) \
54     Status::fromServiceSpecificErrorWithMessage(      \
55             errorCode,                                \
56             String8::format("%s:%d: " errorString, __FUNCTION__, __LINE__, ##__VA_ARGS__))
57 
58 /**
59  * ClientImpl implements a single client and contains all its information.
60  */
61 struct TranscodingClientManager::ClientImpl : public BnTranscodingClient {
62     /* The remote client callback that this ClientInfo is associated with.
63      * Once the ClientInfo is created, we hold an SpAIBinder so that the binder
64      * object doesn't get created again, otherwise the binder object pointer
65      * may not be unique.
66      */
67     SpAIBinder mClientBinder;
68     std::shared_ptr<ITranscodingClientCallback> mClientCallback;
69     /* A unique id assigned to the client by the service. This number is used
70      * by the service for indexing. Here we use the binder object's pointer
71      * (casted to int64t_t) as the client id.
72      */
73     ClientIdType mClientId;
74     std::string mClientName;
75     std::string mClientOpPackageName;
76 
77     // Next sessionId to assign.
78     std::atomic<int32_t> mNextSessionId;
79     // Whether this client has been unregistered already.
80     std::atomic<bool> mAbandoned;
81     // Weak pointer to the client manager for this client.
82     std::weak_ptr<TranscodingClientManager> mOwner;
83 
84     ClientImpl(const std::shared_ptr<ITranscodingClientCallback>& callback,
85                const std::string& clientName, const std::string& opPackageName,
86                const std::weak_ptr<TranscodingClientManager>& owner);
87 
88     Status submitRequest(const TranscodingRequestParcel& /*in_request*/,
89                          TranscodingSessionParcel* /*out_session*/,
90                          bool* /*_aidl_return*/) override;
91 
92     Status cancelSession(int32_t /*in_sessionId*/, bool* /*_aidl_return*/) override;
93 
94     Status getSessionWithId(int32_t /*in_sessionId*/, TranscodingSessionParcel* /*out_session*/,
95                             bool* /*_aidl_return*/) override;
96 
97     Status addClientUid(int32_t /*in_sessionId*/, int32_t /*in_clientUid*/,
98                         bool* /*_aidl_return*/) override;
99 
100     Status getClientUids(int32_t /*in_sessionId*/,
101                          std::optional<std::vector<int32_t>>* /*_aidl_return*/) override;
102 
103     Status unregister() override;
104 };
105 
ClientImpl(const std::shared_ptr<ITranscodingClientCallback> & callback,const std::string & clientName,const std::string & opPackageName,const std::weak_ptr<TranscodingClientManager> & owner)106 TranscodingClientManager::ClientImpl::ClientImpl(
107         const std::shared_ptr<ITranscodingClientCallback>& callback, const std::string& clientName,
108         const std::string& opPackageName, const std::weak_ptr<TranscodingClientManager>& owner)
109       : mClientBinder((callback != nullptr) ? callback->asBinder() : nullptr),
110         mClientCallback(callback),
111         mClientId(sCookieCounter.fetch_add(1, std::memory_order_relaxed)),
112         mClientName(clientName),
113         mClientOpPackageName(opPackageName),
114         mNextSessionId(0),
115         mAbandoned(false),
116         mOwner(owner) {}
117 
submitRequest(const TranscodingRequestParcel & in_request,TranscodingSessionParcel * out_session,bool * _aidl_return)118 Status TranscodingClientManager::ClientImpl::submitRequest(
119         const TranscodingRequestParcel& in_request, TranscodingSessionParcel* out_session,
120         bool* _aidl_return) {
121     *_aidl_return = false;
122 
123     std::shared_ptr<TranscodingClientManager> owner;
124     if (mAbandoned || (owner = mOwner.lock()) == nullptr) {
125         return Status::fromServiceSpecificError(IMediaTranscodingService::ERROR_DISCONNECTED);
126     }
127 
128     if (in_request.sourceFilePath.empty() || in_request.destinationFilePath.empty()) {
129         return Status::ok();
130     }
131 
132     int32_t callingPid = AIBinder_getCallingPid();
133     int32_t callingUid = AIBinder_getCallingUid();
134     int32_t in_clientUid = in_request.clientUid;
135     int32_t in_clientPid = in_request.clientPid;
136 
137     // Check if we can trust clientUid. Only privilege caller could forward the
138     // uid on app client's behalf.
