199b49840d309727678b77403d6cc9f920111623fMathias Agopian/* 299b49840d309727678b77403d6cc9f920111623fMathias Agopian * Copyright (C) 2009 The Android Open Source Project 399b49840d309727678b77403d6cc9f920111623fMathias Agopian * 499b49840d309727678b77403d6cc9f920111623fMathias Agopian * Licensed under the Apache License, Version 2.0 (the "License"); 599b49840d309727678b77403d6cc9f920111623fMathias Agopian * you may not use this file except in compliance with the License. 699b49840d309727678b77403d6cc9f920111623fMathias Agopian * You may obtain a copy of the License at 799b49840d309727678b77403d6cc9f920111623fMathias Agopian * 899b49840d309727678b77403d6cc9f920111623fMathias Agopian * http://www.apache.org/licenses/LICENSE-2.0 999b49840d309727678b77403d6cc9f920111623fMathias Agopian * 1099b49840d309727678b77403d6cc9f920111623fMathias Agopian * Unless required by applicable law or agreed to in writing, software 1199b49840d309727678b77403d6cc9f920111623fMathias Agopian * distributed under the License is distributed on an "AS IS" BASIS, 1299b49840d309727678b77403d6cc9f920111623fMathias Agopian * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1399b49840d309727678b77403d6cc9f920111623fMathias Agopian * See the License for the specific language governing permissions and 1499b49840d309727678b77403d6cc9f920111623fMathias Agopian * limitations under the License. 1599b49840d309727678b77403d6cc9f920111623fMathias Agopian */ 1699b49840d309727678b77403d6cc9f920111623fMathias Agopian 1799b49840d309727678b77403d6cc9f920111623fMathias Agopian#ifndef BINDER_PERMISSION_H 1899b49840d309727678b77403d6cc9f920111623fMathias Agopian#define BINDER_PERMISSION_H 1999b49840d309727678b77403d6cc9f920111623fMathias Agopian 2099b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <stdint.h> 2199b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <unistd.h> 2299b49840d309727678b77403d6cc9f920111623fMathias Agopian 2399b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <utils/String16.h> 2499b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <utils/Singleton.h> 25db403e8ff0d7727015e1a5009bab20eb7ec205bcMathias Agopian#include <utils/SortedVector.h> 2699b49840d309727678b77403d6cc9f920111623fMathias Agopian 2799b49840d309727678b77403d6cc9f920111623fMathias Agopiannamespace android { 2899b49840d309727678b77403d6cc9f920111623fMathias Agopian// --------------------------------------------------------------------------- 2999b49840d309727678b77403d6cc9f920111623fMathias Agopian 3099b49840d309727678b77403d6cc9f920111623fMathias Agopian/* 3199b49840d309727678b77403d6cc9f920111623fMathias Agopian * PermissionCache caches permission checks for a given uid. 3299b49840d309727678b77403d6cc9f920111623fMathias Agopian * 3399b49840d309727678b77403d6cc9f920111623fMathias Agopian * Currently the cache is not updated when there is a permission change, 3499b49840d309727678b77403d6cc9f920111623fMathias Agopian * for instance when an application is uninstalled. 3599b49840d309727678b77403d6cc9f920111623fMathias Agopian * 3699b49840d309727678b77403d6cc9f920111623fMathias Agopian * IMPORTANT: for the reason stated above, only system permissions are safe 3799b49840d309727678b77403d6cc9f920111623fMathias Agopian * to cache. This restriction may be lifted at a later time. 3899b49840d309727678b77403d6cc9f920111623fMathias Agopian * 3999b49840d309727678b77403d6cc9f920111623fMathias Agopian */ 4099b49840d309727678b77403d6cc9f920111623fMathias Agopian 4199b49840d309727678b77403d6cc9f920111623fMathias Agopianclass PermissionCache : Singleton<PermissionCache> { 4299b49840d309727678b77403d6cc9f920111623fMathias Agopian struct Entry { 4399b49840d309727678b77403d6cc9f920111623fMathias Agopian String16 name; 4499b49840d309727678b77403d6cc9f920111623fMathias Agopian uid_t uid; 4599b49840d309727678b77403d6cc9f920111623fMathias Agopian bool granted; 4699b49840d309727678b77403d6cc9f920111623fMathias Agopian inline bool operator < (const Entry& e) const { 4799b49840d309727678b77403d6cc9f920111623fMathias Agopian return (uid == e.uid) ? (name < e.name) : (uid < e.uid); 4899b49840d309727678b77403d6cc9f920111623fMathias Agopian } 4999b49840d309727678b77403d6cc9f920111623fMathias Agopian }; 5099b49840d309727678b77403d6cc9f920111623fMathias Agopian mutable Mutex mLock; 5199b49840d309727678b77403d6cc9f920111623fMathias Agopian // we pool all the permission names we see, as many permissions checks 5299b49840d309727678b77403d6cc9f920111623fMathias Agopian // will have identical names 5399b49840d309727678b77403d6cc9f920111623fMathias Agopian SortedVector< String16 > mPermissionNamesPool; 5499b49840d309727678b77403d6cc9f920111623fMathias Agopian // this is our cache per say. it stores pooled names. 5599b49840d309727678b77403d6cc9f920111623fMathias Agopian SortedVector< Entry > mCache; 5699b49840d309727678b77403d6cc9f920111623fMathias Agopian 5799b49840d309727678b77403d6cc9f920111623fMathias Agopian // free the whole cache, but keep the permission name pool 5899b49840d309727678b77403d6cc9f920111623fMathias Agopian void purge(); 5999b49840d309727678b77403d6cc9f920111623fMathias Agopian 6099b49840d309727678b77403d6cc9f920111623fMathias Agopian status_t check(bool* granted, 6199b49840d309727678b77403d6cc9f920111623fMathias Agopian const String16& permission, uid_t uid) const; 6299b49840d309727678b77403d6cc9f920111623fMathias Agopian 6399b49840d309727678b77403d6cc9f920111623fMathias Agopian void cache(const String16& permission, uid_t uid, bool granted); 6499b49840d309727678b77403d6cc9f920111623fMathias Agopian 6599b49840d309727678b77403d6cc9f920111623fMathias Agopianpublic: 6699b49840d309727678b77403d6cc9f920111623fMathias Agopian PermissionCache(); 6799b49840d309727678b77403d6cc9f920111623fMathias Agopian 6899b49840d309727678b77403d6cc9f920111623fMathias Agopian static bool checkCallingPermission(const String16& permission); 6999b49840d309727678b77403d6cc9f920111623fMathias Agopian 7099b49840d309727678b77403d6cc9f920111623fMathias Agopian static bool checkCallingPermission(const String16& permission, 7199b49840d309727678b77403d6cc9f920111623fMathias Agopian int32_t* outPid, int32_t* outUid); 7299b49840d309727678b77403d6cc9f920111623fMathias Agopian 7399b49840d309727678b77403d6cc9f920111623fMathias Agopian static bool checkPermission(const String16& permission, 7499b49840d309727678b77403d6cc9f920111623fMathias Agopian pid_t pid, uid_t uid); 7599b49840d309727678b77403d6cc9f920111623fMathias Agopian}; 7699b49840d309727678b77403d6cc9f920111623fMathias Agopian 7799b49840d309727678b77403d6cc9f920111623fMathias Agopian// --------------------------------------------------------------------------- 7899b49840d309727678b77403d6cc9f920111623fMathias Agopian}; // namespace android 7999b49840d309727678b77403d6cc9f920111623fMathias Agopian 8099b49840d309727678b77403d6cc9f920111623fMathias Agopian#endif /* BINDER_PERMISSION_H */ 81