| Mathias Agopian | 99b4984 | 2011-06-27 16:05:52 -0700 | [diff] [blame] | 1 | /* | 
|  | 2 | * Copyright (C) 2009 The Android Open Source Project | 
|  | 3 | * | 
|  | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | 
|  | 5 | * you may not use this file except in compliance with the License. | 
|  | 6 | * You may obtain a copy of the License at | 
|  | 7 | * | 
|  | 8 | *      http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 9 | * | 
|  | 10 | * Unless required by applicable law or agreed to in writing, software | 
|  | 11 | * distributed under the License is distributed on an "AS IS" BASIS, | 
|  | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | 13 | * See the License for the specific language governing permissions and | 
|  | 14 | * limitations under the License. | 
|  | 15 | */ | 
|  | 16 |  | 
|  | 17 | #define LOG_TAG "PermissionCache" | 
|  | 18 |  | 
|  | 19 | #include <stdint.h> | 
|  | 20 | #include <utils/Log.h> | 
|  | 21 | #include <binder/IPCThreadState.h> | 
|  | 22 | #include <binder/IServiceManager.h> | 
|  | 23 | #include <binder/PermissionCache.h> | 
|  | 24 | #include <utils/String8.h> | 
|  | 25 |  | 
|  | 26 | namespace android { | 
|  | 27 |  | 
|  | 28 | // ---------------------------------------------------------------------------- | 
|  | 29 |  | 
|  | 30 | ANDROID_SINGLETON_STATIC_INSTANCE(PermissionCache) ; | 
|  | 31 |  | 
|  | 32 | // ---------------------------------------------------------------------------- | 
|  | 33 |  | 
|  | 34 | PermissionCache::PermissionCache() { | 
|  | 35 | } | 
|  | 36 |  | 
|  | 37 | status_t PermissionCache::check(bool* granted, | 
|  | 38 | const String16& permission, uid_t uid) const { | 
|  | 39 | Mutex::Autolock _l(mLock); | 
|  | 40 | Entry e; | 
|  | 41 | e.name = permission; | 
|  | 42 | e.uid  = uid; | 
|  | 43 | ssize_t index = mCache.indexOf(e); | 
|  | 44 | if (index >= 0) { | 
|  | 45 | *granted = mCache.itemAt(index).granted; | 
|  | 46 | return NO_ERROR; | 
|  | 47 | } | 
|  | 48 | return NAME_NOT_FOUND; | 
|  | 49 | } | 
|  | 50 |  | 
|  | 51 | void PermissionCache::cache(const String16& permission, | 
|  | 52 | uid_t uid, bool granted) { | 
|  | 53 | Mutex::Autolock _l(mLock); | 
|  | 54 | Entry e; | 
|  | 55 | ssize_t index = mPermissionNamesPool.indexOf(permission); | 
|  | 56 | if (index > 0) { | 
|  | 57 | e.name = mPermissionNamesPool.itemAt(index); | 
|  | 58 | } else { | 
|  | 59 | mPermissionNamesPool.add(permission); | 
|  | 60 | e.name = permission; | 
|  | 61 | } | 
|  | 62 | // note, we don't need to store the pid, which is not actually used in | 
|  | 63 | // permission checks | 
|  | 64 | e.uid  = uid; | 
|  | 65 | e.granted = granted; | 
|  | 66 | index = mCache.indexOf(e); | 
|  | 67 | if (index < 0) { | 
|  | 68 | mCache.add(e); | 
|  | 69 | } | 
|  | 70 | } | 
|  | 71 |  | 
|  | 72 | void PermissionCache::purge() { | 
|  | 73 | Mutex::Autolock _l(mLock); | 
|  | 74 | mCache.clear(); | 
|  | 75 | } | 
|  | 76 |  | 
|  | 77 | bool PermissionCache::checkCallingPermission(const String16& permission) { | 
|  | 78 | return PermissionCache::checkCallingPermission(permission, NULL, NULL); | 
|  | 79 | } | 
|  | 80 |  | 
|  | 81 | bool PermissionCache::checkCallingPermission( | 
|  | 82 | const String16& permission, int32_t* outPid, int32_t* outUid) { | 
|  | 83 | IPCThreadState* ipcState = IPCThreadState::self(); | 
|  | 84 | pid_t pid = ipcState->getCallingPid(); | 
|  | 85 | uid_t uid = ipcState->getCallingUid(); | 
|  | 86 | if (outPid) *outPid = pid; | 
|  | 87 | if (outUid) *outUid = uid; | 
|  | 88 | return PermissionCache::checkPermission(permission, pid, uid); | 
|  | 89 | } | 
|  | 90 |  | 
|  | 91 | bool PermissionCache::checkPermission( | 
|  | 92 | const String16& permission, pid_t pid, uid_t uid) { | 
|  | 93 | if ((uid == 0) || (pid == getpid())) { | 
|  | 94 | // root and ourselves is always okay | 
|  | 95 | return true; | 
|  | 96 | } | 
|  | 97 |  | 
|  | 98 | PermissionCache& pc(PermissionCache::getInstance()); | 
|  | 99 | bool granted = false; | 
|  | 100 | if (pc.check(&granted, permission, uid) != NO_ERROR) { | 
|  | 101 | nsecs_t t = -systemTime(); | 
|  | 102 | granted = android::checkPermission(permission, pid, uid); | 
|  | 103 | t += systemTime(); | 
| Steve Block | 9d45368 | 2011-12-20 16:23:08 +0000 | [diff] [blame] | 104 | ALOGD("checking %s for uid=%d => %s (%d us)", | 
| Mathias Agopian | 99b4984 | 2011-06-27 16:05:52 -0700 | [diff] [blame] | 105 | String8(permission).string(), uid, | 
|  | 106 | granted?"granted":"denied", (int)ns2us(t)); | 
|  | 107 | pc.cache(permission, uid, granted); | 
|  | 108 | } | 
|  | 109 | return granted; | 
|  | 110 | } | 
|  | 111 |  | 
|  | 112 | // --------------------------------------------------------------------------- | 
|  | 113 | }; // namespace android |