RESTRICT AUTOMERGE Disable the Trusted Hotword requirement

The requirement to use a sandboxed HotwordDetectionService to avoid incurring the mic indicator will be added back in a future release. With this change, SoundTrigger events and hotword-source audio do not incur the mid indicator for any process. This change adds back the permissions logic from I3275647d0f9a6e3ce8b97a556f56723b49170c8e, adjusted to account for the changes from I4fc3b3e8defed59a900fd156273e9e695a322b0c (preflight permission checks were made to accept soft denials, so simply reusing enforcePermissionForPreflight does not work anymore - it would pop up a dialog if the mic sensor is muted). We preserve the behavior of showing the indicator when the detected event is delivered from the Trusted Hotword process (no false-positives here, so we can accurately show it). Fix: 197034852 Test: manual - dsp and non-dsp; true and false positives; mute mic sensor - events aren't delivered and no dialog is shown, hotword still works after unmuting; mute mic and restart, unmute after starting reco; Trusted and non-Trusted hotwording Test: atest CameraMicIndicatorsPermissionTest Test: atest HotwordDetectionServiceBasicTest Test: atest android.cts.statsdatom.appops.AppOpsTests#testAppOps Change-Id: I68f2f37b5ce835e7fd8649b382eaee9fc299ec79 (cherry picked from commit 0e7131f3090fc0b7b8c040d09de4d5d4d62c0d19)
author: Ahaan Ugale <augale@google.com> 2021-08-17 20:40:36 -0700
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2021-08-20 00:33:52 +0000
commit: 64d22187430086f9e877c7a367ff686f7f718b1e (patch)
tree: 2c2c9a28ef748cda6e3eb531b04a90c04da52faf
parent: 90caa97251572853527afd4779562f847b5a656d (diff)
download: base-64d22187430086f9e877c7a367ff686f7f718b1e.tar.gz
3 files changed, 32 insertions, 21 deletions
diff --git a/services/core/java/com/android/server/policy/AppOpsPolicy.java b/services/core/java/com/android/server/policy/AppOpsPolicy.java
index 18c45e494c9b..8b4690629ec5 100644
--- a/services/core/java/com/android/server/policy/AppOpsPolicy.java
+++ b/services/core/java/com/android/server/policy/AppOpsPolicy.java
@@ -196,9 +196,8 @@ public final class AppOpsPolicy implements AppOpsManagerInternal.CheckOpsDelegat
     }
 
     private static boolean isHotwordDetectionServiceRequired(PackageManager pm) {
-        // The HotwordDetectionService APIs aren't ready yet for Auto or TV.
-        return !(pm.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)
-                || pm.hasSystemFeature(PackageManager.FEATURE_LEANBACK));
+        // Usage of the HotwordDetectionService won't be enforced until a later release.
+        return false;
     }
 
     @Override
diff --git a/services/core/java/com/android/server/soundtrigger_middleware/SoundTriggerMiddlewarePermission.java b/services/core/java/com/android/server/soundtrigger_middleware/SoundTriggerMiddlewarePermission.java
index 9999aff3aa91..2b03fe88a1ec 100644
--- a/services/core/java/com/android/server/soundtrigger_middleware/SoundTriggerMiddlewarePermission.java
+++ b/services/core/java/com/android/server/soundtrigger_middleware/SoundTriggerMiddlewarePermission.java
@@ -125,16 +125,25 @@ public class SoundTriggerMiddlewarePermission implements ISoundTriggerMiddleware
      * originator temporarily doesn't have the right permissions to use this service.
      */
     private void enforcePermissionsForPreflight(@NonNull Identity identity) {
-        enforcePermissionForPreflight(mContext, identity, RECORD_AUDIO);
-        enforcePermissionForPreflight(mContext, identity, CAPTURE_AUDIO_HOTWORD);
+        enforcePermissionForPreflight(mContext, identity, RECORD_AUDIO,
+                /* allowSoftDenial= */ true);
+        enforcePermissionForPreflight(mContext, identity, CAPTURE_AUDIO_HOTWORD,
+                /* allowSoftDenial= */ true);
     }
 
