1 /* 2 * Copyright (C) 2009 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_TAG "PermissionCache" 18 19 #include <stdint.h> 20 #include <utils/Log.h> 21 #include <binder/IPCThreadState.h> 22 #include <binder/IServiceManager.h> 23 #include <binder/PermissionCache.h> 24 #include <utils/String8.h> 25 26 namespace android { 27 28 // ---------------------------------------------------------------------------- 29 30 ANDROID_SINGLETON_STATIC_INSTANCE(PermissionCache) ; 31 32 // ---------------------------------------------------------------------------- 33 34 PermissionCache::PermissionCache() { 35 } 36 37 status_t PermissionCache::check(bool* granted, 38 const String16& permission, uid_t uid) const { 39 Mutex::Autolock _l(mLock); 40 Entry e; 41 e.name = permission; 42 e.uid = uid; 43 ssize_t index = mCache.indexOf(e); 44 if (index >= 0) { 45 *granted = mCache.itemAt(index).granted; 46 return NO_ERROR; 47 } 48 return NAME_NOT_FOUND; 49 } 50 51 void PermissionCache::cache(const String16& permission, 52 uid_t uid, bool granted) { 53 Mutex::Autolock _l(mLock); 54 Entry e; 55 ssize_t index = mPermissionNamesPool.indexOf(permission); 56 if (index > 0) { 57 e.name = mPermissionNamesPool.itemAt(index); 58 } else { 59 mPermissionNamesPool.add(permission); 60 e.name = permission; 61 } 62 // note, we don't need to store the pid, which is not actually used in 63 // permission checks 64 e.uid = uid; 65 e.granted = granted; 66 index = mCache.indexOf(e); 67 if (index < 0) { 68 mCache.add(e); 69 } 70 } 71 72 void PermissionCache::purge() { 73 Mutex::Autolock _l(mLock); 74 mCache.clear(); 75 } 76 77 bool PermissionCache::checkCallingPermission(const String16& permission) { 78 return PermissionCache::checkCallingPermission(permission, NULL, NULL); 79 } 80 81 bool PermissionCache::checkCallingPermission( 82 const String16& permission, int32_t* outPid, int32_t* outUid) { 83 IPCThreadState* ipcState = IPCThreadState::self(); 84 pid_t pid = ipcState->getCallingPid(); 85 uid_t uid = ipcState->getCallingUid(); 86 if (outPid) *outPid = pid; 87 if (outUid) *outUid = uid; 88 return PermissionCache::checkPermission(permission, pid, uid); 89 } 90 91 bool PermissionCache::checkPermission( 92 const String16& permission, pid_t pid, uid_t uid) { 93 if ((uid == 0) || (pid == getpid())) { 94 // root and ourselves is always okay 95 return true; 96 } 97 98 PermissionCache& pc(PermissionCache::getInstance()); 99 bool granted = false; 100 if (pc.check(&granted, permission, uid) != NO_ERROR) { 101 nsecs_t t = -systemTime(); 102 granted = android::checkPermission(permission, pid, uid); 103 t += systemTime(); 104 ALOGD("checking %s for uid=%d => %s (%d us)", 105 String8(permission).string(), uid, 106 granted?"granted":"denied", (int)ns2us(t)); 107 pc.cache(permission, uid, granted); 108 } 109 return granted; 110 } 111 112 // --------------------------------------------------------------------------- 113 }; // namespace android 114