139     if (in_clientUid == IMediaTranscodingService::USE_CALLING_UID) {
140         in_clientUid = callingUid;
141     } else if (in_clientUid < 0) {
142         return Status::ok();
143     } else if (in_clientUid != callingUid && !owner->isTrustedCaller(callingPid, callingUid)) {
144         ALOGE("submitRequest rejected (clientPid %d, clientUid %d) "
145               "(don't trust callingUid %d)",
146               in_clientPid, in_clientUid, callingUid);
147         return STATUS_ERROR_FMT(IMediaTranscodingService::ERROR_PERMISSION_DENIED,
148                                 "submitRequest rejected (clientPid %d, clientUid %d) "
149                                 "(don't trust callingUid %d)",
150                                 in_clientPid, in_clientUid, callingUid);
151     }
152 
153     // Check if we can trust clientPid. Only privilege caller could forward the
154     // pid on app client's behalf.
155     if (in_clientPid == IMediaTranscodingService::USE_CALLING_PID) {
156         in_clientPid = callingPid;
157     } else if (in_clientPid < 0) {
158         return Status::ok();
159     } else if (in_clientPid != callingPid && !owner->isTrustedCaller(callingPid, callingUid)) {
160         ALOGE("submitRequest rejected (clientPid %d, clientUid %d) "
161               "(don't trust callingUid %d)",
162               in_clientPid, in_clientUid, callingUid);
163         return STATUS_ERROR_FMT(IMediaTranscodingService::ERROR_PERMISSION_DENIED,
164                                 "submitRequest rejected (clientPid %d, clientUid %d) "
165                                 "(don't trust callingUid %d)",
166                                 in_clientPid, in_clientUid, callingUid);
167     }
168 
169     int32_t sessionId = mNextSessionId.fetch_add(1);
170 
171     *_aidl_return = owner->mSessionController->submit(mClientId, sessionId, callingUid,
172                                                       in_clientUid, in_request, mClientCallback);
173 
174     if (*_aidl_return) {
175         out_session->sessionId = sessionId;
176 
177         // TODO(chz): is some of this coming from SessionController?
178         *(TranscodingRequest*)&out_session->request = in_request;
179         out_session->awaitNumberOfSessions = 0;
180     }
181 
182     return Status::ok();
183 }
184 
cancelSession(int32_t in_sessionId,bool * _aidl_return)185 Status TranscodingClientManager::ClientImpl::cancelSession(int32_t in_sessionId,
186                                                            bool* _aidl_return) {
187     *_aidl_return = false;
188 
189     std::shared_ptr<TranscodingClientManager> owner;
190     if (mAbandoned || (owner = mOwner.lock()) == nullptr) {
191         return Status::fromServiceSpecificError(IMediaTranscodingService::ERROR_DISCONNECTED);
192     }
193 
194     if (in_sessionId < 0) {
195         return Status::ok();
196     }
197 
198     *_aidl_return = owner->mSessionController->cancel(mClientId, in_sessionId);
199     return Status::ok();
200 }
201 
getSessionWithId(int32_t in_sessionId,TranscodingSessionParcel * out_session,bool * _aidl_return)202 Status TranscodingClientManager::ClientImpl::getSessionWithId(int32_t in_sessionId,
203                                                               TranscodingSessionParcel* out_session,
204                                                               bool* _aidl_return) {
205     *_aidl_return = false;
206 
207     std::shared_ptr<TranscodingClientManager> owner;
208     if (mAbandoned || (owner = mOwner.lock()) == nullptr) {
209         return Status::fromServiceSpecificError(IMediaTranscodingService::ERROR_DISCONNECTED);
210     }
211 
212     if (in_sessionId < 0) {
213         return Status::ok();
214     }
215 
216     *_aidl_return =
217             owner->mSessionController->getSession(mClientId, in_sessionId, &out_session->request);
218 
219     if (*_aidl_return) {
220         out_session->sessionId = in_sessionId;
221         out_session->awaitNumberOfSessions = 0;
222     }
223     return Status::ok();
224 }
225 
addClientUid(int32_t in_sessionId,int32_t in_clientUid,bool * _aidl_return)226 Status TranscodingClientManager::ClientImpl::addClientUid(int32_t in_sessionId,
227                                                           int32_t in_clientUid,
228                                                           bool* _aidl_return) {
229     *_aidl_return = false;
230 
231     std::shared_ptr<TranscodingClientManager> owner;
232     if (mAbandoned || (owner = mOwner.lock()) == nullptr) {
233         return Status::fromServiceSpecificError(IMediaTranscodingService::ERROR_DISCONNECTED);
234     }
235 
236     if (in_sessionId < 0) {
237         return Status::ok();
238     }
239 
240     int32_t callingPid = AIBinder_getCallingPid();
241     int32_t callingUid = AIBinder_getCallingUid();
242 
243     // Check if we can trust clientUid. Only privilege caller could add uid to existing sessions.
