1 #include "private/dvr/trusted_uids.h" 2 3 #include <mutex> 4 #include <unordered_map> 5 6 #include <binder/IPermissionController.h> 7 #include <binder/IServiceManager.h> 8 #include <private/android_filesystem_config.h> 9 #include <utils/String16.h> 10 #include <vr/vr_manager/vr_manager.h> 11 12 namespace android { 13 namespace dvr { 14 IsTrustedUid(uid_t uid,bool use_cache)15bool IsTrustedUid(uid_t uid, bool use_cache) { 16 static std::unordered_map<uid_t, bool> uid_cache; 17 static std::mutex uid_cache_mutex; 18 19 // Whitelist requests from the system UID. 20 // These are already whitelisted by the permission service, but it might not 21 // be available if the ActivityManagerService is up during boot. 22 // This ensures the correct result for system services while booting up. 23 if (uid == AID_SYSTEM) 24 return true; 25 26 std::lock_guard<std::mutex> lock(uid_cache_mutex); 27 28 if (use_cache) { 29 auto it = uid_cache.find(uid); 30 if (it != uid_cache.end()) 31 return it->second; 32 } 33 34 sp<IBinder> binder = defaultServiceManager()->getService(String16("permission")); 35 if (binder == 0) { 36 ALOGW("Could not access permission service"); 37 return false; 38 } 39 40 // Note: we ignore the pid because it's only used to automatically reply 41 // true if the caller is the Activity Manager Service. 42 bool trusted = interface_cast<IPermissionController>(binder)->checkPermission( 43 String16("android.permission.RESTRICTED_VR_ACCESS"), -1, uid); 44 45 // Cache the information for this uid to avoid future Java calls. 46 uid_cache[uid] = trusted; 47 return trusted; 48 } 49 50 } // namespace dvr 51 } // namespace android 52