1#include "private/dvr/trusted_uids.h" 2 3#include <mutex> 4#include <unordered_map> 5 6#include <binder/IPermissionController.h> 7#include <binder/IServiceManager.h> 8#include <private/android_filesystem_config.h> 9#include <utils/String16.h> 10#include <vr/vr_manager/vr_manager.h> 11 12namespace android { 13namespace dvr { 14 15bool IsTrustedUid(uid_t uid, bool use_cache) { 16 static std::unordered_map<uid_t, bool> uid_cache; 17 static std::mutex uid_cache_mutex; 18 19 // Whitelist requests from the system UID. 20 // These are already whitelisted by the permission service, but it might not 21 // be available if the ActivityManagerService is up during boot. 22 // This ensures the correct result for system services while booting up. 23 if (uid == AID_SYSTEM) 24 return true; 25 26 std::lock_guard<std::mutex> lock(uid_cache_mutex); 27 28 if (use_cache) { 29 auto it = uid_cache.find(uid); 30 if (it != uid_cache.end()) 31 return it->second; 32 } 33 34 sp<IBinder> binder = defaultServiceManager()->getService(String16("permission")); 35 if (binder == 0) { 36 ALOGW("Could not access permission service"); 37 return false; 38 } 39 40 // Note: we ignore the pid because it's only used to automatically reply 41 // true if the caller is the Activity Manager Service. 42 bool trusted = interface_cast<IPermissionController>(binder)->checkPermission( 43 String16("android.permission.RESTRICTED_VR_ACCESS"), -1, uid); 44 45 // Cache the information for this uid to avoid future Java calls. 46 uid_cache[uid] = trusted; 47 return trusted; 48} 49 50} // namespace dvr 51} // namespace android 52