244     if (in_clientUid == IMediaTranscodingService::USE_CALLING_UID) {
245         in_clientUid = callingUid;
246     } else if (in_clientUid < 0) {
247         return Status::ok();
248     } else if (in_clientUid != callingUid && !owner->isTrustedCaller(callingPid, callingUid)) {
249         ALOGE("addClientUid rejected (clientUid %d) "
250               "(don't trust callingUid %d)",
251               in_clientUid, callingUid);
252         return STATUS_ERROR_FMT(IMediaTranscodingService::ERROR_PERMISSION_DENIED,
253                                 "addClientUid rejected (clientUid %d) "
254                                 "(don't trust callingUid %d)",
255                                 in_clientUid, callingUid);
256     }
257 
258     *_aidl_return = owner->mSessionController->addClientUid(mClientId, in_sessionId, in_clientUid);
259     return Status::ok();
260 }
261 
getClientUids(int32_t in_sessionId,std::optional<std::vector<int32_t>> * _aidl_return)262 Status TranscodingClientManager::ClientImpl::getClientUids(
263         int32_t in_sessionId, std::optional<std::vector<int32_t>>* _aidl_return) {
264     *_aidl_return = std::nullopt;
265 
266     std::shared_ptr<TranscodingClientManager> owner;
267     if (mAbandoned || (owner = mOwner.lock()) == nullptr) {
268         return Status::fromServiceSpecificError(IMediaTranscodingService::ERROR_DISCONNECTED);
269     }
270 
271     if (in_sessionId < 0) {
272         return Status::ok();
273     }
274 
275     std::vector<int32_t> result;
276 
277     if (owner->mSessionController->getClientUids(mClientId, in_sessionId, &result)) {
278         *_aidl_return = result;
279     }
280     return Status::ok();
281 }
282 
unregister()283 Status TranscodingClientManager::ClientImpl::unregister() {
284     bool abandoned = mAbandoned.exchange(true);
285 
286     std::shared_ptr<TranscodingClientManager> owner;
287     if (abandoned || (owner = mOwner.lock()) == nullptr) {
288         return Status::fromServiceSpecificError(IMediaTranscodingService::ERROR_DISCONNECTED);
289     }
290 
291     // Use sessionId == -1 to cancel all realtime sessions for this client with the controller.
292     owner->mSessionController->cancel(mClientId, -1);
293     owner->removeClient(mClientId);
294 
295     return Status::ok();
296 }
297 
298 ///////////////////////////////////////////////////////////////////////////////
299 
300 // static
BinderDiedCallback(void * cookie)301 void TranscodingClientManager::BinderDiedCallback(void* cookie) {
302     ClientIdType clientId = reinterpret_cast<ClientIdType>(cookie);
303 
304     ALOGD("Client %lld is dead", (long long)clientId);
305 
306     std::shared_ptr<ClientImpl> client;
307 
308     {
309         std::scoped_lock lock{sCookie2ClientLock};
310 
311         auto it = sCookie2Client.find(clientId);
312         if (it != sCookie2Client.end()) {
313             client = it->second;
314         }
315     }
316 
317     if (client != nullptr) {
318         client->unregister();
319     }
320 }
321 
TranscodingClientManager(const std::shared_ptr<ControllerClientInterface> & controller)322 TranscodingClientManager::TranscodingClientManager(
323         const std::shared_ptr<ControllerClientInterface>& controller)
324       : mDeathRecipient(AIBinder_DeathRecipient_new(BinderDiedCallback)),
325         mSessionController(controller) {
326     ALOGD("TranscodingClientManager started");
327     for (uid_t uid : {AID_ROOT, AID_SYSTEM, AID_SHELL, AID_MEDIA}) {
328         mTrustedUids.insert(uid);
329     }
330 }
331 
~TranscodingClientManager()332 TranscodingClientManager::~TranscodingClientManager() {
333     ALOGD("TranscodingClientManager exited");
334 }
335 
dumpAllClients(int fd,const Vector<String16> & args __unused)336 void TranscodingClientManager::dumpAllClients(int fd, const Vector<String16>& args __unused) {
337     String8 result;
338 
339     const size_t SIZE = 256;
340     char buffer[SIZE];
341     std::scoped_lock lock{mLock};
342 
343     if (mClientIdToClientMap.size() > 0) {
344         snprintf(buffer, SIZE, "\n========== Dumping all clients =========\n");
345         result.append(buffer);
346     }
347 
348     snprintf(buffer, SIZE, "  Total num of Clients: %zu\n", mClientIdToClientMap.size());
349     result.append(buffer);
350 
351     for (const auto& iter : mClientIdToClientMap) {
352         snprintf(buffer, SIZE, "    Client %lld:  pkg: %s\n", (long long)iter.first,
353                  iter.second->mClientName.c_str());
