mirror of
https://gitee.com/openharmony/multimedia_audio_standard
synced 2024-12-11 14:46:40 +00:00
security issue fix and access policy permission modification
Signed-off-by: Geevarghese V K <geevarghese.v.k1@huawei.com>
This commit is contained in:
parent
0357f8cb93
commit
6e5ca5c6f1
@ -32,6 +32,7 @@ constexpr int32_t RENDERER_STREAM_USAGE_SHIFT = 16;
|
||||
constexpr int32_t MINIMUM_BUFFER_SIZE_MSEC = 5;
|
||||
constexpr int32_t MAXIMUM_BUFFER_SIZE_MSEC = 20;
|
||||
constexpr int32_t MIN_SERVICE_COUNT = 2;
|
||||
constexpr int32_t ROOT_UID = 0;
|
||||
|
||||
const std::string MICROPHONE_PERMISSION = "ohos.permission.MICROPHONE";
|
||||
const std::string MODIFY_AUDIO_SETTINGS_PERMISSION = "ohos.permission.MODIFY_AUDIO_SETTINGS";
|
||||
|
@ -62,6 +62,7 @@ ohos_shared_library("audio_service") {
|
||||
]
|
||||
|
||||
external_deps = [
|
||||
"access_token:libaccesstoken_sdk",
|
||||
"hiviewdfx_hilog_native:libhilog",
|
||||
"ipc:ipc_core",
|
||||
"safwk:system_ability_fwk",
|
||||
|
@ -150,7 +150,6 @@ private:
|
||||
static constexpr int32_t SECOND_PRIORITY = 2;
|
||||
static constexpr int32_t THIRD_PRIORITY = 3;
|
||||
static constexpr int32_t VOLUME_KEY_DURATION = 0;
|
||||
static constexpr int32_t ROOT_UID = 0;
|
||||
static constexpr int32_t MEDIA_SERVICE_UID = 1013;
|
||||
};
|
||||
} // namespace AudioStandard
|
||||
|
@ -19,6 +19,8 @@
|
||||
#include <mutex>
|
||||
#include <unordered_map>
|
||||
#include <pthread.h>
|
||||
#include "accesstoken_kit.h"
|
||||
#include "ipc_skeleton.h"
|
||||
#include "iremote_stub.h"
|
||||
#include "system_ability.h"
|
||||
#include "audio_system_manager.h"
|
||||
@ -46,7 +48,10 @@ public:
|
||||
const std::string GetAudioParameter(const std::string &key) override;
|
||||
const char *RetrieveCookie(int32_t &size) override;
|
||||
int32_t UpdateActiveDeviceRoute(DeviceType type, DeviceFlag flag) override;
|
||||
|
||||
private:
|
||||
bool VerifyClientPermission(const std::string &permissionName);
|
||||
|
||||
static constexpr int32_t MAX_VOLUME = 15;
|
||||
static constexpr int32_t MIN_VOLUME = 0;
|
||||
static std::unordered_map<int, float> AudioStreamVolumeMap;
|
||||
|
@ -228,11 +228,28 @@ float AudioPolicyServer::GetStreamVolume(AudioStreamType streamType)
|
||||
|
||||
int32_t AudioPolicyServer::SetStreamMute(AudioStreamType streamType, bool mute)
|
||||
{
|
||||
if (streamType == AudioStreamType::STREAM_RING) {
|
||||
if (!VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION, 0)) {
|
||||
AUDIO_ERR_LOG("SetStreamMute permission denied for stream type : %{public}d", streamType);
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
return mPolicyService.SetStreamMute(streamType, mute);
|
||||
}
|
||||
|
||||
int32_t AudioPolicyServer::SetStreamVolume(AudioStreamType streamType, float volume, bool isUpdateUi)
|
||||
{
|
||||
if (streamType == AudioStreamType::STREAM_RING && !isUpdateUi) {
|
||||
float currentRingVolume = GetStreamVolume(AudioStreamType::STREAM_RING);
|
||||
if ((currentRingVolume > 0.0f && volume == 0.0f) || (currentRingVolume == 0.0f && volume > 0.0f)) {
|
||||
if (!VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION, 0)) {
|
||||
AUDIO_ERR_LOG("Access policy permission denied for volume type : %{public}d", streamType);
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int ret = mPolicyService.SetStreamVolume(streamType, volume);
|
||||
for (auto it = volumeChangeCbsMap_.begin(); it != volumeChangeCbsMap_.end(); ++it) {
|
||||
std::shared_ptr<VolumeKeyEventCallback> volumeChangeCb = it->second;
|
||||
@ -250,6 +267,13 @@ int32_t AudioPolicyServer::SetStreamVolume(AudioStreamType streamType, float vol
|
||||
|
||||
bool AudioPolicyServer::GetStreamMute(AudioStreamType streamType)
|
||||
{
|
||||
if (streamType == AudioStreamType::STREAM_RING) {
|
||||
if (!VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION, 0)) {
|
||||
AUDIO_ERR_LOG("GetStreamMute permission denied for stream type : %{public}d", streamType);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return mPolicyService.GetStreamMute(streamType);
