• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.server.util;
18 
19 import static android.os.Binder.getCallingPid;
20 import static android.os.Binder.getCallingUid;
21 
22 import android.os.Process;
23 import android.os.UserHandle;
24 
25 import java.util.concurrent.atomic.AtomicInteger;
26 
27 /**
28  * Utility class to check calling permissions on the network stack.
29  */
30 public final class PermissionUtil {
31     private static final AtomicInteger sSystemPid = new AtomicInteger(-1);
32 
33     /**
34      * Check that the caller is allowed to communicate with the network stack.
35      * @throws SecurityException The caller is not allowed to communicate with the network stack.
36      */
checkNetworkStackCallingPermission()37     public static void checkNetworkStackCallingPermission() {
38         final int caller = getCallingUid();
39         if (caller == Process.SYSTEM_UID) {
40             checkConsistentSystemPid();
41             return;
42         }
43 
44         if (UserHandle.getAppId(caller) != Process.BLUETOOTH_UID) {
45             throw new SecurityException("Invalid caller: " + caller);
46         }
47     }
48 
checkConsistentSystemPid()49     private static void checkConsistentSystemPid() {
50         // Apart from the system server process, no process with a system UID should try to
51         // communicate with the network stack. This is to ensure that the network stack does not
52         // need to maintain behavior for clients it was not designed to work with.
53         // Checking that all calls from a system UID originate from the same PID loosely enforces
54         // this restriction as if another system process calls the network stack first, the system
55         // server would lose access to the network stack and cause obvious failures. If the system
56         // server calls the network stack first, other clients would lose access as expected.
57         final int systemPid = getCallingPid();
58         if (sSystemPid.compareAndSet(-1, systemPid)) {
59             // sSystemPid was unset (-1): this was the first call
60             return;
61         }
62 
63         if (sSystemPid.get() != systemPid) {
64             throw new SecurityException("Invalid PID for the system server, expected "
65                     + sSystemPid.get() + " but was called from " + systemPid);
66         }
67     }
68 
69     /**
70      * Check that the caller is allowed to dump the network stack, e.g. dumpsys.
71      * @throws SecurityException The caller is not allowed to dump the network stack.
72      */
checkDumpPermission()73     public static void checkDumpPermission() {
74         final int caller = getCallingUid();
75         if (caller != Process.SYSTEM_UID && caller != Process.ROOT_UID
76                 && caller != Process.SHELL_UID) {
77             throw new SecurityException("No dump permissions for caller: " + caller);
78         }
79     }
80 
PermissionUtil()81     private PermissionUtil() {
82         throw new UnsupportedOperationException("This class is not to be instantiated");
83     }
84 }
85