354         result.append(buffer);
355     }
356 
357     write(fd, result.c_str(), result.size());
358 }
359 
isTrustedCaller(pid_t pid,uid_t uid)360 bool TranscodingClientManager::isTrustedCaller(pid_t pid, uid_t uid) {
361     if (uid > 0 && mTrustedUids.count(uid) > 0) {
362         return true;
363     }
364 
365     int32_t result;
366     if (__builtin_available(android __TRANSCODING_MIN_API__, *)) {
367         if (APermissionManager_checkPermission("android.permission.WRITE_MEDIA_STORAGE", pid, uid,
368                                                &result) == PERMISSION_MANAGER_STATUS_OK &&
369             result == PERMISSION_MANAGER_PERMISSION_GRANTED) {
370             mTrustedUids.insert(uid);
371             return true;
372         }
373     }
374 
375     return false;
376 }
377 
addClient(const std::shared_ptr<ITranscodingClientCallback> & callback,const std::string & clientName,const std::string & opPackageName,std::shared_ptr<ITranscodingClient> * outClient)378 status_t TranscodingClientManager::addClient(
379         const std::shared_ptr<ITranscodingClientCallback>& callback, const std::string& clientName,
380         const std::string& opPackageName, std::shared_ptr<ITranscodingClient>* outClient) {
381     int32_t callingPid = AIBinder_getCallingPid();
382     int32_t callingUid = AIBinder_getCallingUid();
383 
384     // Check if client has the permission
385     if (!isTrustedCaller(callingPid, callingUid)) {
386         ALOGE("addClient rejected (clientPid %d, clientUid %d)", callingPid, callingUid);
387         return IMediaTranscodingService::ERROR_PERMISSION_DENIED;
388     }
389 
390     // Validate the client.
391     if (callback == nullptr || clientName.empty() || opPackageName.empty()) {
392         ALOGE("Invalid client");
393         return IMediaTranscodingService::ERROR_ILLEGAL_ARGUMENT;
394     }
395 
396     SpAIBinder binder = callback->asBinder();
397 
398     std::scoped_lock lock{mLock};
399 
400     // Checks if the client already registers.
401     if (mRegisteredCallbacks.count((uintptr_t)binder.get()) > 0) {
402         return IMediaTranscodingService::ERROR_ALREADY_EXISTS;
403     }
404 
405     // Creates the client (with the id assigned by ClientImpl).
406     std::shared_ptr<ClientImpl> client = ::ndk::SharedRefBase::make<ClientImpl>(
407             callback, clientName, opPackageName, shared_from_this());
408 
409     ALOGD("Adding client id %lld, name %s, package %s", (long long)client->mClientId,
410           client->mClientName.c_str(), client->mClientOpPackageName.c_str());
411 
412     {
413         std::scoped_lock lock{sCookie2ClientLock};
414         sCookie2Client.emplace(std::make_pair(client->mClientId, client));
415     }
416 
417     AIBinder_linkToDeath(binder.get(), mDeathRecipient.get(),
418                          reinterpret_cast<void*>(client->mClientId));
419 
420     // Adds the new client to the map.
421     mRegisteredCallbacks.insert((uintptr_t)binder.get());
422     mClientIdToClientMap[client->mClientId] = client;
423 
424     *outClient = client;
425 
426     return OK;
427 }
428 
removeClient(ClientIdType clientId)429 status_t TranscodingClientManager::removeClient(ClientIdType clientId) {
430     ALOGD("Removing client id %lld", (long long)clientId);
431     std::scoped_lock lock{mLock};
432 
433     // Checks if the client is valid.
434     auto it = mClientIdToClientMap.find(clientId);
435     if (it == mClientIdToClientMap.end()) {
436         ALOGE("Client id %lld does not exist", (long long)clientId);
437         return IMediaTranscodingService::ERROR_INVALID_OPERATION;
438     }
439 
440     SpAIBinder binder = it->second->mClientBinder;
441 
442     // Check if the client still live. If alive, unlink the death.
443     if (binder.get() != nullptr) {
444         AIBinder_unlinkToDeath(binder.get(), mDeathRecipient.get(),
445                                reinterpret_cast<void*>(it->second->mClientId));
446     }
447 
448     {
449         std::scoped_lock lock{sCookie2ClientLock};
450         sCookie2Client.erase(it->second->mClientId);
451     }
452 
453     // Erase the entry.
454     mClientIdToClientMap.erase(it);
455     mRegisteredCallbacks.erase((uintptr_t)binder.get());
456 
457     return OK;
458 }
459 
getNumOfClients() const460 size_t TranscodingClientManager::getNumOfClients() const {
461     std::scoped_lock lock{mLock};
462     return mClientIdToClientMap.size();
463 }
464 
465 }  // namespace android
466