|
||||
}
|
||||
|
||||
@ -275,6 +299,24 @@ bool AudioPolicyServer::IsDeviceActive(InternalDeviceType deviceType)
|
||||
|
||||
int32_t AudioPolicyServer::SetRingerMode(AudioRingerMode ringMode)
|
||||
{
|
||||
bool isPermissionRequired = false;
|
||||
|
||||
if (ringMode == AudioRingerMode::RINGER_MODE_SILENT) {
|
||||
isPermissionRequired = true;
|
||||
} else {
|
||||
AudioRingerMode currentRingerMode = GetRingerMode();
|
||||
if (currentRingerMode == AudioRingerMode::RINGER_MODE_SILENT) {
|
||||
isPermissionRequired = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (isPermissionRequired) {
|
||||
if (!VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION, 0)) {
|
||||
AUDIO_ERR_LOG("Access policy permission denied for ringerMode : %{public}d", ringMode);
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
int32_t ret = mPolicyService.SetRingerMode(ringMode);
|
||||
if (ret == SUCCESS) {
|
||||
for (auto it = ringerModeListenerCbsMap_.begin(); it != ringerModeListenerCbsMap_.end(); ++it) {
|
||||
|
@ -143,13 +143,6 @@ void AudioSystemManager::init()
|
||||
|
||||
int32_t AudioSystemManager::SetRingerMode(AudioRingerMode ringMode) const
|
||||
{
|
||||
if (ringMode == AudioRingerMode::RINGER_MODE_SILENT) {
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("Access policy permission denied for ringerMode : %{public}d", ringMode);
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
/* Call Audio Policy SetRingerMode */
|
||||
return AudioPolicyManager::GetInstance().SetRingerMode(ringMode);
|
||||
}
|
||||
@ -227,11 +220,6 @@ const std::string AudioSystemManager::GetAudioParameter(const std::string key) c
|
||||
void AudioSystemManager::SetAudioParameter(const std::string &key, const std::string &value) const
|
||||
{
|
||||
CHECK_AND_RETURN_LOG(g_sProxy != nullptr, "SetAudioParameter::Audio service unavailable");
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(MODIFY_AUDIO_SETTINGS_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("SetAudioParameter: MODIFY_AUDIO_SETTINGS permission denied");
|
||||
return;
|
||||
}
|
||||
|
||||
g_sProxy->SetAudioParameter(key, value);
|
||||
}
|
||||
|
||||
@ -243,13 +231,6 @@ const char *AudioSystemManager::RetrieveCookie(int32_t &size) const
|
||||
|
||||
int32_t AudioSystemManager::SetVolume(AudioSystemManager::AudioVolumeType volumeType, int32_t volume) const
|
||||
{
|
||||
if (volumeType == AudioVolumeType::STREAM_RING) {
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("Access policy permission denied for volume type : %{public}d", volumeType);
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
/* Validate and return INVALID_PARAMS error */
|
||||
if ((volume < MIN_VOLUME_LEVEL) || (volume > MAX_VOLUME_LEVEL)) {
|
||||
AUDIO_ERR_LOG("Invalid Volume Input!");
|
||||
@ -330,7 +311,7 @@ int32_t AudioSystemManager::MapVolumeFromHDI(float volume)
|
||||
int32_t AudioSystemManager::GetMaxVolume(AudioSystemManager::AudioVolumeType volumeType) const
|
||||
{
|
||||
CHECK_AND_RETURN_RET_LOG(g_sProxy != nullptr, ERR_OPERATION_FAILED, "GetMaxVolume::Audio service unavailable");
|
||||
|
||||
|
||||
if (volumeType == STREAM_ALL) {
|
||||
volumeType = STREAM_MUSIC;
|
||||
}
|
||||
@ -349,13 +330,6 @@ int32_t AudioSystemManager::GetMinVolume(AudioSystemManager::AudioVolumeType vol
|
||||
|
||||
int32_t AudioSystemManager::SetMute(AudioSystemManager::AudioVolumeType volumeType, bool mute) const
|
||||
{
|
||||
if (volumeType == AudioVolumeType::STREAM_RING) {
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("Access policy permission denied for volume type : %{public}d", volumeType);
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
switch (volumeType) {
|
||||
case STREAM_MUSIC:
|
||||
case STREAM_RING:
|
||||
@ -389,12 +363,6 @@ int32_t AudioSystemManager::SetMute(AudioSystemManager::AudioVolumeType volumeTy
|
||||
bool AudioSystemManager::IsStreamMute(AudioSystemManager::AudioVolumeType volumeType) const
|
||||
{
|
||||
AUDIO_DEBUG_LOG("AudioSystemManager::GetMute Client");
|
||||
if (volumeType == AudioVolumeType::STREAM_RING) {
