trusted_uids.cpp revision 4766e2a776386489667e792f9c7d8c71131b78c1
14766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include "private/dvr/trusted_uids.h" 24766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 34766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <mutex> 44766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <unordered_map> 54766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 64766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <binder/IPermissionController.h> 74766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <binder/IServiceManager.h> 84766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <private/android_filesystem_config.h> 94766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <utils/String16.h> 104766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil#include <vr/vr_manager/vr_manager.h> 114766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 124766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gilnamespace android { 134766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gilnamespace dvr { 144766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 154766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gilbool IsTrustedUid(uid_t uid, bool use_cache) { 164766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil static std::unordered_map<uid_t, bool> uid_cache; 174766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil static std::mutex uid_cache_mutex; 184766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 194766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // Whitelist requests from the system UID. 204766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // These are already whitelisted by the permission service, but it might not 214766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // be available if the ActivityManagerService is up during boot. 224766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // This ensures the correct result for system services while booting up. 234766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil if (uid == AID_SYSTEM) 244766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil return true; 254766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 264766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil std::lock_guard<std::mutex> lock(uid_cache_mutex); 274766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 284766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil if (use_cache) { 294766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil auto it = uid_cache.find(uid); 304766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil if (it != uid_cache.end()) 314766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil return it->second; 324766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil } 334766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 344766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil sp<IBinder> binder = defaultServiceManager()->getService(String16("permission")); 354766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil if (binder == 0) { 364766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil ALOGW("Could not access permission service"); 374766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil return false; 384766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil } 394766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 404766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // Note: we ignore the pid because it's only used to automatically reply 414766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // true if the caller is the Activity Manager Service. 424766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil bool trusted = interface_cast<IPermissionController>(binder)->checkPermission( 434766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil String16("android.permission.RESTRICTED_VR_ACCESS"), -1, uid); 444766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 454766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil // Cache the information for this uid to avoid future Java calls. 464766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil uid_cache[uid] = trusted; 474766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil return trusted; 484766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil} 494766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil 504766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil} // namespace dvr 514766e2a776386489667e792f9c7d8c71131b78c1Leandro Gracia Gil} // namespace android 52