Gitiles
Code Review Sign In
gerrit.witaqua.org / frameworks_av / 236944363488554ff497999a844035c1300f94f2
commit236944363488554ff497999a844035c1300f94f2[log] [tgz]
authorAustin Borger <borgera@google.com>Mon Oct 07 19:28:01 2024 -0700
committerAustin Borger <borgera@google.com>Tue Oct 15 16:57:43 2024 -0700
treef3bbc413fd870c6c39efe7bce005ca3cf28c7996
parentaa7d9130c7dc22f3975d4846101fddcd6d1fb140 [diff]
Pass full context AttributionSource to permission checker during connect

Prior to this change, the root AttributionSource uid/pid/packageName were
passed through to validateClientPermissionsLocked and checkPermissionForPreflight
This means that subsequent AttributionSources in the chain were not checked.

This change plumbs the full AttributionSource to permission checker for the
purposes of opening a camera connection. If any app in the chain does not have
permissions, then the connect attempt will be blocked.

Bug: 190657833
Bug: 369841571
Test: CtsSecurityTestCases:CameraPermissionTest, VDM tests
Flag: com.android.internal.camera.flags.check_full_attribution_source_chain
Change-Id: I43d0e59e984131639833dc7c2f2013aabedf510e
5 files changed
tree: f3bbc413fd870c6c39efe7bce005ca3cf28c7996
  1. aidl/
  2. aidl_api/
  3. apex/
  4. camera/
  5. cmds/
  6. drm/
  7. include/
  8. media/
  9. services/
  10. tools/
  11. .clang-format
  12. Android.bp
  13. CleanSpec.mk
  14. MainlineFiles.cfg
  15. METADATA
  16. MODULE_LICENSE_APACHE2
  17. NOTICE
  18. OWNERS
  19. PREUPLOAD.cfg