PermissionCache.h revision 99b49840d309727678b77403d6cc9f920111623f
199b49840d309727678b77403d6cc9f920111623fMathias Agopian/* 299b49840d309727678b77403d6cc9f920111623fMathias Agopian * Copyright (C) 2009 The Android Open Source Project 399b49840d309727678b77403d6cc9f920111623fMathias Agopian * 499b49840d309727678b77403d6cc9f920111623fMathias Agopian * Licensed under the Apache License, Version 2.0 (the "License"); 599b49840d309727678b77403d6cc9f920111623fMathias Agopian * you may not use this file except in compliance with the License. 699b49840d309727678b77403d6cc9f920111623fMathias Agopian * You may obtain a copy of the License at 799b49840d309727678b77403d6cc9f920111623fMathias Agopian * 899b49840d309727678b77403d6cc9f920111623fMathias Agopian * http://www.apache.org/licenses/LICENSE-2.0 999b49840d309727678b77403d6cc9f920111623fMathias Agopian * 1099b49840d309727678b77403d6cc9f920111623fMathias Agopian * Unless required by applicable law or agreed to in writing, software 1199b49840d309727678b77403d6cc9f920111623fMathias Agopian * distributed under the License is distributed on an "AS IS" BASIS, 1299b49840d309727678b77403d6cc9f920111623fMathias Agopian * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1399b49840d309727678b77403d6cc9f920111623fMathias Agopian * See the License for the specific language governing permissions and 1499b49840d309727678b77403d6cc9f920111623fMathias Agopian * limitations under the License. 1599b49840d309727678b77403d6cc9f920111623fMathias Agopian */ 1699b49840d309727678b77403d6cc9f920111623fMathias Agopian 1799b49840d309727678b77403d6cc9f920111623fMathias Agopian#ifndef BINDER_PERMISSION_H 1899b49840d309727678b77403d6cc9f920111623fMathias Agopian#define BINDER_PERMISSION_H 1999b49840d309727678b77403d6cc9f920111623fMathias Agopian 2099b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <stdint.h> 2199b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <unistd.h> 2299b49840d309727678b77403d6cc9f920111623fMathias Agopian 2399b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <utils/String16.h> 2499b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <utils/Singleton.h> 2599b49840d309727678b77403d6cc9f920111623fMathias Agopian 2699b49840d309727678b77403d6cc9f920111623fMathias Agopiannamespace android { 2799b49840d309727678b77403d6cc9f920111623fMathias Agopian// --------------------------------------------------------------------------- 2899b49840d309727678b77403d6cc9f920111623fMathias Agopian 2999b49840d309727678b77403d6cc9f920111623fMathias Agopian/* 3099b49840d309727678b77403d6cc9f920111623fMathias Agopian * PermissionCache caches permission checks for a given uid. 3199b49840d309727678b77403d6cc9f920111623fMathias Agopian * 3299b49840d309727678b77403d6cc9f920111623fMathias Agopian * Currently the cache is not updated when there is a permission change, 3399b49840d309727678b77403d6cc9f920111623fMathias Agopian * for instance when an application is uninstalled. 3499b49840d309727678b77403d6cc9f920111623fMathias Agopian * 3599b49840d309727678b77403d6cc9f920111623fMathias Agopian * IMPORTANT: for the reason stated above, only system permissions are safe 3699b49840d309727678b77403d6cc9f920111623fMathias Agopian * to cache. This restriction may be lifted at a later time. 3799b49840d309727678b77403d6cc9f920111623fMathias Agopian * 3899b49840d309727678b77403d6cc9f920111623fMathias Agopian */ 3999b49840d309727678b77403d6cc9f920111623fMathias Agopian 4099b49840d309727678b77403d6cc9f920111623fMathias Agopianclass PermissionCache : Singleton<PermissionCache> { 4199b49840d309727678b77403d6cc9f920111623fMathias Agopian struct Entry { 4299b49840d309727678b77403d6cc9f920111623fMathias Agopian String16 name; 4399b49840d309727678b77403d6cc9f920111623fMathias Agopian uid_t uid; 4499b49840d309727678b77403d6cc9f920111623fMathias Agopian bool granted; 4599b49840d309727678b77403d6cc9f920111623fMathias Agopian inline bool operator < (const Entry& e) const { 4699b49840d309727678b77403d6cc9f920111623fMathias Agopian return (uid == e.uid) ? (name < e.name) : (uid < e.uid); 4799b49840d309727678b77403d6cc9f920111623fMathias Agopian } 4899b49840d309727678b77403d6cc9f920111623fMathias Agopian }; 4999b49840d309727678b77403d6cc9f920111623fMathias Agopian mutable Mutex mLock; 5099b49840d309727678b77403d6cc9f920111623fMathias Agopian // we pool all the permission names we see, as many permissions checks 5199b49840d309727678b77403d6cc9f920111623fMathias Agopian // will have identical names 5299b49840d309727678b77403d6cc9f920111623fMathias Agopian SortedVector< String16 > mPermissionNamesPool; 5399b49840d309727678b77403d6cc9f920111623fMathias Agopian // this is our cache per say. it stores pooled names. 5499b49840d309727678b77403d6cc9f920111623fMathias Agopian SortedVector< Entry > mCache; 5599b49840d309727678b77403d6cc9f920111623fMathias Agopian 5699b49840d309727678b77403d6cc9f920111623fMathias Agopian // free the whole cache, but keep the permission name pool 5799b49840d309727678b77403d6cc9f920111623fMathias Agopian void purge(); 5899b49840d309727678b77403d6cc9f920111623fMathias Agopian 5999b49840d309727678b77403d6cc9f920111623fMathias Agopian status_t check(bool* granted, 6099b49840d309727678b77403d6cc9f920111623fMathias Agopian const String16& permission, uid_t uid) const; 6199b49840d309727678b77403d6cc9f920111623fMathias Agopian 6299b49840d309727678b77403d6cc9f920111623fMathias Agopian void cache(const String16& permission, uid_t uid, bool granted); 6399b49840d309727678b77403d6cc9f920111623fMathias Agopian 6499b49840d309727678b77403d6cc9f920111623fMathias Agopianpublic: 6599b49840d309727678b77403d6cc9f920111623fMathias Agopian PermissionCache(); 6699b49840d309727678b77403d6cc9f920111623fMathias Agopian 6799b49840d309727678b77403d6cc9f920111623fMathias Agopian static bool checkCallingPermission(const String16& permission); 6899b49840d309727678b77403d6cc9f920111623fMathias Agopian 6999b49840d309727678b77403d6cc9f920111623fMathias Agopian static bool checkCallingPermission(const String16& permission, 7099b49840d309727678b77403d6cc9f920111623fMathias Agopian int32_t* outPid, int32_t* outUid); 7199b49840d309727678b77403d6cc9f920111623fMathias Agopian 7299b49840d309727678b77403d6cc9f920111623fMathias Agopian static bool checkPermission(const String16& permission, 7399b49840d309727678b77403d6cc9f920111623fMathias Agopian pid_t pid, uid_t uid); 7499b49840d309727678b77403d6cc9f920111623fMathias Agopian}; 7599b49840d309727678b77403d6cc9f920111623fMathias Agopian 7699b49840d309727678b77403d6cc9f920111623fMathias Agopian// --------------------------------------------------------------------------- 7799b49840d309727678b77403d6cc9f920111623fMathias Agopian}; // namespace android 7899b49840d309727678b77403d6cc9f920111623fMathias Agopian 7999b49840d309727678b77403d6cc9f920111623fMathias Agopian#endif /* BINDER_PERMISSION_H */ 80