     /**
      * Throws a {@link SecurityException} iff the originator has permission to receive data.
      */
     void enforcePermissionsForDataDelivery(@NonNull Identity identity, @NonNull String reason) {
-        enforcePermissionForDataDelivery(mContext, identity, RECORD_AUDIO,
-                reason);
+        // SoundTrigger data is treated the same as Hotword-source audio. This should incur the
+        // HOTWORD op instead of the RECORD_AUDIO op. The RECORD_AUDIO permission is still required,
+        // and since this is a data delivery check, soft denials aren't accepted.
+        enforcePermissionForPreflight(mContext, identity, RECORD_AUDIO,
+                /* allowSoftDenial= */ false);
+        int hotwordOp = AppOpsManager.strOpToOp(AppOpsManager.OPSTR_RECORD_AUDIO_HOTWORD);
+        mContext.getSystemService(AppOpsManager.class).noteOpNoThrow(hotwordOp, identity.uid,
+                identity.packageName, identity.attributionTag, reason);
+
         enforcePermissionForDataDelivery(mContext, identity, CAPTURE_AUDIO_HOTWORD,
                 reason);
     }
@@ -163,20 +172,25 @@ public class SoundTriggerMiddlewarePermission implements ISoundTriggerMiddleware
     /**
      * Throws a {@link SecurityException} if originator permanently doesn't have the given
      * permission.
-     * Soft (temporary) denials are considered OK for preflight purposes.
      *
-     * @param context    A {@link Context}, used for permission checks.
-     * @param identity   The identity to check.
-     * @param permission The identifier of the permission we want to check.
+     * @param context         A {@link Context}, used for permission checks.
+     * @param identity        The identity to check.
+     * @param permission      The identifier of the permission we want to check.
+     * @param allowSoftDenial If true, the operation succeeds even for soft (temporary) denials.
      */
+    // TODO: Consider splitting up this method instead of using `allowSoftDenial`, to make it
+    // clearer when soft denials are not allowed.
     private static void enforcePermissionForPreflight(@NonNull Context context,
-            @NonNull Identity identity, @NonNull String permission) {
+            @NonNull Identity identity, @NonNull String permission, boolean allowSoftDenial) {
         final int status = PermissionUtil.checkPermissionForPreflight(context, identity,
                 permission);
         switch (status) {
             case PermissionChecker.PERMISSION_GRANTED:
-            case PermissionChecker.PERMISSION_SOFT_DENIED:
                 return;
+            case PermissionChecker.PERMISSION_SOFT_DENIED:
+                if (allowSoftDenial) {
+                    return;
+                } // else fall through
             case PermissionChecker.PERMISSION_HARD_DENIED:
                 throw new SecurityException(
                         String.format("Failed to obtain permission %s for identity %s", permission,
diff --git a/services/voiceinteraction/java/com/android/server/voiceinteraction/HotwordDetectionConnection.java b/services/voiceinteraction/java/com/android/server/voiceinteraction/HotwordDetectionConnection.java
index 734172fc1549..a9aeb985d115 100644
--- a/services/voiceinteraction/java/com/android/server/voiceinteraction/HotwordDetectionConnection.java
+++ b/services/voiceinteraction/java/com/android/server/voiceinteraction/HotwordDetectionConnection.java
@@ -23,11 +23,8 @@ import static android.service.voice.HotwordDetectionService.AUDIO_SOURCE_MICROPH
 import static android.service.voice.HotwordDetectionService.INITIALIZATION_STATUS_UNKNOWN;
 import static android.service.voice.HotwordDetectionService.KEY_INITIALIZATION_STATUS;
 
-import static com.android.server.voiceinteraction.SoundTriggerSessionPermissionsDecorator.enforcePermissionForPreflight;
-
 import android.annotation.NonNull;
 import android.annotation.Nullable;
-import android.app.AppOpsManager;
 import android.content.ComponentName;
 import android.content.ContentCaptureOptions;
 import android.content.Context;
@@ -935,11 +932,12 @@ final class HotwordDetectionConnection {
     // TODO: Share this code with SoundTriggerMiddlewarePermission.
     private void enforcePermissionsForDataDelivery() {
         Binder.withCleanCallingIdentity(() -> {
-            enforcePermissionForPreflight(mContext, mVoiceInteractorIdentity, RECORD_AUDIO);
-            int hotwordOp = AppOpsManager.strOpToOp(AppOpsManager.OPSTR_RECORD_AUDIO_HOTWORD);
-            mContext.getSystemService(AppOpsManager.class).noteOpNoThrow(hotwordOp,
-                    mVoiceInteractorIdentity.uid, mVoiceInteractorIdentity.packageName,
-                    mVoiceInteractorIdentity.attributionTag, OP_MESSAGE);
+            // Hack to make sure we show the mic privacy-indicator since the Trusted Hotword
+            // requirement isn't being enforced for now. Normally, we would note the HOTWORD op here
+            // instead.
+            enforcePermissionForDataDelivery(mContext, mVoiceInteractorIdentity,
+                    RECORD_AUDIO, OP_MESSAGE);
+
             enforcePermissionForDataDelivery(mContext, mVoiceInteractorIdentity,
                     CAPTURE_AUDIO_HOTWORD, OP_MESSAGE);
         });
author	Ahaan Ugale <augale@google.com>	2021-08-17 20:40:36 -0700
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2021-08-20 00:33:52 +0000
commit	64d22187430086f9e877c7a367ff686f7f718b1e (patch)
tree	2c2c9a28ef748cda6e3eb531b04a90c04da52faf
parent	90caa97251572853527afd4779562f847b5a656d (diff)
download	base-64d22187430086f9e877c7a367ff686f7f718b1e.tar.gz