Skip to content
Snippets Groups Projects
Commit b9a1e7ba authored by Svet Ganov's avatar Svet Ganov
Browse files

Don't record audio if UID is idle - sepolicy

If a UID is in an idle state we don't allow recording to protect
user's privacy. If the UID is in an idle state we allow recording
but report empty data (all zeros in the byte array) and once
the process goes in an active state we report the real mic data.
This avoids the race between the app being notified aboout its
lifecycle and the audio system being notified about the state
of a UID.

Test: Added - AudioRecordTest#testRecordNoDataForIdleUids
      Passing - cts-tradefed run cts-dev -m CtsMediaTestCases
              -t android.media.cts.AudioRecordTest

bug:63938985

Change-Id: I8c044e588bac4182efcdc08197925fddf593a717
parent 1d2c3f44
No related branches found
No related tags found
No related merge requests found
...@@ -29,6 +29,7 @@ userdebug_or_eng(` ...@@ -29,6 +29,7 @@ userdebug_or_eng(`
') ')
add_service(audioserver, audioserver_service) add_service(audioserver, audioserver_service)
allow audioserver activity_service:service_manager find;
allow audioserver appops_service:service_manager find; allow audioserver appops_service:service_manager find;
allow audioserver batterystats_service:service_manager find; allow audioserver batterystats_service:service_manager find;
allow audioserver permission_service:service_manager find; allow audioserver permission_service:service_manager find;
...@@ -45,6 +46,17 @@ allow audioserver audio_device:chr_file { read write }; ...@@ -45,6 +46,17 @@ allow audioserver audio_device:chr_file { read write };
# For A2DP bridge which is loaded directly into audioserver # For A2DP bridge which is loaded directly into audioserver
unix_socket_connect(audioserver, bluetooth, bluetooth) unix_socket_connect(audioserver, bluetooth, bluetooth)
# Allow shell commands from ADB for CTS testing/dumping
allow audioserver adbd:fd use;
allow audioserver adbd:unix_stream_socket { read write };
# Allow shell commands from ADB for CTS testing/dumping
userdebug_or_eng(`
allow audioserver su:fd use;
allow audioserver su:fifo_file { read write };
allow audioserver su:unix_stream_socket { read write };
')
### ###
### neverallow rules ### neverallow rules
### ###
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment