commit 62cc92bb3801f1181403c78b4f942874050bb874
author Jeffrey Carlyle <jcarlyle@google.com> Tue Sep 17 11:15:15 2019 -0700
committer Jeffrey Carlyle <jcarlyle@google.com> Wed Sep 18 03:30:30 2019 +0000
tree 5b026f29b960d0ac13cfe7cc2c0fac38891230ab
parent 1f1b954261e8821a7bf03c25abfd127dcc1f4844

ServiceUtilities: don't do RECORD_AUDIO check for system server

Only one system server seems to exist across multiple-users; however,
when the primary user is backgrounded, system server loses its
RECORD_AUDIO permission.  Through a number of steps this prevents the
secondary user from starting any services that use the SoundTrigger HAL;
specifically, this was found because it prevents Oslo from functioning
when a secondary user is active.

Bug: 139839188
Test: Oslo use cases pass
Change-Id: Ia0dd5fd3b6992cb18279b81146b35ed040771245
Signed-off-by: Jeffrey Carlyle <jcarlyle@google.com>

media/utils/Android.bp

diff --git a/media/utils/Android.bp b/media/utils/Android.bp
index 3adb40f..e2cd4e3 100644
--- a/media/utils/Android.bp
+++ b/media/utils/Android.bp
@@ -27,6 +27,7 @@
     ],
     shared_libs: [
         "libbinder",
+        "libcutils",
         "liblog",
         "libutils",
         "libmemunreachable",

media/utils/ServiceUtilities.cpp

diff --git a/media/utils/ServiceUtilities.cpp b/media/utils/ServiceUtilities.cpp
index b824212..bc8fff6 100644
--- a/media/utils/ServiceUtilities.cpp
+++ b/media/utils/ServiceUtilities.cpp
@@ -63,7 +63,10 @@
         uid_t uid, bool start) {
     // Okay to not track in app ops as audio server is us and if
     // device is rooted security model is considered compromised.
-    if (isAudioServerOrRootUid(uid)) return true;
+    // system_server loses its RECORD_AUDIO permission when a secondary
+    // user is active, but it is a core system service so let it through.
+    // TODO(b/141210120): UserManager.DISALLOW_RECORD_AUDIO should not affect system user 0
+    if (isAudioServerOrSystemServerOrRootUid(uid)) return true;
 
     // We specify a pid and uid here as mediaserver (aka MediaRecorder or StageFrightRecorder)
     // may open a record track on behalf of a client.  Note that pid may be a tid.

media/utils/include/mediautils/ServiceUtilities.h

diff --git a/media/utils/include/mediautils/ServiceUtilities.h b/media/utils/include/mediautils/ServiceUtilities.h
index 2a6e609..e1089d5 100644
--- a/media/utils/include/mediautils/ServiceUtilities.h
+++ b/media/utils/include/mediautils/ServiceUtilities.h
@@ -58,6 +58,12 @@
     return multiuser_get_app_id(uid) == AID_SYSTEM || uid == AID_AUDIOSERVER;
 }
 
+// used for calls that should come from system_server or audio_server and
+// include AID_ROOT for command-line tests.
+static inline bool isAudioServerOrSystemServerOrRootUid(uid_t uid) {
+    return multiuser_get_app_id(uid) == AID_SYSTEM || uid == AID_AUDIOSERVER || uid == AID_ROOT;
+}
+
 // Mediaserver may forward the client PID and UID as part of a binder interface call;
 // otherwise the calling UID must be equal to the client UID.
 static inline bool isAudioServerOrMediaServerUid(uid_t uid) {