Use correct calling identity during camera permission check

UVC clients need to acquire the CAMERA permission before trying to call open. The permission check is currently done via calls to "checkCallingPermission". In case the calling identity gets cleared, the check will always fail. To resolve this, use "checkPermission" with appropriate identity arguments. Bug: 144433314 Test: Manual using application, CtsVerifier USB Device test Change-Id: I5318fbb4426bec1448ecc398c86ea96500bb3189
author: Emilian Peev <epeev@google.com> 2019-11-13 11:55:32 -0800
committer: Emilian Peev <epeev@google.com> 2019-11-13 14:16:12 -0800
commit: f7824ac70d3f6d731576b1d7d6172eb3a9ea0921 (patch)
tree: 5e750ce1ee38592ced08ccc8d70255799c66accf /services/usb
parent: bc7671b9fbb36963b71d6e505b0db6c769df0225 (diff)
4 files changed, 22 insertions, 15 deletions
diff --git a/services/usb/java/com/android/server/usb/UsbHostManager.java b/services/usb/java/com/android/server/usb/UsbHostManager.java
index 047fcecd5a5b..9967bebf20b8 100644
--- a/services/usb/java/com/android/server/usb/UsbHostManager.java
+++ b/services/usb/java/com/android/server/usb/UsbHostManager.java
@@ -488,7 +488,7 @@ public class UsbHostManager {
      *  Opens the specified USB device
      */
     public ParcelFileDescriptor openDevice(String deviceAddress,
-            UsbUserPermissionManager permissions, String packageName, int uid) {
+            UsbUserPermissionManager permissions, String packageName, int pid, int uid) {
         synchronized (mLock) {
             if (isBlackListed(deviceAddress)) {
                 throw new SecurityException("USB device is on a restricted bus");
@@ -500,7 +500,7 @@ public class UsbHostManager {
                         "device " + deviceAddress + " does not exist or is restricted");
             }
 
-            permissions.checkPermission(device, packageName, uid);
+            permissions.checkPermission(device, packageName, pid, uid);
             return nativeOpenDevice(deviceAddress);
         }
     }
diff --git a/services/usb/java/com/android/server/usb/UsbSerialReader.java b/services/usb/java/com/android/server/usb/UsbSerialReader.java
index 3151679eb545..86016bb6036f 100644
--- a/services/usb/java/com/android/server/usb/UsbSerialReader.java
+++ b/services/usb/java/com/android/server/usb/UsbSerialReader.java
@@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub {
                         int userId = UserHandle.getUserId(uid);
                         if (mDevice instanceof UsbDevice) {
                             mPermissionManager.getPermissionsForUser(userId)
-                                    .checkPermission((UsbDevice) mDevice, packageName, uid);
+                                    .checkPermission((UsbDevice) mDevice, packageName, pid, uid);
                         } else {
                             mPermissionManager.getPermissionsForUser(userId)
                                     .checkPermission((UsbAccessory) mDevice, uid);
diff --git a/services/usb/java/com/android/server/usb/UsbService.java b/services/usb/java/com/android/server/usb/UsbService.java
index 04936377bbfb..275319491e39 100644
--- a/services/usb/java/com/android/server/usb/UsbService.java
+++ b/services/usb/java/com/android/server/usb/UsbService.java
@@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub {
         if (mHostManager != null) {
             if (deviceName != null) {
                 int uid = Binder.getCallingUid();
+                int pid = Binder.getCallingPid();
                 int user = UserHandle.getUserId(uid);
 
                 long ident = clearCallingIdentity();
@@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub {
                     synchronized (mLock) {
                         if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) {
                             fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user),
-                                    packageName, uid);
+                                    packageName, pid, uid);
                         } else {
                             Slog.w(TAG, "Cannot open " + deviceName + " for user " + user
                                     + " as user is not active.");
@@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub {
     @Override
     public boolean hasDevicePermission(UsbDevice device, String packageName) {
         final int uid = Binder.getCallingUid();
+        final int pid = Binder.getCallingPid();
         final int userId = UserHandle.getUserId(uid);
 
         final long token = Binder.clearCallingIdentity();
         try {
-            return getPermissionsForUser(userId).hasPermission(device, packageName, uid);
+            return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
@@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub {
     @Override
     public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) {
         final int uid = Binder.getCallingUid();
+        final int pid = Binder.getCallingPid();
         final int userId = UserHandle.getUserId(uid);
 
         final long token = Binder.clearCallingIdentity();
         try {
-            getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid);
+            getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid);
         } finally {
             Binder.restoreCallingIdentity(token);
         }
diff --git a/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java b/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java
index e700f19adbd4..58f5484657c5 100644
--- a/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java
+++ b/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java
@@ -186,12 +186,14 @@ class UsbUserPermissionManager {
      * Returns true if package with uid has permission to access the device.
      *
      * @param device to check permission for
+     * @param pid to check permission for
      * @param uid to check permission for
      * @return {@code true} if package with uid has permission
      */
-    boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) {
+    boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid,
+            int uid) {
         if (isCameraDevicePresent(device)) {
-            if (!isCameraPermissionGranted(packageName, uid)) {
+            if (!isCameraPermissionGranted(packageName, pid, uid)) {
                 return false;
             }
         }
@@ -615,10 +617,11 @@ class UsbUserPermissionManager {
      * Check for camera permission of the calling process.
      *
      * @param packageName Package name of the caller.
+     * @param pid         Linux pid of the calling process.
      * @param uid         Linux uid of the calling process.
      * @return True in case camera permission is available, False otherwise.
      */
-    private boolean isCameraPermissionGranted(String packageName, int uid) {
+    private boolean isCameraPermissionGranted(String packageName, int pid, int uid) {
         int targetSdkVersion = android.os.Build.VERSION_CODES.P;
         try {
             ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0);
@@ -634,7 +637,7 @@ class UsbUserPermissionManager {
         }
 
         if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) {
-            int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA);
+            int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid);
             if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) {
                 Slog.i(TAG, "Camera permission required for USB video class devices");
                 return false;
@@ -644,8 +647,8 @@ class UsbUserPermissionManager {
         return true;
     }
 
-    public void checkPermission(UsbDevice device, String packageName, int uid) {
-        if (!hasPermission(device, packageName, uid)) {
+    public void checkPermission(UsbDevice device, String packageName, int pid, int uid) {
+        if (!hasPermission(device, packageName, pid, uid)) {
             throw new SecurityException("User has not given " + uid + "/" + packageName
                     + " permission to access device " + device.getDeviceName());
         }
@@ -678,11 +681,12 @@ class UsbUserPermissionManager {
         requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi);
     }
 
-    public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) {
+    public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid,
+            int uid) {
         Intent intent = new Intent();
 
         // respond immediately if permission has already been granted
-        if (hasPermission(device, packageName, uid)) {
+        if (hasPermission(device, packageName, pid, uid)) {
             intent.putExtra(UsbManager.EXTRA_DEVICE, device);
             intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true);
             try {
@@ -693,7 +697,7 @@ class UsbUserPermissionManager {
             return;
         }
         if (isCameraDevicePresent(device)) {
-            if (!isCameraPermissionGranted(packageName, uid)) {
+            if (!isCameraPermissionGranted(packageName, pid, uid)) {
                 intent.putExtra(UsbManager.EXTRA_DEVICE, device);
                 intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false);
                 try {
author	Emilian Peev <epeev@google.com>	2019-11-13 11:55:32 -0800
committer	Emilian Peev <epeev@google.com>	2019-11-13 14:16:12 -0800
commit	f7824ac70d3f6d731576b1d7d6172eb3a9ea0921 (patch)
tree	5e750ce1ee38592ced08ccc8d70255799c66accf /services/usb
parent	bc7671b9fbb36963b71d6e505b0db6c769df0225 (diff)