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(ACCESS_NOTIFICATION_POLICY_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("Access policy permission denied for volume type : %{public}d", volumeType);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
switch (volumeType) {
|
||||
case STREAM_MUSIC:
|
||||
@ -458,22 +426,12 @@ int32_t AudioSystemManager::UnsetRingerModeCallback(const int32_t clientId) cons
|
||||
int32_t AudioSystemManager::SetMicrophoneMute(bool isMute) const
|
||||
{
|
||||
CHECK_AND_RETURN_RET_LOG(g_sProxy != nullptr, ERR_OPERATION_FAILED, "SetMicrophoneMute::Audio service unavailable");
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(MICROPHONE_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("SetMicrophoneMute: MICROPHONE permission denied");
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
return g_sProxy->SetMicrophoneMute(isMute);
|
||||
}
|
||||
|
||||
bool AudioSystemManager::IsMicrophoneMute() const
|
||||
{
|
||||
CHECK_AND_RETURN_RET_LOG(g_sProxy != nullptr, ERR_OPERATION_FAILED, "IsMicrophoneMute::Audio service unavailable");
|
||||
if (!AudioPolicyManager::GetInstance().VerifyClientPermission(MICROPHONE_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("IsMicrophoneMute: MICROPHONE permission denied");
|
||||
return false;
|
||||
}
|
||||
|
||||
return g_sProxy->IsMicrophoneMute();
|
||||
}
|
||||
|
||||
|
@ -89,6 +89,11 @@ void AudioServer::OnStop()
|
||||
void AudioServer::SetAudioParameter(const std::string &key, const std::string &value)
|
||||
{
|
||||
AUDIO_DEBUG_LOG("server: set audio parameter");
|
||||
if (!VerifyClientPermission(MODIFY_AUDIO_SETTINGS_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("SetAudioParameter: MODIFY_AUDIO_SETTINGS permission denied");
|
||||
return;
|
||||
}
|
||||
|
||||
AudioServer::audioParameters[key] = value;
|
||||
}
|
||||
|
||||
@ -144,6 +149,11 @@ int32_t AudioServer::GetMinVolume(AudioSystemManager::AudioVolumeType volumeType
|
||||
|
||||
int32_t AudioServer::SetMicrophoneMute(bool isMute)
|
||||
{
|
||||
if (!VerifyClientPermission(MICROPHONE_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("SetMicrophoneMute: MICROPHONE permission denied");
|
||||
return ERR_PERMISSION_DENIED;
|
||||
}
|
||||
|
||||
AudioCapturerSource *audioCapturerSourceInstance = AudioCapturerSource::GetInstance();
|
||||
|
||||
if (!audioCapturerSourceInstance->capturerInited_) {
|
||||
@ -157,6 +167,11 @@ int32_t AudioServer::SetMicrophoneMute(bool isMute)
|
||||
|
||||
bool AudioServer::IsMicrophoneMute()
|
||||
{
|
||||
if (!VerifyClientPermission(MICROPHONE_PERMISSION)) {
|
||||
AUDIO_ERR_LOG("IsMicrophoneMute: MICROPHONE permission denied");
|
||||
return false;
|
||||
}
|
||||
|
||||
AudioCapturerSource *audioCapturerSourceInstance = AudioCapturerSource::GetInstance();
|
||||
bool isMute = false;
|
||||
|
||||
@ -219,6 +234,27 @@ int32_t AudioServer::UpdateActiveDeviceRoute(DeviceType type, DeviceFlag flag)
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
bool AudioServer::VerifyClientPermission(const std::string &permissionName)
|
||||
{
|
||||
auto callerUid = IPCSkeleton::GetCallingUid();
|
||||
AUDIO_INFO_LOG("AudioServer: ==[%{public}s] [uid:%{public}d]==", permissionName.c_str(), callerUid);
|
||||
|
||||
// Root users should be whitelisted
|
||||
if (callerUid == ROOT_UID) {
|
||||
AUDIO_INFO_LOG("Root user. Permission GRANTED!!!");
|
||||
return true;
|
||||
}
|
||||
|
||||
Security::AccessToken::AccessTokenID clientTokenId = IPCSkeleton::GetCallingTokenID();
|
||||
int res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(clientTokenId, permissionName);
|
||||
if (res != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
|
||||
AUDIO_ERR_LOG("Permission denied [tid:%{public}d]", clientTokenId);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
std::vector<sptr<AudioDeviceDescriptor>> AudioServer::GetDevices(DeviceFlag deviceFlag)
|
||||
{
|
||||
std::vector<sptr<AudioDeviceDescriptor>> audioDeviceDescriptor = {};
|
||||
|
Loading…
Reference in New Issue
Block a user