10dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian/* 20dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * Copyright (C) 2009 The Android Open Source Project 30dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * 40dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * Licensed under the Apache License, Version 2.0 (the "License"); 50dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * you may not use this file except in compliance with the License. 60dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * You may obtain a copy of the License at 70dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * 80dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * http://www.apache.org/licenses/LICENSE-2.0 90dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * 100dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * Unless required by applicable law or agreed to in writing, software 110dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * distributed under the License is distributed on an "AS IS" BASIS, 120dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 130dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * See the License for the specific language governing permissions and 140dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * limitations under the License. 150dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian */ 160dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 170dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#ifndef BINDER_PERMISSION_H 180dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#define BINDER_PERMISSION_H 190dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 200dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#include <stdint.h> 210dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#include <unistd.h> 220dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 230dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#include <utils/String16.h> 240dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#include <utils/Singleton.h> 250dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 260dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopiannamespace android { 270dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian// --------------------------------------------------------------------------- 280dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 290dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian/* 300dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * PermissionCache caches permission checks for a given uid. 310dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * 320dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * Currently the cache is not updated when there is a permission change, 330dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * for instance when an application is uninstalled. 340dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * 350dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * IMPORTANT: for the reason stated above, only system permissions are safe 360dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * to cache. This restriction may be lifted at a later time. 370dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian * 380dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian */ 390dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 400dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopianclass PermissionCache : Singleton<PermissionCache> { 410dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian struct Entry { 420dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian String16 name; 430dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian uid_t uid; 440dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian bool granted; 450dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian inline bool operator < (const Entry& e) const { 460dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian return (uid == e.uid) ? (name < e.name) : (uid < e.uid); 470dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian } 480dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian }; 490dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian mutable Mutex mLock; 500dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian // we pool all the permission names we see, as many permissions checks 510dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian // will have identical names 520dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian SortedVector< String16 > mPermissionNamesPool; 530dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian // this is our cache per say. it stores pooled names. 540dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian SortedVector< Entry > mCache; 550dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 560dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian // free the whole cache, but keep the permission name pool 570dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian void purge(); 580dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 590dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian status_t check(bool* granted, 600dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian const String16& permission, uid_t uid) const; 610dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 620dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian void cache(const String16& permission, uid_t uid, bool granted); 630dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 640dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopianpublic: 650dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian PermissionCache(); 660dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 670dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian static bool checkCallingPermission(const String16& permission); 680dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 690dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian static bool checkCallingPermission(const String16& permission, 700dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian int32_t* outPid, int32_t* outUid); 710dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 720dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian static bool checkPermission(const String16& permission, 730dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian pid_t pid, uid_t uid); 740dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian}; 750dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 760dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian// --------------------------------------------------------------------------- 770dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian}; // namespace android 780dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian 790dd593f22352a0863223fa4ea7e37e926b99282eMathias Agopian#endif /* BINDER_PERMISSION_H */ 80