199b49840d309727678b77403d6cc9f920111623fMathias Agopian/*
299b49840d309727678b77403d6cc9f920111623fMathias Agopian * Copyright (C) 2009 The Android Open Source Project
399b49840d309727678b77403d6cc9f920111623fMathias Agopian *
499b49840d309727678b77403d6cc9f920111623fMathias Agopian * Licensed under the Apache License, Version 2.0 (the "License");
599b49840d309727678b77403d6cc9f920111623fMathias Agopian * you may not use this file except in compliance with the License.
699b49840d309727678b77403d6cc9f920111623fMathias Agopian * You may obtain a copy of the License at
799b49840d309727678b77403d6cc9f920111623fMathias Agopian *
899b49840d309727678b77403d6cc9f920111623fMathias Agopian *      http://www.apache.org/licenses/LICENSE-2.0
999b49840d309727678b77403d6cc9f920111623fMathias Agopian *
1099b49840d309727678b77403d6cc9f920111623fMathias Agopian * Unless required by applicable law or agreed to in writing, software
1199b49840d309727678b77403d6cc9f920111623fMathias Agopian * distributed under the License is distributed on an "AS IS" BASIS,
1299b49840d309727678b77403d6cc9f920111623fMathias Agopian * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1399b49840d309727678b77403d6cc9f920111623fMathias Agopian * See the License for the specific language governing permissions and
1499b49840d309727678b77403d6cc9f920111623fMathias Agopian * limitations under the License.
1599b49840d309727678b77403d6cc9f920111623fMathias Agopian */
1699b49840d309727678b77403d6cc9f920111623fMathias Agopian
1799b49840d309727678b77403d6cc9f920111623fMathias Agopian#ifndef BINDER_PERMISSION_H
1899b49840d309727678b77403d6cc9f920111623fMathias Agopian#define BINDER_PERMISSION_H
1999b49840d309727678b77403d6cc9f920111623fMathias Agopian
2099b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <stdint.h>
2199b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <unistd.h>
2299b49840d309727678b77403d6cc9f920111623fMathias Agopian
2399b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <utils/String16.h>
2499b49840d309727678b77403d6cc9f920111623fMathias Agopian#include <utils/Singleton.h>
25db403e8ff0d7727015e1a5009bab20eb7ec205bcMathias Agopian#include <utils/SortedVector.h>
2699b49840d309727678b77403d6cc9f920111623fMathias Agopian
2799b49840d309727678b77403d6cc9f920111623fMathias Agopiannamespace android {
2899b49840d309727678b77403d6cc9f920111623fMathias Agopian// ---------------------------------------------------------------------------
2999b49840d309727678b77403d6cc9f920111623fMathias Agopian
3099b49840d309727678b77403d6cc9f920111623fMathias Agopian/*
3199b49840d309727678b77403d6cc9f920111623fMathias Agopian * PermissionCache caches permission checks for a given uid.
3299b49840d309727678b77403d6cc9f920111623fMathias Agopian *
3399b49840d309727678b77403d6cc9f920111623fMathias Agopian * Currently the cache is not updated when there is a permission change,
3499b49840d309727678b77403d6cc9f920111623fMathias Agopian * for instance when an application is uninstalled.
3599b49840d309727678b77403d6cc9f920111623fMathias Agopian *
3699b49840d309727678b77403d6cc9f920111623fMathias Agopian * IMPORTANT: for the reason stated above, only system permissions are safe
3799b49840d309727678b77403d6cc9f920111623fMathias Agopian * to cache. This restriction may be lifted at a later time.
