| Mathias Agopian | 99b4984 | 2011-06-27 16:05:52 -0700 | [diff] [blame] | 1 | /* | 
|  | 2 | * Copyright (C) 2009 The Android Open Source Project | 
|  | 3 | * | 
|  | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | 
|  | 5 | * you may not use this file except in compliance with the License. | 
|  | 6 | * You may obtain a copy of the License at | 
|  | 7 | * | 
|  | 8 | *      http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 9 | * | 
|  | 10 | * Unless required by applicable law or agreed to in writing, software | 
|  | 11 | * distributed under the License is distributed on an "AS IS" BASIS, | 
|  | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | 13 | * See the License for the specific language governing permissions and | 
|  | 14 | * limitations under the License. | 
|  | 15 | */ | 
|  | 16 |  | 
|  | 17 | #ifndef BINDER_PERMISSION_H | 
|  | 18 | #define BINDER_PERMISSION_H | 
|  | 19 |  | 
|  | 20 | #include <stdint.h> | 
|  | 21 | #include <unistd.h> | 
|  | 22 |  | 
|  | 23 | #include <utils/String16.h> | 
|  | 24 | #include <utils/Singleton.h> | 
| Mathias Agopian | db403e8 | 2012-06-18 16:47:56 -0700 | [diff] [blame] | 25 | #include <utils/SortedVector.h> | 
| Mathias Agopian | 99b4984 | 2011-06-27 16:05:52 -0700 | [diff] [blame] | 26 |  | 
|  | 27 | namespace android { | 
|  | 28 | // --------------------------------------------------------------------------- | 
|  | 29 |  | 
|  | 30 | /* | 
|  | 31 | * PermissionCache caches permission checks for a given uid. | 
|  | 32 | * | 
|  | 33 | * Currently the cache is not updated when there is a permission change, | 
|  | 34 | * for instance when an application is uninstalled. | 
|  | 35 | * | 
|  | 36 | * IMPORTANT: for the reason stated above, only system permissions are safe | 
|  | 37 | * to cache. This restriction may be lifted at a later time. | 
|  | 38 | * | 
|  | 39 | */ | 
|  | 40 |  | 
|  | 41 | class PermissionCache : Singleton<PermissionCache> { | 
|  | 42 | struct Entry { | 
|  | 43 | String16    name; | 
|  | 44 | uid_t       uid; | 
|  | 45 | bool        granted; | 
|  | 46 | inline bool operator < (const Entry& e) const { | 
|  | 47 | return (uid == e.uid) ? (name < e.name) : (uid < e.uid); | 
|  | 48 | } | 
|  | 49 | }; | 
|  | 50 | mutable Mutex mLock; | 
|  | 51 | // we pool all the permission names we see, as many permissions checks | 
|  | 52 | // will have identical names | 
|  | 53 | SortedVector< String16 > mPermissionNamesPool; | 
|  | 54 | // this is our cache per say. it stores pooled names. | 
|  | 55 | SortedVector< Entry > mCache; | 
|  | 56 |  | 
|  | 57 | // free the whole cache, but keep the permission name pool | 
|  | 58 | void purge(); | 
|  | 59 |  | 
|  | 60 | status_t check(bool* granted, | 
|  | 61 | const String16& permission, uid_t uid) const; | 
|  | 62 |  | 
|  | 63 | void cache(const String16& permission, uid_t uid, bool granted); | 
|  | 64 |  | 
|  | 65 | public: | 
|  | 66 | PermissionCache(); | 
|  | 67 |  | 
|  | 68 | static bool checkCallingPermission(const String16& permission); | 
|  | 69 |  | 
|  | 70 | static bool checkCallingPermission(const String16& permission, | 
|  | 71 | int32_t* outPid, int32_t* outUid); | 
|  | 72 |  | 
|  | 73 | static bool checkPermission(const String16& permission, | 
|  | 74 | pid_t pid, uid_t uid); | 
|  | 75 | }; | 
|  | 76 |  | 
|  | 77 | // --------------------------------------------------------------------------- | 
|  | 78 | }; // namespace android | 
|  | 79 |  | 
|  | 80 | #endif /* BINDER_PERMISSION_H */ |