3899b49840d309727678b77403d6cc9f920111623fMathias Agopian *
3999b49840d309727678b77403d6cc9f920111623fMathias Agopian */
4099b49840d309727678b77403d6cc9f920111623fMathias Agopian
4199b49840d309727678b77403d6cc9f920111623fMathias Agopianclass PermissionCache : Singleton<PermissionCache> {
4299b49840d309727678b77403d6cc9f920111623fMathias Agopian    struct Entry {
4399b49840d309727678b77403d6cc9f920111623fMathias Agopian        String16    name;
4499b49840d309727678b77403d6cc9f920111623fMathias Agopian        uid_t       uid;
4599b49840d309727678b77403d6cc9f920111623fMathias Agopian        bool        granted;
4699b49840d309727678b77403d6cc9f920111623fMathias Agopian        inline bool operator < (const Entry& e) const {
4799b49840d309727678b77403d6cc9f920111623fMathias Agopian            return (uid == e.uid) ? (name < e.name) : (uid < e.uid);
4899b49840d309727678b77403d6cc9f920111623fMathias Agopian        }
4999b49840d309727678b77403d6cc9f920111623fMathias Agopian    };
5099b49840d309727678b77403d6cc9f920111623fMathias Agopian    mutable Mutex mLock;
5199b49840d309727678b77403d6cc9f920111623fMathias Agopian    // we pool all the permission names we see, as many permissions checks
5299b49840d309727678b77403d6cc9f920111623fMathias Agopian    // will have identical names
5399b49840d309727678b77403d6cc9f920111623fMathias Agopian    SortedVector< String16 > mPermissionNamesPool;
5499b49840d309727678b77403d6cc9f920111623fMathias Agopian    // this is our cache per say. it stores pooled names.
5599b49840d309727678b77403d6cc9f920111623fMathias Agopian    SortedVector< Entry > mCache;
5699b49840d309727678b77403d6cc9f920111623fMathias Agopian
5799b49840d309727678b77403d6cc9f920111623fMathias Agopian    // free the whole cache, but keep the permission name pool
5899b49840d309727678b77403d6cc9f920111623fMathias Agopian    void purge();
5999b49840d309727678b77403d6cc9f920111623fMathias Agopian
6099b49840d309727678b77403d6cc9f920111623fMathias Agopian    status_t check(bool* granted,
6199b49840d309727678b77403d6cc9f920111623fMathias Agopian            const String16& permission, uid_t uid) const;
6299b49840d309727678b77403d6cc9f920111623fMathias Agopian
6399b49840d309727678b77403d6cc9f920111623fMathias Agopian    void cache(const String16& permission, uid_t uid, bool granted);
6499b49840d309727678b77403d6cc9f920111623fMathias Agopian
6599b49840d309727678b77403d6cc9f920111623fMathias Agopianpublic:
6699b49840d309727678b77403d6cc9f920111623fMathias Agopian    PermissionCache();
6799b49840d309727678b77403d6cc9f920111623fMathias Agopian
6899b49840d309727678b77403d6cc9f920111623fMathias Agopian    static bool checkCallingPermission(const String16& permission);
6999b49840d309727678b77403d6cc9f920111623fMathias Agopian
7099b49840d309727678b77403d6cc9f920111623fMathias Agopian    static bool checkCallingPermission(const String16& permission,
7199b49840d309727678b77403d6cc9f920111623fMathias Agopian                                int32_t* outPid, int32_t* outUid);
7299b49840d309727678b77403d6cc9f920111623fMathias Agopian
7399b49840d309727678b77403d6cc9f920111623fMathias Agopian    static bool checkPermission(const String16& permission,
7499b49840d309727678b77403d6cc9f920111623fMathias Agopian            pid_t pid, uid_t uid);
7599b49840d309727678b77403d6cc9f920111623fMathias Agopian};
7699b49840d309727678b77403d6cc9f920111623fMathias Agopian
7799b49840d309727678b77403d6cc9f920111623fMathias Agopian// ---------------------------------------------------------------------------
7899b49840d309727678b77403d6cc9f920111623fMathias Agopian}; // namespace android
7999b49840d309727678b77403d6cc9f920111623fMathias Agopian
8099b49840d309727678b77403d6cc9f920111623fMathias Agopian#endif /* BINDER_PERMISSION_H */
81